Latest

Data Breach

Ransomware Attack Affects 500,000 Patients

Marianne Kolbasuk McGee  •  June 26, 2017

A ransomware attack on a provider of oxygen therapy has resulted in the second largest health data breach posted on the HHS tally so far this year. It's the largest ransomware-related incident listed on the "wall of shame."

►

CISO

Insights on Strategic Cybersecurity Investments

Tom Field  •  June 26, 2017

What factors are security leaders weighing today when making decisions about investments to protect their organizations tomorrow? Neustar's Joseph Loveless comments on results of ISMG's new Strategic Cybersecurity Investments Study.

►

CISO

Qualys Customer Is Now the CISO

Tom Field  •  June 26, 2017

A former Qualys customer for more than a decade, Mark Butler is now the company's CISO. And one of his jobs is to help spread the word to other security leaders about the vendor's vulnerability management solutions.

Cybersecurity

Parliament Pwnage: Talk Weak Passwords, Not 'Cyberattack'

Mathew J. Schwartz  •  June 26, 2017

Opportunistic attackers may have breached some Parliament email accounts by brute-force guessing their way into accounts with weak passwords. But such a breach is hardly the "cyberattack" some are making it out to be.

►

Ransomware

WannaCry and the Business of Crimeware

Tom Field  •  June 25, 2017

The business of crimeware is evolving - and so are the exploits that take advantage of unprotected systems. How do security leaders focus on managing their most critical vulnerabilities? Gidi Cohen, CEO of Skybox Security, shares insights.

►

Awareness & Training

CISO Thom Langford on Risk and Awareness

Tom Field  •  June 23, 2017

Publicis Groupe CISO Thom Langford discusses how best to measure your organization's true risk appetite and the business value of blending storytelling techniques into your security awareness programs.

►

DDoS

The Weaponization of DDoS

Tom Field  •  June 23, 2017

The Mirai botnet is just the most high-profile example of the new weaponization of DDoS. Attacks are stronger than ever, and multilayer defenses are needed to prevent disruption and distraction, says Darren Anstee of Arbor Networks.

Anti-Malware

The Return of the Luddite: Securing Critical Systems

Eric Chabrow  •  June 23, 2017

The latest edition of the ISMG Security Report leads off with a look at why organizations turn to paper when critical systems can't be secured. Also, how to hack air-gapped systems over the internet.

Fraud

How PayPal Protects Billions of Transactions

Varun Haran  •  June 23, 2017

In an in-depth interview, Guru Bhat, head of engineering at PayPal, describes how the online payments provider has used a mix of sophisticated automation, including machine learning, and human insight to maintain a fraud loss rate of just 0.32 percent.

Data Breach

Appellate Court to Rule on FTC's Case vs. LabMD

Marianne Kolbasuk McGee  •  June 22, 2017

The long-running data security dispute between cancer testing laboratory LabMD and the Federal Trade Commission is now in the hands of a panel of appellate court judges, who heard oral arguments this week. Experts weigh in on the significance of the case.

Anti-Malware

Microsoft Defends AV Handling After Kaspersky Antitrust Lawsuits

Jeremy Kirk  •  June 22, 2017

Microsoft has sought to get in front of a brewing controversy over whether it unfairly disables third-party anti-virus products in Windows 10. The company is seeking to dampen charges that are reminiscent of its years-long legal tangles with global antitrust regulators.

Cybersecurity

Intelligence Panel Learns How to Hack Air-Gapped Voting Systems

Eric Chabrow  •  June 21, 2017

Hackers can breach air-gapped voting machines and tallying systems in an attempt to alter ballots to sway the outcome of an election, a Senate panel has learned. Also, at the hearing, DHS discloses that Russian hackers targeted 21 state election systems before the 2016 election.