Most large organizations at least pay lip service to breach preparedness. But when it comes to proper policies, planning and practice, far too many still fall short, says Stuart Mort of the Australian telecommunications firm Optus. Here's what they are overlooking.
Penetration tests can reveal holes in an organization's security. But framing the scope of a penetration test can be challenging, and good results don't necessarily mean 100 percent security. says attorney Kay Lam-MacLeod.
To battle Russian hackers, Microsoft has moved to strip them of their malicious infrastructure. To do so, however, the technology giant isn't hunting the attackers down. Instead, it's taking them to court. Two cybersecurity attorneys rate Microsoft's efforts.
Nuance has issued an unusual public letter to customers explaining why the medical transcription services vendor has decided not to report the NotPetya malware attack on the company to federal regulators as HIPAA breach. How did Nuance make its determination?
When it comes to risk, attorney Mark Doepel sees what he describes as "high cyber awareness, but low cyber literacy" among senior business leaders. But as nations adopt new breach legislation, boards and C-suites need to develop a deeper, granular understanding of risk - and fast.
Australia's mandatory data breach notification law, which goes into effect next February, brings a host of new requirements. Gordon Hughes, an attorney and data protection expert, discusses what organizations need to be aware of ahead of its implementation.
A hacker attack on a women's healthcare clinic that impacted 300,000 patients ranks as the second largest ransomware-related health data breach reported to federal regulators. Why did it take months before the clinic detected the malware?
While the power grid malware unleashed against Ukraine could be repurposed to attack other grids, "it's not to the point yet where people should be freaking out or building bunkers or anything silly like that," says Robert M. Lee, who heads industrial cybersecurity firm Dragos.
Health insurer Anthem Inc., still dealing with the aftermath of a 2015 cyberattack that impacted nearly 79 million individuals, now is coping with another - albeit smaller - breach incident. This one involves a business associate's former employee who's currently incarcerated.
A federal court has ordered the deportation of a Venezuelan citizen who is the second person to plead guilty for their role in a conspiracy to commit more than $2 million of tax fraud using identities stolen by hackers from a University of Pittsburgh Medical Center employee database.
Remote access has been a concern since the dial-up days of the internet's infancy. But ubiquitous connectivity only increases enterprise security concerns, says Bomgar's Sam Elliott, who outlines six steps to secure remote access.
HHS has made changes to a website widely referred to as the "wall of shame" that lists major health data breaches. The changes came after some members of Congress complained that the website unfairly exposes breached organizations to endless public scrutiny.
The ISMG Security Report leads with an analysis of when it would be appropriate for the United States and Russia to engage in cybersecurity negotiations. Also, how NotPetya malware attack victims continue to struggle weeks later.
Security comes to Las Vegas this week in the form of Black Hat USA 2017. Hot sessions range from an analysis of power grid malware and "cyber fear as a service" to details of two major hacker takedowns and how the world's two largest ransomware families cash out their attacks.