Many organizations are uncertain about the overall effectiveness of their security strategy because they are still in the dark about aspects of their risk posture, says Brian Soldato of NSS Labs. Conducting a few pen tests a year is not enough, he stresses.
The massive Equifax data breach has already led to the filing of more than 30 lawsuits against the data broker - one demanding up to $70 billion in damages. At least five state attorneys general have launched formal investigations, while several Congressional committees have promised hearings.
In the wake Equifax saying hackers may have stolen 143 million consumers' personal details, the company is already facing sharp questions over the robustness of its security defenses as well as reports that three executives sold stock after the breach was discovered, but before the news became public.
Credit reporting agency Equifax said Thursday a web application flaw exposed 143 million U.S. consumers' records to hackers, a startling breach from a company that ironically offers services to protect consumers from identity theft.
Although there are many options for threat information sharing, there are not enough initiatives that are properly codified and defined so that enterprises can easily share relevant information with a business context in a structured and timely manner, says Avinash Prasad of Tata Communications.
Oracle's Joshua Brooks understands why those charged with information security compliance can, at times, be overwhelmed when they must deal with frameworks associated with PCI, HIPAA, FedRAMP, ISO 270001 and NIST 800-53, to name a few.
Hackers that U.S. officials believe are linked to Russia have upped their activity against energy providers in the U.S., Turkey and Switzerland. The group has likely developed the expertise to shut down systems, security company Symantec warned Wednesday.
Two Russian hackers, members of a group called "Shaltay-Boltai" - Humpty Dumpty in Russian - that stole and sold high-level Russian officials' emails, have been sentenced to serve three years in prison. The case against them may tie to a high-profile Russian treason investigation.
Facebook says hundreds of bogus profiles and group pages likely linked to Russia bought $100,000 worth of politically themed and divisive ads aimed at U.S. voters. The finding affirms the belief of U.S. intelligence agencies that Russia waged a multipronged effort to disrupt the U.S. election.
We all see the heightened global tensions with Russia, North Korea and China. But what's happening below the surface, where cyberattacks originate? Tom Kellermann of Strategic Cyber Ventures shares insight on the shifting threat landscape - and how the U.S. must re-think its response.
Lenovo will pay $3.5 million to the U.S. Federal Trade Commission and 32 states to settle a case brought against it over advertising software with serious security issues that was preinstalled on thousands of the company's laptops.
The head of the U.S. Securities and Exchange Commission says publicly traded businesses must better describe their cybersecurity risks to investors. Wall Street's top regulator also warned of a surge in initial coin offering scams - the same week that China banned ICOs altogether.