In the latest weekly update, four ISMG editors discuss the state of cyber insurance today and why its future is uncertain; applying a security-by-design reliability model to analyze vulnerabilities; and how Russia takes down members of the REvil ransomware group as cyber aggressions in Ukraine rise.
Although flaws in Apache Log4j software that need remediating remain widespread in organizations, "some of them are aware of the issue, some of them aren't aware of the issue, and likely this issue is going to be persisting with us for many, many years," says Jeff Macko, an offensive security expert at Kroll.
When Marcel Lehner was hired to be the CISO of MM Group in Vienna, his mandate was clear: to better embed information security management and governance throughout the manufacturer's organization. To do that, he ran a "hearts and minds" campaign to communicate his vision and strategy and boost uptake.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
While approximately ⅔ of infosec professionals believe that staffing shortages are putting their organizations at risk, the depth of the cybersecurity skills gap is both wider and deeper than is often fully appreciated. From the myriad of complicated technologies we expect our security experts to implement and...
The increasingly connected home is a vulnerable part of the extended enterprise, especially as the line blurs between personal life and work, says Forrester principal analyst Heidi Shey. She encourages organizations to adopt a two-pronged approach to protecting the "work from home" workforce.
In the latest update, four ISMG editors discuss key cybersecurity issues, including myth busting from the founder of Zero Trust, the reason behind the surge in high-profile cryptocurrency scams in India and how ransomware attackers routinely lie about their inclinations, motivations and tactics.
The Apache Log4j vulnerability capped the end of a long year for CISOs and incident responders, and it left them with a mitigation project that carries them well into the New Year. CISOs John Bassett and Martin Dinel discuss how their teams have tackled Log4j - and significant lessons learned.
Where are security practitioners in their zero trust journeys, and what approach to zero trust have they taken? Three experts - Netskope's David Fairman, Exceture's Mario Demarillas, and Petronas' Soumo Mukherjee - share their thoughts in a panel discussion.
The U.S. government has taken notable moves to enforce cybersecurity regulation and propose legislation, says Andy Watkin-Child, founding partner of the Augusta Group. To help prepare for these shifts, he advises organizations to improve their "understanding in global regulation in cyber."
The cultural divide between application security and developer teams is well known. But threat modeling offers a new strategy to bring these teams together and achieve business benefits. Panelists from ServiceNow and IriusRisk discuss the road map.
To crack down on the criminal use of cryptocurrency, including for ransomware, authorities are increasingly targeting "cryptocurrency businesses that do not have the compliance controls in place necessary to mitigate the risks of illicit activity," says Ari Redbord of TRM Labs.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how the ransomware-as-a-service model shifted in 2021, the rise of fraud in faster payments and how to prevent it, and one CISO's take on the state of the industry.
In the U.S., three states now have disparate data privacy laws - and more are coming. Meanwhile, China has enacted a new law that has global enterprises scrambling. How will these and other actions shape privacy discussions in 2022? Noted attorney Lisa Sotto shares insights.
On the cusp of 2022, John Kindervag - the father of the Zero Trust security model - reflects on how the Zero Trust dialogue has evolved in 2021 and makes his New Year's predictions. Will the president's executive order be an accelerator or an anchor? Which myths are ripe to be busted?