Panel Discussion: Cybersecurity and Privacy in the 'New Now'

Tom Field • April 8, 2020

The COVID-19 pandemic has dramatically changed how we live and work - for now. But will some of these changes last beyond the crisis? If so, what impact can we expect on cybersecurity and privacy? Thought leaders Edna Conway of Microsoft, Michelle Dennedy of DrumWave and Wendy Nather of Cisco share their views.

Business Email Compromise (BEC)

Is COVID-19 Driving a Surge in Unsafe Remote Connectivity?

Latest

Governance & Risk Management

Microsoft Exchange: 355,000 Servers Lack Critical Patch

Mathew J. Schwartz • April 8, 2020

Patch or perish alert: Less than 20 percent of vulnerable Microsoft Exchange servers have received a fix for a serious flaw that Microsoft first disclosed nearly two months ago, security firm Rapid7 warns. It also found a "concerning number" of Exchange 2007 servers, which Microsoft stopped supporting in 2017.

Governance & Risk Management

Australia Considers How to Approach Pandemic Contacts Tracing

Jeremy Kirk • April 8, 2020

Australia is investigating how it can leverage data to slow the spread of COVID-19. This raises myriad privacy and security questions, including whether the public would embrace such a system and how long it should be in place.

Cybercrime

More Zero-Day Exploits For Sale: Report

Akshaya Asokan • April 8, 2020

Zero-day exploits are increasingly a commodity that advanced persistent threat groups can purchase and use to wage attacks, according to a report from security firm FireEye. The report says the number of attacks leveraging such exploits grew last year.

Application Security

Researchers Propose COVID-19 Tracking App

Ishita Chigilli Palli • April 7, 2020

Researchers at Boston University have written a research paper that proposes creating a smartphone app that uses short-range transmission technologies that can inform users if they have been in close proximity to a person infected with COVID-19 - while maintaining privacy.

Electronic Healthcare Records

COVID-19: CISOs Take on More Security, Privacy Challenges

Marianne Kolbasuk McGee • April 7, 2020

As healthcare organizations across the U.S. respond to the COVID-19 crisis, the list of security and privacy challenges CISOs face continues to grow. Mitch Parker, CISO of Indiana University Health, provides an update on the changing risk management landscape.

3rd Party Risk Management

Third-Party Risk Management: How to Grow a Mature Program

Information Security Media Group • April 7, 2020

Enterprises globally recognize the challenge of third-party cyber risk, but they still struggle with the risk management. Dave Stapleton of CyberGRX discusses the elements of a mature program, including the role of risk ratings.

Endpoint Security

Researcher Finds Flaws in HP's Software Assistant Tool

Jeremy Kirk • April 6, 2020

A security researcher found 10 flaws within HP's Software Assistant Tool, which is installed across HP's desktop and laptop computers. Bill Demirkapi, who found the flaws, says the software is risky because only seven of the flaws have been patched by HP.

Fraud Management & Cybercrime

Update: E-Commerce Fraud Trends

Nick Holland • April 6, 2020

E-commerce fraud schemes continue to grow and evolve, says Angie White of TransUnion, who discusses the results of new research on the subject.

Big Data Security Analytics

Achieving True Predictive Security Analytics

Varun Haran • April 6, 2020

True predictive analysis is difficult - and it sometimes takes years of learning and data modeling to get it right, says Derek Manky, chief of security insights and global threat alliances at Fortiguard Labs.

Endpoint Security

NIST Specialist Offers Telework Security Insights

Scott Ferguson • April 6, 2020

With the COVID-19 pandemic forcing large portions of the workforce to shift to telework, CISOs need to rethink corporate policies on the use of video conferencing platforms and other communications tools, says NIST's Jeff Greene, who offers risk mitigation advice.

Anti-Phishing, DMARC

Spear-Phishing Campaign Uses COVID-19 to Spread LokiBot

Akshaya Asokan • April 4, 2020

A recently uncovered spear-phishing campaign is using fears of the COVID-19 pandemic to spread an information stealer called LokiBot. FortiGuard Labs researchers find that cybercriminals are once again using World Health Organization images as a lure.

Business Continuity Management / Disaster Recovery

CISO Conversations: Healthcare's Unique Opportunity

Tom Field • April 3, 2020

Healthcare professionals are on the front line in the war against COVID-19, and cybersecurity leaders bear unique pressure to support and secure their efforts. But amid this crisis, Anahi Santiago, CISO of ChristianaCare, also sees tremendous strides in telehealth delivery.