Kaspersky Lab has discovered a new, advanced persistent threat - inside its own networks. Dubbed Duqu 2.0, the malware has ties to Stuxnet, and was used to target Iranian nuclear negotiations, researchers say.
If you look at recent breaches, you see a common thread: If privileged identities were better managed, breach impacts would greatly lessen. Bill Mann of Centrify discusses the essentials of privileged ID management.
Organizations are getting increasingly prioritizing incident response capabilities by putting investigation firms on retainer, or creating their own internal teams, says Patrick Morley, president and CEO of Bit9 + Carbon Black.
Hackers are using medical devices as gateways to launch targeted attacks at hospitals, but there are steps organizations can take to better protect their environments, says Greg Enriquez, CEO of TrapX.
Attackers today continue to refine their distributed denial-of-service attack capabilities, delivering downtime on demand. The increase in attack effectiveness and volume demands new types of defenses, says Akamai's Richard Meeus.
Many questions remain unanswered about the data breach at the U.S. Office of Personnel Management that may have exposed personal information for 4 million current and former government workers. Here's a closer look at seven of them.
Larry Ponemon, founder of the Ponemon Institute, offers an in-depth analysis of the results of the organization's 10th study of the costs of data breaches, which found, for example, that rapid growth in hacker attacks is leading to escalating costs.
The Gartner Security and Risk Management Summit tackles digital business, a concept that blurs the physical and digital worlds, and requires organizations to reconsider how they approach IT security and risk management.
Healthcare organizations' disaster recovery plans typically don't include steps to deal with looting incidents. But the April riots in Baltimore serve as a reminder that unexpected violence can result in health data breaches.
Rather than taking specific steps to thwart potential cyber-attacks from nation-states, organizations should focus instead on implementing a comprehensive strategy to protect their sensitive data from all threats, says Lance James of Deloitte &Touche.