Email, which is too easily spoofed, phished or taken over, remains a leading cybersecurity risk. But finally, after years of pushing, the Domain-based Message Authentication, Reporting and Conformance standard, or DMARC is helping to bolster email security, says Phil Reitinger, CEO of the Global Cyber Alliance.
New research shows that the automation of five key security controls is lacking at a majority of organizations, says Ted Gary of Tenable.
A key reason why: the lack of skilled cybersecurity professionals.
Improving network security requires understanding your environment and controlling it before implementing network segmentation, says Nathaniel Gleicher of Illumio, who explains lessons that can be learned from the Secret Service's approach.
An employee of the NSA's Tailored Access Operations group has pleaded guilty to mishandling classified information. The material ended up in the hands of Russia after he copied it to his home computer, which had Kaspersky Lab's anti-virus software installed.
Federal regulators are reminding healthcare entities and business associates of the serious security and privacy risks that terminated employees can pose and offering advice for mitigating those risks.
A trio of Democratic senators is pushing for passage of a U.S. national data breach notification law. Data breach expert Troy Hunt tells lawmakers that data breaches will only get worse. But will Congress, which has rejected similar measures, enact this latest proposal?
Roman Seleznev, the son of a Russian lawmaker who earlier this year received one of the longest sentences ever handed down in the U.S. for computer-related crimes, has been slammed with two more 14-year sentences. He was a key figured in the infamous Carder.su fraud marketplace.
Medical devices are increasingly used by cybercriminals to compromise networks, systems and patient data, says Dr. Jack Lewin of the consultancy Lewin and Associates, who's also chairman of the National Coalition on Health Care. That's why physicians should be advocates for better device security.
The lack of skilled personnel is hampering incident response, but automation can help, says Mike Fowler of DFLabs. Providing responders with "playbooks" for step-by-step incident response processes, for example, is essential, he contends.
Connected medical devices are a significant potential new attack surface that may not be covered by security tools and systems, says Ariel Shuper of Check Point Software Technologies. How can healthcare providers immunize their medical devices against threats before they are compromised?
Securing access pathways is just as critical as securing user credentials, says Sam Elliott, director of security product management at Bomgar, who points out that too many organizations overlook some fundamental steps.
Because cyberattacks continue to bypass next-generation security technologies, it's important not to underestimate the role humans play in attack detection and threat mitigation, says Rohyt Belani of PhishMe.