Securing access pathways is just as critical as securing user credentials, says Sam Elliott, director of security product management at Bomgar, who points out that too many organizations overlook some fundamental steps.
Because cyberattacks continue to bypass next-generation security technologies, it's important not to underestimate the role humans play in attack detection and threat mitigation, says Rohyt Belani of PhishMe.
The healthcare sector's cybersecurity efforts needs to shift from a focus on protecting patient information confidentiality to protecting patient safety, says Joshua Corman, co-founder I Am The Cavalry, a grassroots, not-for-profit cyber safety organization.
Beleaguered ride-sharing service Uber has informed Britain's privacy regulator that 2.7 million U.K. riders and drivers had personal details exposed by the massive 2016 data breach that it covered up for a year.
Apple's latest desktop operating system, High Sierra, has a massive vulnerability that allows anyone to create, without a password, a "root" account that has access to all files on the computer. It's the third authentication-related fumble found in High Sierra since its general release in September.
Canadian citizen Karim Baratov has pleaded guilty to targeting more than 11,000 webmail accountholders to steal their passwords, including targeting 80 Gmail accounts at the request of an alleged Russian intelligence agent tied to a 2014 hack attack against Yahoo that exposed 500 million accounts.
From GDPR to the NIST Cybersecurity Framework, vendor risk management is a key component of every new piece of cybersecurity guidance. Yet, security leaders still struggle to inventory and assess their strategic partners. Sam Kassoumeh of SecurityScorecard explores the challenges.
Looking for a way to benchmark your cybersecurity organization against those of your peers? Intel Health and Life Sciences and its partners offer a Healthcare Security Readiness program that provides a benchmarking opportunity, David Houlding explains.
As a security researcher at Cisco, Brad Antoniewicz has the opportunity to watch cybersecurity threats emerge and evolve. Among the latest: a shift in phishing campaigns to target cryptocurrencies. Antoniewicz explains the shift and how organizations can respond.
The U.S. government has charged three employees of Chinese cybersecurity firm Boysec with stealing valuable intellectual property from Siemens, Moody's Analytics and Trimble. Security researchers say Boysec has been operating since 2007 and is also known as APT 3 and Gothic Panda.
When Arbor Network's Paul Bowen looks at the IoT threat to healthcare, he's concerned about how medical devices are conceived, created and connected. And he says device manufacturers are dangerously behind the maturity curve when compared to threats actors.
It's more than a honeypot, and it's different from "hack back." The topic is deception technology, and Carolyn Crandall of solutions vendor Attivo discusses myths and realities of this emerging cybersecurity toolset.
Reports that a plea deal is about to be reached for Karim Baratov - extradited from Canada to the United States on charges that he assisted Russian intelligence agents with the massive hack of Yahoo in 2014 - are premature, his attorney tells Information Security Media Group.
Every new cybersecurity regulation includes at least some emphasis on improving vendor risk management. But what happens when vendors balk at the extra degree of scrutiny required? Moffitt Cancer Center's Dave Summitt describes his risk-based approach to business associates.