For too many organisations, software vulnerability management is just about "patch Tuesday." Vulnerability management has evolved significantly in the past few years. Organisations need to adopt a new strategy focusing on visibility, prioritised response, and mitigation.
When you look back at the wave of...
Many companies outsource payroll, legal, and other various departments within their organization that aren't core and a lot of them quite frankly fail, which is why we see all the breaches we see in the news.The biggest cybersecurity budget in the business cannot save you from suffering one of the biggest breaches.
Everyone knows that two-factor authentication (2FA) is more secure than a simple login name and password, but too many people think that 2FA is a perfect, unhackable solution. It isn't!
Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and security expert with over 30-years experience, for this...
What can organizations do to thwart business email compromise attacks? In an interview, David Stubley, CEO of the consultancy 7 Elements, outlines several key steps. He'll be a featured speaker at Information Security Media Group's Security Summit: London, to be held Sept. 23.
Although HIPAA gives patients the right to access their health records in their preferred format - on paper or electronically - a new study finds discrepancies in the information hospitals provide to patients regarding the release of their records, pointing to the need for better training.
Google blames a bug in an API for its Google+ social networking service for exposing personal details of about 500,000 users' accounts, but says it doesn't believe the information was misused. The company was forced to acknowledge the March incident after it was reported by The Wall Street Journal.
Although the passage by Congress of the Support for Patients and Communities Act this week is an important step in the nation's battle against the opioid drug addiction crisis, it lacks a critical privacy provision, says Geisinger Health CIO John Kravitz, who analyzes the implications.
The healthcare sector needs to continue upping its ante in cybersecurity to prevent potentially catastrophic "doomsday" events that could devastate regional healthcare systems, says Erik Decker, CISO of the University of Chicago Medicine. He's helping draft a guide to mitigating five key cyber threats.
Unused or unmonitored SSH keys grant alarming levels of privileged access beyond users, proliferating into your machine-to-machine communications and services. Learn how securing your SSH inventory beyond your PAM solution helps compliance with NIST, FISMA, and CDM along with five steps you can take today to...
Many enterprises still rely on Microsoft Windows Server 2008 to run business critical applications. But Windows Server 2008 will reach End of Support on January 14, 2020, which means no more security and maintenance patches. Every enterprise has to face down this issue of legacy systems sooner or later. With Windows...
Healthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC Information Systems, who formerly was CISO at Vanderbilt University and Medical Center.
Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers.
Step away from the social media single sign-on services, cybersecurity experts say, citing numerous privacy and security risks. Instead, they recommend that everyone use password managers to create unique and complex passwords for every site, service or app they use.
Security ratings are increasingly popular as a means of selecting and monitoring vendors. However, ratings can also be used as a means of benchmarking your own organization for internal and external uses.
Download this eBook on the value of security ratings and learn:
The business value - internally and...
A Canadian home healthcare provider says it was able to recover from a recent ransomware attack without paying a ransom, but it had to revert to manual processes for several days. The incident illustrates the value of being well prepared to deal with cyberattacks.