The U.S.-China Economic and Security Review Commission on Thursday held a daylong hearing on cybersecurity threats posed by Xi Jinping-led China, including the nation's expansive cyberespionage and disinformation capabilities, along with its technical prowess in cyberwarfare.
Two recent hacking breaches affecting hundreds of thousands of individuals - one reported by a firm that provides services to health plans and the other by a government contractor - serve as the latest reminders of the risks involving vendors that handle sensitive personal data.
SecurityScorecard provides analysis of organizational cyber hygiene through a rating system, while LIFARS, a digital forensics firm, has offered witness testimony for major federal cybercrime cases involving nation-state threat actors. CEOs for both firms tell ISMG why their merger is significant.
By almost every measure, ransomware continues to get worse, not least in the average amount criminals receive when a victim chooses to pay a ransom. So say new reports assessing the volume and severity of ransomware attacks, the flow of cryptocurrency, attackers' target selection and more.
On this week's "Sound Off," we ask John Kindervag, the founder of Zero Trust, for his reaction to the recently released Office of Management and Budget federal strategy to move the U.S. government toward a mature Zero Trust architecture.
People think cloud is a silver bullet, but it’s not. It's not even copper. And people think cloud it easy and someone else’s problem. But it's not. The cloud is nothing more than a highly resilient, outsourced data center with a lot of bells and whistles.
Regulators should require all medical device makers to include a baseline of certain cybersecurity protections in their products and to build in a feature that allows safe vulnerability scanning of their devices, says researcher Daniel Bardenstein, a strategist at CISA.
Log4J has brought a wide range of vulnerabilities that organizations are continuing to address. Specifically of note is the rippling effects this vulnerability has on your third-party ecosystem. Our continued experience in this area shows us that it's never a good idea to be reactive in the face of mounting...
A massive data breach has been uncovered by researchers who say the incident totals in excess of 172 GB of data and affects an estimated 19 million people. The victims are primarily customers of online appointment company FlexBooker, researchers say.
Ransomware attacks in 2021 amassed a record number of victims in critical infrastructure sectors across Australia, the U.K. and U.S., those countries' lead cybersecurity agencies warn. They share intelligence on attackers' latest tactics to better equip domestic organizations to defend themselves.
The SEC voted 3-1 to advance new, mandatory cybersecurity rules for registered investment advisers, companies and funds. The proposal - open for a 30-day public comment period - would require entities to adopt and implement written cybersecurity policies and a 48-hour incident reporting mandate.
Michael Hamilton, CISO at security firm Critical Insight, discusses health data breach trends. The bad news: The number of major breaches reported to regulators in 2021 hit a record high. The good news: The rate of breaches reported last year compared to 2020 appears to be slowing down.
Jeff Williams, co-founder and CTO of Contrast Security, says people have a right to know if the products they use are secure. It's difficult to tell if software is secure, he says, so companies need incentives to build good security programs, improve their software and disclose any flaws they find.
In a U.S. Senate hearing on Tuesday, the Apache Software Foundation and leaders from Cisco, Palo Alto Networks and The Atlantic Council discussed open-source software security, urging both government and private sector entities to recognize the breadth of the free-to-use software and adversaries' willingness to...
As a CISO in financial services, Bradley Schaufenbuel of Paychex enjoys the velocity of change - no two days are alike. But with that pace comes a corresponding uptick in supply chain risk, which adds a new degree of difficulty to an already challenging leadership role.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.