In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including improving federal agencies' cybersecurity and businesses recovering from the pandemic's impact.
The U.S. Cybersecurity and Infrastructure Security Agency is creating the Joint Cyber Defense Collaborative to build a national cybersecurity defense strategy based on collaboration between the public and private sectors, CISA Director Jen Easterly said at the Black Hat 2021 conference Thursday.
A seemingly nonstop number of ransomware-wielding attackers have been granting tell-all media interviews. One perhaps inadvertent takeaway from these interviews is the extent to which - surprise - so many criminals use lies in an attempt to compel more victims to pay a ransom.
Risk management is essential in every organization. As internal and external business environments have continued to evolve, the threat landscape has become more complex, as have processes for identifying and managing risks. Operational risk management has become more challenging as businesses expand their products...
Managing digital risk and building resilience within your organization requires a comprehensive approach that doesn’t stop where your business ends. One also needs to assess and manage risk related to vendors and other third parties, because any threat to those operations can also impact your business.
Average total cost of a breach at enterprises of more than 25,000 employees is $5.52million according to a recent study by Ponemon Institute. This cost is $2.64 million for organizations under 500 employees. The cost of risk is real and growing. These statistics show the impact of just one type of risk, technology...
The rise in breaches over the past few years & especially during the ongoing pandemic has made it clear that many organizations are overwhelmed and struggling to manage risk. Manual assessments and siloed tools can’t keep up with today’s relentlessly changing risk landscape. Continuous monitoring is the key to...
The National Security Agency and the Cybersecurity and Infrastructure Security Agency have released new guidance on Kubernetes security, providing advice on securing container environments from supply chain threats, insider threats and data exfiltration risks.
Researchers at Palo Alto Networks' Unit 42 say they have demonstrated how exploits of Microsoft Jet Database Engine vulnerabilities could lead to remote attacks on Microsoft Internet Information Services and Microsoft SQL Server to gain system privileges. Microsoft recently patched the flaws.
Teleworking U.S. national security employees are putting sensitive data at risk if they use public Wi-Fi networks without using a virtual private network to encrypt the traffic, the National Security Agency notes in a new advisory.
The new BlackMatter ransomware operation claimed to have incorporated "the best features of DarkSide, REvil and LockBit." Now, a security expert who obtained a BlackMatter decryptor reports that code similarities suggest "that we are dealing with a Darkside rebrand here."
The lack of adequate security features in critical electric grid equipment that's made in other nations poses a serious U.S. cybersecurity threat, federal officials said this week. Supply chain attacks could take down the grid and result in a lengthy recovery period, they told Congress.