The U.K. Information Commissioner's Office has fined Cathay Pacific Airways over a data breach that lasted four years and exposed the personal information of over 9 million passengers and customers, including 111,000 British citizens. The fine could have been larger, but the cyber incident happened before GDPR went...
In a crowded cybersecurity marketplace, it's challenging for newcomers not only to get funding, but also to rise above the noise and get attention. This is where venture capital firms can help, says Don Dixon, co-founder and managing director of ForgePoint Capital.
The human element is a fundamental component of some of the newest cyberattacks that Sophos has been tracking, says the firm's principal research scientist, Chet Wisniewski, who advises organizations to adapt their security and protection plans accordingly.
Technology has enabled a whole new wave of "accidental" insider threats - people who make a mistake or are taken advantage of by attackers. What role can technology now play in improving insider threat detection and response? Three CISOs share their insights.
Federal regulators say newly identified cybersecurity vulnerabilities dubbed "SweynTooth" could pose risks to certain internet of things devices, including wearable health gear and medical devices, as well as "smart home" products from vendors who use Bluetooth Low Energy, or BLE, wireless communication tech.
Three U.S. senators are demanding more answers from Catholic healthcare system Ascension and Google over "Project Nightingale," which is part of a controversial data-sharing and cloud migration initiative that has raised concerns about sharing patient information without explicit permission.
Just as consumers can look at a box of Twinkies and read a list of ingredients, so too should software makers provide users with a "bill of materials" explaining their composition, says Allan Friedman, director of cybersecurity initiatives at the U.S. National Telecommunications and Information Administration.
Software development over the past decade: The good news is that more organizations than ever have secure software development practices in place, says Chris Eng, chief research officer at Veracode. But the bad news is that many of the same flaws - including injection vulnerabilities - persist.
Andre Durand has spent decades in the cybersecurity sector and had identity in his sights when he founded Ping Identity in 2002. Nearly 20 years later, the industry is embracing the notion that cybersecurity begins with secure identity.
Australia reportedly took a sensitive military recruiting database offline for 10 days in February following concerns it may have been compromised. The Defense Department says there's no evidence data was stolen.
As organizations face having to demonstrate compliance with a broad range of regulations that have an IT and cybersecurity impact, the imperative is to adopt frameworks such as ISO 27001 and NIST 800-53, says David Ogbolumani, chief cybersecurity and privacy officer at IT Security Consultants.
Software development benefits from security checks being brought to bear early and often, but the blending of in-house and open source code has historically complicated that process, says Patrick Carey of Synopsys. Now, however, maturing toolsets and approaches are facilitating security checks, he says.
In response to White House warnings that 5G infrastructure equipment built by Huawei could be subverted by China to conduct espionage, Andy Purdy of Huawei Technologies USA says his company has pledged full transparency and urges competitors to follow suit.