Rob Joyce of the National Security Agency discusses China, hacking and deterrence on a Nov. 8 panel at the Aspen Cyber Summit.

Chinese Cyber Threat: NSA Confirms Attacks Have Escalated

Mathew J. Schwartz • November 12, 2018

With cyber espionage attacks from China escalating over the past year, the NSA's Rob Joyce says the U.S. government is responding in multiple ways via a process of "defending forward" and "continuous engagement" that includes dumping foreign APT hackers' malware toolkits online for all to see.

Anti-Malware

Ransomware Keeps Ringing in Profits for Cybercrime Rings

Latest

Breach Response

Update: HealthCare.gov Breach Exposed Extensive Data

Howard Anderson • November 12, 2018

More than two weeks after announcing that the Obamacare website, HealthCare.gov, had been hacked, the Department of Health and Human Services has revealed that the breach exposed a wealth of information, including partial Social Security numbers and immigration status.

Governance

CISO Job Mandate: Be a 'Jack or Jill' of All Trades

Mathew J. Schwartz • November 12, 2018

The days of effective CISOs being pure-play technologists are long gone. Instead, CISO Paul Swarbrick says the role demands someone who is expert "in people, and management and risk," and who is skilled at bringing to bear the right experts for every strategic challenge they identify.

3rd Party Risk Management

Tips for Getting the Most From an MSSP

Marianne Kolbasuk McGee • November 12, 2018

How can organizations get the most out of partnering with managed security services providers and avoid common pitfalls? Cybersecurity consultant Vito Sardanopoli, an experienced CISO, offers top tips.

Breach Response

Bankers Life Hack Affects More Than 566,000

Marianne Kolbasuk McGee • November 9, 2018

Bankers Life is notifying more than 566,000 individuals, including Medicare supplemental insurance policyholders, that their personal information was exposed in a hacking incident. Employee credentials were compromised, enabling unauthorized access to certain company websites containing personal data.

Endpoint Security

Priority: Frictionless Transactions Over Fraud Prevention

Mathew J. Schwartz • November 9, 2018

As the pace of technology innovation continues to quicken - including the ability to make payments via everything from Alexa to Facebook Messenger - risk-based security is imperative to maintain a frictionless customer experience, says Tim Ayling of Kaspersky Lab.

Cybercrime

Dutch Police Bust 'Cryptophone' Operation

Mathew J. Schwartz • November 8, 2018

Once again, a supposedly secure service allegedly marketed to criminals has proven to have limits. Dutch police have busted a "cryptophone" operation, allowing them to decrypt more than 258,000 encrypted chat messages, leading to a drug lab bust, 14 arrests and the seizure of cash, drugs and weapons.

Cybersecurity

FDA Reacts to Critique of Medical Device Security Strategy

Marianne Kolbasuk McGee • November 7, 2018

The FDA's procedures for handling cybersecurity concerns in medical devices once they are on the market are deficient, according to a new federal watchdog agency report. But since that audit was conducted, the FDA has been aggressively ramping up its activities around device cybersecurity.

ATM Fraud

Pakistan: Banks Weren't Hacked, But Card Details Leaked

Jeremy Kirk • November 7, 2018

Pakistan says the nation's banks have not been hacked, but adds that they are taking defensive steps after nearly 20,000 payment card details appeared for sale online. The State Bank of Pakistan says banks are implementing restrictions on international transactions.

Business Continuity Management / Disaster Recovery

How to Future-Proof the Critical National Infrastructure

Mathew J. Schwartz • November 7, 2018

The challenge when designing technology for critical national infrastructure sectors is that it must be securable today and remain resilient to cyberattacks for decades to come, says cybersecurity Professor Prashant Pillai.

Cybersecurity

Smart Cities Challenge: Real-Time Risk Management

Mathew J. Schwartz • November 7, 2018

Many of the devices that go into so-called smart cities and buildings are not built to be secure, making it difficult for security operations centers to manage risk, warns Sarb Sembhi, CTO and CISO of Virtually Informed, who describes what needs to change.

Application Security

Symantec Buys Javelin Networks and Appthority

Mathew J. Schwartz • November 6, 2018

Symantec has announced not one but two acquisitions of private cybersecurity firms: Javelin Networks and Appthority. Meanwhile, a private equity firm announced that it will acquire application security testing firm Veracode from Broadcom for $950 million in cash.

Breach Response

Georgia Patches Voter Website, But Hacking Accusation Stands

Jeremy Kirk • November 6, 2018

Georgia quietly fixed two flaws in its voter registration website that could have exposed personal information. How the secretary of state's office discovered the flaws and reacted suggests it may have erred when making a sensational accusation against the Democrats on the eve of the U.S. midterm elections.