Credit-reporting agency Equifax now says records exposed in the massive data breach it revealed last month included information relating to 15.2 million U.K. residents - a much higher figure than the business first suggested.
It is said that "Data is the new oil." If that's the case, then organizations need to do a far better job inventorying and securing their wells, says Laurence Pitt of Juniper Networks. He offers insights on leveraging and securing data.
The number of information security analysts employed in the United States has topped 100,000 for the first time, according to an Information Security Media Group analysis of U.S. Bureau of Labor Statistics data.
The Dark Overlord, a hacking group that hijacks data from businesses and holds it for ransom, is now threatening school districts. The apparent intent isn't to get ransoms from schools per se, but to create a fear campaign designed to scare big businesses into paying the group's ransoms.
Congress needs to elevate the position of the CISO at the Department of Health and Human Services so that the job not only has responsibilities within the agency but also an official role in helping the healthcare sector improve its cybersecurity, says Samantha Burch of HIMSS.
A bipartisan group of five senators has asked a watchdog agency to produce "clear recommendations" for how to make sure the right patients are matched to the right records to help improve the quality of care and crack down on medical and identity fraud. But will that require a national patient identifier?
Researchers claim to have discovered information from 6,000 Indian enterprises, including governmental units, for sale on the dark net. But while the National Internet Exchange of India, the apparent source of the information, is attempting to downplay the incident, others are demanding a clear explanation.
The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? Jacob Olcott of BitSight discusses how to prepare for this new generation of cybersecurity regulations.
HHS has issued a draft five-year strategic plan that includes objectives for protecting "the safety and integrity of human, physical and digital assets." What does the plan say about privacy and security issues?
CISOs need to anticipate the important questions their CEO is likely to ask as mega-breaches make headlines and data security is in the spotlight. Here, security leaders offer insights on how to answer eight tough questions.
Equifax ex-CEO Richard Smith asserts that a single employee's failure to heed a security alert led to the company failing to install a patch on a critical system, which was subsequently exploited by hackers. But his claim calls into question whether poor patch practices and management failures were the norm.
Two dozen federal agencies continue to experience security weaknesses in five critical areas, putting government systems and data at risk, according to a new watchdog agency report. But which agency spends the most on IT security?
Security programs fail because of too much emphasis on protection and not enough on detection and response, says Ira Winkler, president of Secure Mentem, who calls on CISOs to help change their organization's security priorities.
At the first of three Congressional hearings slated this week to examine the Equifax mega-breach, one Republican said of the company's delay in detecting the breach: "It's like the guards of Fort Knox forgot to lock the doors and failed to notice the thieves were emptying the vaults."
A top Department of Homeland Security cybersecurity official says DHS is seeking to play a more active role in responding to cyber incidents at other U.S. federal agencies. At a House hearing, the top DHS policymaker also said securing the U.S. election system is his No. 1 priority.