Because cyberattacks continue to bypass next-generation security technologies, it's important not to underestimate the role humans play in attack detection and threat mitigation, says Rohyt Belani of PhishMe.
Spear phishing is the common trigger to many of the most popular - and successful - targeted attacks. How can organizations improve their defenses? Jon Clay of Trend Micro tells how to better spot and stop spear phishing.
Credit unions offer unique services to a unique member base - and they face unique challenges when rolling out multifactor authentication across all of their banking channels. Michel Nerrant of Crossmatch discusses how new biometric solutions can meet CU needs.
A commentary on the need for developers to be more deliberate in securing IT products leads the latest edition of the ISMG Security. Also featured: A report on Congress tackling voting machine security.
Adoption of the Domain-based Message Authentication, Reporting & Conformance - or DMARC - standard is very low in the healthcare sector, and broader use could greatly reduce phishing risks, according to a new study.
Organizations are rapidly migrating services and data to cloud infrastructure, creating a new "cloud generation" of users who bring with them a new set of endpoint security concerns. How should these issues be prioritized and addressed? Naveen Palavalli of Symantec details new strategies and solutions.
Apple's latest desktop operating system, High Sierra, has a massive vulnerability that allows anyone to create, without a password, a "root" account that has access to all files on the computer. It's the third authentication-related fumble found in High Sierra since its general release in September.
As data protection breaches have become daily headline news and everyone becomes increasingly sensitive about privacy, the regulatory regime is getting tougher. Data protection laws in Europe are more important than ever before - especially as the enforcement deadline of the EU GDPR looms.
Fool me once, shame on you. Fool me twice, shame on me. That's the situation facing victims of Equifax's massive data breach, who are being offered identity theft or fraud monitoring services from none other than Equifax. First, however, they have to share some personal information.
The U.S. government has charged three employees of Chinese cybersecurity firm Boysec with stealing valuable intellectual property from Siemens, Moody's Analytics and Trimble. Security researchers say Boysec has been operating since 2007 and is also known as APT 3 and Gothic Panda.
When Arbor Network's Paul Bowen looks at the IoT threat to healthcare, he's concerned about how medical devices are conceived, created and connected. And he says device manufacturers are dangerously behind the maturity curve when compared to threats actors.
Are you an accused Russian hacker who's been detained on foreign soil at the request of U.S. authorities? Bad news: While Mother Russia will go to court to try to bring you home, your odds of resisting U.S. extradition don't look good.
The California attorney general's office has smacked Cottage Health System with a $2 million settlement in the wake of breaches in 2013 and 2015. What lessons can be learned from this significant enforcement action?