Medical providers are facing growing data security and privacy threats from their trusted partners - a wide array of business associates from medical records software firms to debt collection agencies. Learn why breaches are up 102% and what providers can do to defend against them.
Cyber risk quantification (CRQ) is the measure of an organization’s cyber risk expressed in monetary terms, like dollars. CRQ has many benefits, but few security professionals understand how to implement it.
Join Paul Kelly, former head of risk at HSBC, and Chris Griffith, chief product officer at Balbix, as they...
The shortage of cybersecurity professionals in the United States includes a scarcity of expertise in medical device security, says Bill Aerts, senior fellow and managing director of the University of Minnesota's recently launched Center for Medical Device Cybersecurity.
It has never been more vital to secure your supply chain, with governments also recognizing the urgency by increasingly calling for Software Bills of Materials (SBOMs) and the implementation of effective third-party security risk management (TPRSM) to stem the surge in ransomware and other cyberattacks.
Struggling to defend your organization against cyber attacks? Wondering how to prioritize limited resources?
A study by the Marsh McLennan Cyber Risk Analytics Center found that poor performance in many BitSight analytics is statistically significant and correlated with the likelihood of experiencing a...
ISACA's State of Digital Trust 2022 survey shows significant gaps between what enterprises are doing and what they should do to earn customer trust in digital ecosystems. While 98% of those surveyed say digital trust is important, only 12% have dedicated staff roles to digital trust.
Let’s be honest, no matter how much you’ve moved to the cloud, digitally transformed, or Agile-d your processes, you still rely on some systems that are so dated or homegrown that modernizing them is a non-starter.
Even with modern PAM, ZTNA, and IdP apps, multi-factor authentication, single sign-on, and other...
Accounting and planning do not go away, nor does coordination. However, the role of a central operational data store such as the CMDB is a big question. Inventories and dependencies are difficult to track across increasingly dynamic infrastructures. Creating a CMDB record for a Docker container that lasted all 15...
Third parties are frequently found to be the weakest link that can leave a healthcare organization at risk to data breaches, often resulting in major damage to reputation and costly regulatory fines.
Implementing a strong cybersecurity program is important, but equally so, is ensuring that contracted vendors are...
In this episode of "Cybersecurity Unplugged," Amit Shah, director of product marketing at Dynatrace, discusses the implications of the Log4Shell software vulnerability and the need for organizations to take an observability-led approach to software development and security going forward.
Australia's largest telecom provider acknowledged Tuesday a data breach, but said the data came from a now-defunct employee rewards program from 2017. A company executive accused the hacker behind the breach of seeking to profit from a tense climate created by a much larger breach at rival Optus.
In the latest weekly update, ISMG editors discuss how organizations can comply with the new PCI DSS 4.0 requirements, whether other countries should follow the U.S. lead on legislating software bills of materials, and key strategies for CISOs preparing for an economic downturn.
Over his 23-year career in cybersecurity, Tom Kellermann has focused on policy, endpoints and even strategic investments. Now, in his new role as senior vice president of cyber strategy at Contrast Security, his mission is to protect code security - particularly in the public and financial sectors.
The latest edition of the ISMG Security Report discusses what went wrong for Optus in the wake of one of Australia's biggest data breach incidents, the state of code security today and the growing trend of private equity firms pursuing take-private deals.
Recent hacking incidents involving an emergency medical transport company and a firm that provides billing services to ambulance companies underscore how protected health information is subject to risk and oversight alike before a patient even steps into a hospital.