A security expert and average consumers respond differently to the eBay breach. As most customers retain a high degree of faith in online merchant security, the expert believes eBay committed a serious sin in its lack of strong authentication.
With the Senate Intelligence Committee overwhelmingly approving the Cybersecurity Information Security Management Act, common wisdom dictates the bill will head directly to the Senate floor. Not so fast.
Banking institutions must improve how they analyze cyber-threat intelligence. But without better tools, security leaders can't adequately anticipate new attacks, says Greg Garcia, the new executive director of the FSSCC.
A call center worker at the Connecticut health insurance exchange loses a backpack containing notepads containing sensitive consumer information. Investigators want to know why the paper-based information left the building.
Banking experts say the Retail Industry Leader Association's launch of a cyberthreat information sharing initiative is a good first step toward thwarting breaches, but it should build on the models used by other industries.
Embedding some information security practitioners within business units could help improve IT security awareness in many enterprises, reducing security risk, says Steve Durbin, global vice president of the Information Security Forum.
The recent Verizon Data Breach Investigation Report notes more than 16,000 incidents in the past year where sensitive information was unintentionally exposed. "Nearly every incident involves some element of human error," the report notes.
The Target breach. Account takeover. Mobile banking. Big data analytics. If these terms mean anything to you, then stop right now and give some thought to attending our Fraud Summit in San Francisco on April 29.
With a need for more than 4,000 new specialists over the next two years, the U.S. Cyber Command will look within the military for help, providing training to enlistees to re-invent themselves as cyber pros, Defense Secretary Chuck Hagel says.
The No. 1 reason Congress, after five years of intensive efforts, has yet to enact comprehensive cybersecurity legislation is differences over how much liability protection to grant businesses to get them to share cyberthreat information.
Having cyber-responders from various civilian agencies located on the same campus should help foster new ideas to battle threats to critical government and private-sector IT systems, a top administration official says.
An address by FBI Director James Comey at the RSA security conference seems to equate civil liberties and privacy. But when he offers an example of balancing Americans' rights with cybersecurity, he mainly refers to the civil liberties, not privacy.
In light of the critical shortage of information security professionals, organizations must strive to become a "center for security excellence" to successfully recruit the specialists they need, says analyst John Oltsik of Enterprise Strategy Group.
While many organizations rely on employee training to help mitigate the risks of spear phishing, such efforts are generally ineffective, says Eric Johnson of Vanderbilt University, who explains why a technical solution might be better.