An assessment on whether North Korea is behind the WannaCry ransomware attacks leads the latest edition of the ISMG Security Report. Also, the co-author of NIST's revised Trustworthy Email special publication discusses changes in the guidance.
In an information technology environment where personnel are taking on increasingly complex responsibilities, the key to ensuring security is still awareness training, says former U.S. CISO Gregory Touhill, who says he'd put his last dollar on it.
What does the title National Protection and Programs Directorate mean to you? It's not so clear, unless you are familiar with the Department of Homeland Security's organizational chart. To clarify its mission, the House has voted to rename - and revamp - the DHS agency.
The HITRUST Cyber Threat Xchange played a role in making U.S. healthcare organizations aware of the worldwide WannaCry ransomware campaign early enough to help them thwart the threat, says HITRUST's Elie Nasrallah.
The Department of Health and Human Services has taken important steps to fight Medicare and Medicaid fraud, but can further strengthen its efforts in several ways, according to a new GAO report. GAO estimates that in fiscal 2016, improper Medicare and Medicaid payments totaled about $95 billion.
Christiana Care Health System, which operates a network of hospitals, is working on several risk management priorities for 2018, including adopting the HITRUST framework, implementing appropriate controls for protecting against emerging threats and phasing in new security technologies, says Anahi Santiago, CISO.
Email, which is too easily spoofed, phished or taken over, remains a leading cybersecurity risk. But finally, after years of pushing, the Domain-based Message Authentication, Reporting and Conformance standard, or DMARC is helping to bolster email security, says Phil Reitinger, CEO of the Global Cyber Alliance.
If you want to anticipate a prospective hacker's moves, then you'd better be able to think like one. That's the position of Terry Cutler, an ethical hacker who dedicates his time to testing organization's cybersecurity defenses - and their people.
As data breaches increase in scale and frequency, businesses must ensure an effective, swift and well-orchestrated response. To help them, ISMG on Wednesday and Thursday will host a Fraud and Breach Prevention Summit in Mumbai offering insights from 20 leading CISOs and many other experts.
Spear phishing is the common trigger to many of the most popular - and successful - targeted attacks. How can organizations improve their defenses? Jon Clay of Trend Micro tells how to better spot and stop spear phishing.
Adoption of the Domain-based Message Authentication, Reporting & Conformance - or DMARC - standard is very low in the healthcare sector, and broader use could greatly reduce phishing risks, according to a new study.
As data protection breaches have become daily headline news and everyone becomes increasingly sensitive about privacy, the regulatory regime is getting tougher. Data protection laws in Europe are more important than ever before - especially as the enforcement deadline of the EU GDPR looms.
Dozens of lively discussions sprung up among the healthcare CISOs, legal experts and leaders from government agencies and technology vendors at Information Security Media Group's Healthcare Security Summit in New York. So what are some of the key takeaways?
In the year ahead, cyber threats to the healthcare sector will continue to evolve from attacks primarily involving the theft of health data to assaults aimed at disrupting organizations' operations, predicts Sean Murphy, CISO of health insurer Premera Blue Cross.