Federal agencies could have prevented follow-on attacks after the SolarWinds supply chain attack by using recommended firewall configurations, but this step isn't always feasible, the Cybersecurity and Infrastructure Security Agency says.
CISA is moving its Einstein intrusion detection system deeper into federal networks in an effort to better detect supply chain attacks after its failure to detect the espionage campaign that targeted SolarWinds and its customers, including federal agencies.
Cybercriminals and nation-states are attempting to recruit insiders at companies around the world to help steal credentials and intellectual property, says Joseph Blankenship, vice president and research director at Forrester, who offers risk mitigation insights.
When medical device makers provide a software bill of materials for components contained in their products, it's critical to make that voluminous security information actionable for healthcare customers, says Rob Suárez, CISO at medical device maker Becton Dickinson and Co.
Healthcare devices pose a huge risk to organizations and their patients, as they often ship with vulnerabilities, run unsupported operating systems, are difficult to patch and lack encryption in communication. Experts at Palo Alto Networks offer risk mitigation advice.
It's been two years since Gartner first gave a name to Secure Access Service Edge. But it's quickly emerging as a popular architecture for digitally transformed enterprises. Elton Fontaine of Palo Alto Networks discusses SASE use cases for state and municipal government, as well as higher education.
The U.S. Senate has unanimously approved Chris Inglis as national cyber director. He assumes the role as the country is still reeling from a series of ransomware attacks and the SolarWinds supply chain attack. Meanwhile, confirmation of a new CISA director is on hold.
A bipartisan group of senators is circulating a draft of a federal breach notification bill that would require federal agencies, federal contractors and businesses that have oversight over critical infrastructure to report significant cyberthreats to CISA within 24 hours of discovery.
In the latest weekly update, a panel of Information Security Media Group editors discusses key topics, including NATO's new cyber defense policy, the outlook for congressional regulatory action to address the ransomware threat, and cybersecurity comments by U.S. Rep. Jim Langevin.
When seeking cyber insurance or other types of insurance policies that provide organizations with coverage for certain data security incidents, it's critical to carefully consider the "war exclusions" contained in those policies, says insurance attorney Peter Halprin.
Applications, the network, security - they all have been affected by the seismic changes of the past year, and they drive the need for adopting the "zero trust" model. Zscaler CEO Jay Chaudhry and Nexteer Automotive CISO Arun DeSouza discuss the necessary mindset shift.
In this eBook as part of ISMG’s RSA...
After U.S. President Joe Biden and Russian President Vladimir Putin discussed cybersecurity issues at their Wednesday summit meeting in Geneva, security experts and analysts began sizing up what the next steps might be following what some are calling a "transformational moment."
In a key move toward ensuring telecom companies only use technologies from trustworthy sources, the government of India has launched a Trusted Telecom Portal designed to evaluate and approve technologies and suppliers.
Bitcoin has enabled fast payments to cybercriminals pushing ransomware. How to deal with bitcoin is the subject of a spirited debate, with some arguing to restrict it. But bitcoin doesn't always favor cybercriminals, and it may actually be more of an ally than a foe by revealing webs of criminality.