Effective security and risk programs require not just domain mastery but making security accessible to boards of directors and senior officers, says Karin Höne, the group chief information security and risk officer of South Africa-based multinational Barloworld.
Ronald Raether of Troutman Pepper says privacy, data security and information governance departments must collaborate to reduce unauthorized access to systems by criminals and make data operationalization more effective. He also says proper data mapping, governance and classification are critical.
Canada's Desjardins Group has reached an out-of-court settlement to resolve a data breach class action lawsuit. The breach, which the credit union group first disclosed in 2019, traced to a "malicious" insider who for 26 months had been selling personal details for 4.2 million active customers.
The U.S. Department of Justice, together with law enforcement partners in Germany, the Netherlands and the United Kingdom, has dismantled the infrastructure of a massive Russian botnet known as RSOCKS, which hacked millions of computers and other electronic devices around the world.
A bipartisan U.S. proposal for a national privacy law also imposes new cybersecurity regulatory mandates onto the private sector. The inclusion of a data security section in draft privacy legislation shows the Washington consensus for voluntary industry measures is wearing thin.
The U.S. Department of Defense is seeking attorneys who are cybersecurity subject matter experts and can embed inside each agency and work closely with each other, says Lt. Col. Kurt Sanger, an attorney and deputy staff judge advocate of U.S. Cyber Command.
The Nigerian Police Special Fraud Unit says it busted a criminal syndicate, preventing cyberattacks against at least 10 banks in the country. The alleged mastermind was caught by the police, along with two alleged gang members, and another alleged member absconded, the police say.
SSNDOB, a darknet marketplace selling stolen Social Security numbers and birthdates, has been shut down, says the U.S. Department of Justice. The takedown was the result of a multiagency effort involving the IRS-CI, the FBI, the DOJ, and law enforcement agencies of Cyprus and Latvia.
In the wake of digital transformation and President Biden's 2021 cybersecurity executive order, an entire industry has sprung up around the concept of Zero Trust. John Kindervag, the researcher who created the architecture, weighs in on how the discussion has evolved.
The U.S. is on "borrowed time" for a major cyberattack that could potentially seriously disrupt critical infrastructure, but the nation can secure its systems and resources to avoid such cybersecurity disasters, says Rep. Eric Swalwell, D-California.
The U.S. Department of Justice and FBI announced the seizure of three domains after an investigation that found these domains selling stolen personal information and providing access to conduct distributed denial-of-service attacks. The domain includes weleakinfo.to, ipstress.in and ovh-booter.com.
Memo to IT administrators: Don't store data in cloud in an unsecure manner. Security researchers at Secureworks have found more than 1,200 cloud-based, unsecured Elasticsearch databases that attackers wiped, leaving only a ransom note demanding Bitcoin in return for their restoration.
A former IT consultant has been charged with allegedly hacking into a computer server of a healthcare company client that had months earlier denied him employment with the organization. Experts say the case spotlights insider threats that must not be underestimated.
A $150 million penalty has been slapped on Twitter for deceptively using account security data of millions of users for targeted advertising, the U.S. Justice Department and the Federal Trade Commission say. Twitter says it has paid the fine and ensured that personal user data is secure and private.
In the latest update, four ISMG editors discuss the alarming, bizarre case of a cardiologist in Venezuela charged with developing malware and recruiting affiliates, recent ransomware and data leak incidents in healthcare and how the economy is causing mature cybersecurity startups to slow hiring.