A human cyber risk factor increases or decreases the chance of a person becoming a victim of a cyber attack.
Many organizations are moving too slowly towards addressing the human risk elements of security. At the heart of this lies an misunderstanding of human risk factors - with many believing the only...
The new SEC rules require Board-level oversight of cybersecurity. Security leaders will need to translate cybersecurity insights into a language the Board understands. However, current methods are inadequate and cannot equip CISOs and security leaders to comply with the new SEC rules.
Gain actionable advice from...
An Ohio community college is notifying 290,000 people of a data theft breach this spring that may have compromised their personal and health information. Security researchers say small schools such as this are now favored targets. Some 80% of schools have reported hacking incidents in the past year.
Cisco's proposed $28 billion buy of Splunk allows businesses to move from threat detection and response to threat prediction and prevention by combining XDR and SIEM. The deal brings together Cisco's newly released XDR platform with Splunk's long-standing SIEM technology.
WatchGuard purchased a Massachusetts company to extend network detection and response capabilities traditionally reserved for high-end enterprises to the midmarket through MSPs. The deal gives WatchGuard clients more visibility into east-west network traffic and activity taking place on the cloud.
Federal authorities are warning of "significant risk" for potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group involving exploitation of a critical vulnerability in 24 Zoho ManageEngine products.
This week, ISMG editors covered the hot topics at ISMG's London Cybersecurity Summit 2023, including the technical landscape of AI, executive liability, incident response strategies in the face of a global ransomware attack and how to build personal resilience to avoid burnout.
Any healthcare organization that embeds tracking technologies in its website should carefully review whether it is inadvertently violating HIPAA or other federal regulations, said Nick Heesters, senior adviser for cybersecurity at the Department of Health and Human Services' Office for Civil Rights.
Dragos completed a Series D extension to help organizations address enhanced OT security requirements from regulators and cyber insurance providers. The money will allow Dragos to help EU businesses affected by updated cybersecurity directives requiring many smaller organizations to boost security.
The Clop ransomware group's zero-day attack on MOVEit software was its fourth data theft campaign targeting secure file transfer users. Organizations can combat such attacks by using data minimization and encryption - among other defenses, says Teresa Walsh, global head of intelligence for FS-ISAC.
TikTok will pay Irish data privacy regulators 345 million euros to settle allegations that it violated the privacy of underage users. A TikTok spokesperson said the company disagreed with the Irish Data Protection Commission, saying the violations are based on features that no longer exist.
The drumbeat for potential federal legislation to better protect sensitive health information - or at least new regulations - appears to be growing louder in Congress. One of the Senate's four lawmaker doctors is quizzing the healthcare industry on ways to safeguard health data.
China hasn't ordered any restrictions on the use of Apple iPhones by government agencies, according to a Chinese government spokesperson, but the official cited recent security flaws in the iPhone and warned that foreign mobile device manufacturers must abide by domestic information security laws.
The new Securities & Exchange Commission Cyber Rules mandate a transformation in how publicly traded companies manage cyber risk. To comply, they’ll need to build and deploy systems – within the next five months – to identify, measure and report cyber risk “materiality”. But, current methods are inadequate...
Authorities are warning of threats posed by Akira, a ransomware group that surfaced in March and has been linked to dozens of attacks on small and midsized entities. The group is targeting many industries, including healthcare, and seems to favor entities that lack MFA on VPNs.