Managing risk for internet of things devices must start early in the design phase, says Tim Mackey of Synopsys, who offers insights on key risk mitigation steps, including building a threat model.
Fraud schemes have migrated in recent years, exposing inherent vulnerabilities in how most organizations authenticate users. Diego Szteinhendler of Mastercard outlines new strategies and tools for evolving authentication practices beyond solely payments security.
The latest edition of the ISMG Security Report discusses Cloudflare's harsh criticism of Verizon over an internet outage it labeled as a "small heart attack." Plus: sizing up the impact of GDPR; reviewing highlights of the ISMG Healthcare Security Summit.
An effective third-party risk management program starts with asking the right questions, says Brad Keller, chief strategy officer and senior vice president at the Santa Fe Group, a strategic advisory company, who spells out key issues to address.
Since Sentara Healthcare adopted a DevSecOps approach, CISO Daniel Bowden says, his security team has gained improved visibility into the entire application development process.
In a rare move, the Food and Drug Administration has warned patients that medical device maker Medtronic has issued a voluntary recall of certain wireless insulin pumps due to cybersecurity vulnerabilities that cannot be adequately patched.
With the European Union's Cybersecurity Act now in full force, the European Union Agency for Network and Information Security, or ENISA, has a new name and a permanent mandate - as well as more money and staff - to oversee a range of cybersecurity issues.
Bipartisan healthcare legislation that a Senate health committee passed on Wednesday includes a provision that would incentivize healthcare entities to adopt "strong cybersecurity practices" by encouraging federal regulators to consider organizations' security efforts when making HIPAA enforcement decisions.
The cyberattack earlier this year against Indian outsourcer Wipro, as well as several of its customers, is part of a much larger, multiyear phishing campaign that involves many more companies used as jumping off points, according to RiskIQ, which says the attackers apparently are manipulating gift cards.
Six major cloud services providers apparently were victims of Cloud Hopper, an umbrella name for deep cyber intrusions suspected to originate in China, Reuters reports. The report also alleges Cloud Hopper-affected companies withheld information from their clients for reasons of liability and bad publicity.
By partnering with Ping Identity, Gates was able to bring the vision of a global authentication authority to life with advisory, configuration, deployment, and employee training.
Increasingly, cyber attackers are molding technology and human intelligence into blended threats that prey upon vulnerable defenses. Chester Wisniewski of Sophos lays out how organizations can become more mature in preparedness and response.
In one of the recent stops in this roundtable dinner seriers, ISMG and Zscaler visited Boston to discuss the role of security as a catalyst for digital transformations. We saw in each of these conversations that change is difficult, but that everyone is asking the same questions, says Stan Lowe, Global CISO with...
A dental and vision insurer's revelation that it recently discovered a 9-year-old data security incident offers an extreme example of the difficulty some organizations have in detecting data breaches.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.