Since every vendor poses a security risk, organizations must classify them by risk and track the data they manage. Third-party risks can span from a law firm managing sensitive client information to a flower delivery company. A third-party risk program requires a holistic view on third parties and a way to automate...
The bad guys are using ChatGPT. There has been a rise in the number of novel attacks meant to bypass legacy rules and IOC-based systems, including zero-day nation-state attacks, insider threats, "living off the land" attacks, model poisoning of AI/ML solutions, and prompt injection for LLM-based systems.
In the new...
The C-suite and boards are more involved in cybersecurity decisions than ever before, but executive leaders still have a huge disconnect between perceptions and operational realities. This gap leads to miscommunication and missed expectations that could pose great risks to the enterprise, said Cody Cornell, co-founder...
New regulations, including those coming into effect in the U.S., are pushing many medical device makers to radically reconsider how they approach cybersecurity for their products - including air gapping connections, said Phil Englert of the Health Information Sharing and Analysis Center.
It is increasingly important for healthcare entities to carefully examine their cyber and other insurance policies to see what risks are covered in the event of a cyber incident, especially as the threat landscape continues to evolve, said attorney Peter Halprin, a partner at law firm Pasich LLP.
IoT and OT devices, which include network-attached storage devices, hold valuable data that ransomware groups seek to compromise. NAS devices are often exposed on the internet and lack the robust security measures found in other endpoints, said Daniel dos Santos of Forescout Technologies.
The shift from traditional malware-led attacks to identity-based attacks in the realm of cybersecurity has become more prominent than ever. Attackers continuously adapt their tactics, seek the path of least resistance and focus on exploiting vulnerabilities in identity-related weaknesses.
In the evolving threat landscape, small-time threat actors are entering the ransomware space and targeting small and medium-sized businesses. These organizations must adopt a defense-in-depth approach to defend themselves, said Nick Biasini, head of outreach at Cisco Talos.
In today's evolving digital landscape, application security is crucial. That’s why it is increasingly important to normalize the use of two-factor authentication in the developer community to the point that it is "effectively ubiquitous," said John Swanson, director of security strategy at GitHub.
Government agencies are recognizing that the seven pillars of zero trust, as outlined by U.S. federal agencies such as CISA and the DOD, should be strategically applied across various elements, including data and identity management, said Manuel Acosta, senior director and security analyst, Gartner.
The disruption of quantum computing could come sooner than we think, but only 18 countries are actively investing in the technology - creating a potential quantum divide of have and have-not governments and businesses, said retired Col. Jen Sovada, president of global public sector at SandboxAQ.
Cloud-native application protection platforms are emerging as a game-changing solution to the evolving challenges in cloud security. Mattan Shalev, head of product management at Wiz, outlined the power of CNAPPs in reducing risk and fortifying cloud security.
Large language models have revolutionized various industries by automating language-related tasks, enhancing user experiences and enabling machines to communicate more naturally with human beings, according to Rodrigo Liang, CEO of SambaNova Systems.
Ransomware groups, like legitimate businesses, must adapt and change as they grow, in response to external pressures and trends. To survive, many large ransomware groups have adopted decentralized structures, said Yelisey Bohuslavskiy, chief research officer and partner with Red Sense.
Insider threats continue to pose significant concerns in today's digital landscape. While malicious insiders have garnered attention due to harmful intent, negligent users often make unintentional mistakes, contributing to potential cybersecurity risks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
