What two points do GDPR and other new regulations have in common? They put pressure on organizations to demonstrate strong security postures and mitigate third-party risk. Danny Rogers of Terbium Labs discusses how security leaders can respond.
Because network intrusions are inevitable, organizations need to improve detection to more quickly respond to attacks, says Carolyn Crandall of Attivo Networks. And deception technology can play a critical role, she says.
In this edition of the ISMG Security Report: Privacy watchdogs in the EU begin enforcing GDPR in less than 30 days; are organizations ready? Also, a look at the top 10, real-world online threats facing business and financial software firm Intuit.
Can technology solve the problem of giving law enforcement access to all encrypted communications without additional risks to the public? Software legend Ray Ozzie says he has an idea. But it's unlikely to quell the debate over hard-to-break encryption.
Two recent security incidents involving ransomware attacks on vendors serve as the latest reminders of the risks business associates pose to healthcare organizations. What steps should entities take to mitigate those risks?
Police have taken down Webstresser, a leading stresser/booter service tied to 4 million on-demand DDoS attacks, which could be used for as little as $15 per month. Six of the site's administrators have been arrested, as have some of the site's top users, authorities say.
The likelihood of encountering a sophisticated cyberattack is much higher than ever before - especially with the leak of government-grade hack tools in the public domain, says Dan Larson of CrowdStrike, who discusses the latest threat research.
Too many organizations believe in the fallacy that firewalls are keeping the bad guys out, when in reality, bad actors likely are already within their environments, says Bill Mann at Centrify, who calls for a "zero trust" approach.