CISOs and CIOs must ensure their organizations plan for worst-case scenarios, conducting frequent "dry runs" of disaster recovery plans, says Tonguc Yaman, CIO of SOMOS, a New York Community Care Network, who formerly served as deputy CIO of Bellevue Hospital.
Effective "SecOps" involves revamping security processes that are inconsistent and ad hoc to make them targeted and consistent, says Rapid7 CEO Corey Thomas, who describes the roles of automation and orchestration.
A newly released report from the U.S. Government Accountability Office on the massive 2017 Equifax data breach provides a postmortem look at what went wrong, centering on the credit bureau's identification, detection, segmentation and data governance, as well as a failure to rate-limit database requests.
The British Airways breach, in which up to 380,000 website and mobile users' payment card details were stolen, traces to card-scraping code injected into a script on the airline's website by the cybercrime group called Magecart, says security firm RiskIQ.
The threat landscape is changing as the industrial internet of things radically broadens the attack surface for critical infrastructure, says Kenneth Carnes, CISO for the New York Power Authority, who discusses how to address the shift.
Why did CISOs at a half-dozen leading healthcare organizations launch a new council aimed at standardizing vendor security risk management? One of those CISOs, John Houston of UPMC, explains why the group was launched, how it will work and why managing cloud vendor risks is a top priority.
While healthcare entities and their vendors apparently are improving their encryption practices for computing and storage devices, regulators are also urging organizations to avoid overlooking the importance of physically securing and tracking these devices to help safeguard PHI.
Russian national Andrei Tyurin, who's been accused of hacking into JPMorgan Chase's network in 2014 and stealing personal information on more than 83 million customers, has been extradited to the U.S. He was allegedly part of a group that hacked into brokerages, news firms, a risk intelligence company and others.
British Airways has been threatened with a class-action lawsuit in U.K. court after warning that a hacker stole payment card data associated with 380,000 transactions. A law firm says that under GDPR, the airline should compensate victims for "inconvenience, distress and misuse of their private information."
Security technology innovations entering the market are getting attached as features to an infrastructure that is fundamentally broken and an enforcement model that cannot operate in real time, says Matthew Moynahan, CEO at Forcepoint.
U.S. prosecutors have accused a 34-year-old North Korean man of involvement in some of the most destructive and profitable cyberattacks ever seen, including the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach and the theft of $81 million from Bangladesh Bank.
British Airways is warning customers that it suffered a hack attack that compromised up to 380,000 customers' payment cards as well as personal data over a 15-day period. The airline says it was alerted to the breach by a business partner that monitors its websites.
To transparently identify legitimate users in digital channels, organizations need strong digital identity risk assessment capabilities that examine each user's digital patterns and can more accurately detect potential bad actors, says IBM's Matt Konwiser.
All organizations should ensure that they are using the most appropriate tools, technologies, practices and procedures to safeguard their information against today's top threats, says Check Point's Avi Rembaum.
Intelligence adaptive authentication represents the latest advance in authentication and risk analysis - with a dose of machine learning - to help organizations authenticate users and battle fraud in real time, says OneSpan's Will LaSala.