North Korean information technology workers have been attempting to obtain employment in public and private sectors in the United States to fund their home country's weapons of mass destruction and ballistic missiles programs, according to an advisory from U.S. federal agencies.
Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.
In this episode of "Cybersecurity Unplugged," Tim Danks of Global Risk Perspectives discusses issues around trusting our global supply chain, including the role of Huawei, the steps needed to secure critical infrastructure, and the process for determining a comfortable level of risk management.
In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.
As attack surfaces have grown, so has risk - and adversaries are finding new ways to infiltrate organizations. Wade Ellery of Radiant Logic discusses the convergence of risk, identity management and zero trust security, spelling out new strategies to defend attack surfaces and minimize risk.
John Kindervag, creator of Zero Trust, and two ISMG editors discuss whether we have advanced or regressed in security technology, implementing Zero Trust security in OT environments, and how federal agencies are progressing with Zero Trust adoption a year after the cybersecurity executive order.
Tailscale has closed a $100 million funding round to enhance its zero trust VPN offering by factoring in the security posture of a particular device. The startup plans to use the Series B proceeds to create access policies that are variable based on the security posture of a device itself.
Since the shift to work from home, there's been a paradigm shift in the IT and security industry. The concept of experiencing a breach is no longer an ""if"" but a ""when."" Forward-thinking organizations have formulated – and regularly update – their incident response plans and playbooks to ensure smooth and...
Many organizations have started adopting zero trust strategies to protect their distributed networks from growing cyber threats. Read this guide that explores the origin of the methodology, why the movement to this approach is steadily gaining steam today, and what's needed to secure successful adoption of zero...
Enterprises must recognize that even the tiniest crack in their network's armor can be exploited. In fact, the idea of a perimeter, or the castle-and-moat approach to security, is long past its “use by” date. Organizations should not automatically trust anything inside or outside their perimeters. The endpoint is...
As one embarks on a zero trust journey, it's best to start with a network approach, according to Amit Basu, who is vice president, chief information officer and chief information security officer at International Seaways, a New York-based tanker company.
In this edition, four ISMG editors discuss important cybersecurity issues, including how virtual currency Monero is becoming the main alternative to Bitcoin as the crypto choice for criminals, the challenges involved in an identity-centric Zero Trust approach and how to influence change in culture.
How does one decide the right approach to zero trust, and what are some important considerations to keep in mind? A panel of experts - Brett Winterford, Chirag Joshi and Jay Hira - share their in-depth views and discuss issues including how to take an identity-centric zero trust approach.