A human cyber risk factor increases or decreases the chance of a person becoming a victim of a cyber attack.
Many organizations are moving too slowly towards addressing the human risk elements of security. At the heart of this lies an misunderstanding of human risk factors - with many believing the only...
The new SEC rules require Board-level oversight of cybersecurity. Security leaders will need to translate cybersecurity insights into a language the Board understands. However, current methods are inadequate and cannot equip CISOs and security leaders to comply with the new SEC rules.
Gain actionable advice from...
Information Security Media Group recently concluded its Cybersecurity Summit: London, which brought together industry leaders for a day of informative sessions covering a diverse range of critical cybersecurity topics, including CISOs' vulnerability to liability, ransomware threats and burnout.
Chicago-based CommonSpirit is still waiting to hear back on its insurance claim for an October 2022 ransomware attack, but the hospital chain said disruption of some facilities and "significantly" hampered billing and collection activities contributed to a $1.4 billion operating loss for the year.
Under new U.S. Securities and Exchange Commission rules, companies must disclose material cybersecurity incidents and annually report on cybersecurity risk management, strategy and governance. Alex Hamerstone, advisory solutions director at TrustedSec, discussed the challenges ahead.
A late-stage SASE startup led by a serial entrepreneur hauled in a massive equity investment to address the feature and capability needs of large enterprises. The $238 million in funding will allow Cato Networks to more tightly align CASB and DLP with SASE to safeguard cloud apps and sensitive data.
Increased engagement from boards on digital transformation initiatives around cloud and AI adoption has spurred greater investment in cybersecurity, said Google Cloud CISO Phil Venables. Systems built and designed decades ago have become increasingly difficult to secure, he said.
The threat landscape has evolved significantly in the past year or so - particularly for small to midsize healthcare entities. Steve Akers of Clearwater says these organizations are particularly vulnerable because their first-line cyber defenders are their highest risk variable.
An Ohio community college is notifying 290,000 people of a data theft breach this spring that may have compromised their personal and health information. Security researchers say small schools such as this are now favored targets. Some 80% of schools have reported hacking incidents in the past year.
Cisco's proposed $28 billion buy of Splunk allows businesses to move from threat detection and response to threat prediction and prevention by combining XDR and SIEM. The deal brings together Cisco's newly released XDR platform with Splunk's long-standing SIEM technology.
WatchGuard purchased a Massachusetts company to extend network detection and response capabilities traditionally reserved for high-end enterprises to the midmarket through MSPs. The deal gives WatchGuard clients more visibility into east-west network traffic and activity taking place on the cloud.
Federal authorities are warning of "significant risk" for potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group involving exploitation of a critical vulnerability in 24 Zoho ManageEngine products.
This week, ISMG editors covered the hot topics at ISMG's London Cybersecurity Summit 2023, including the technical landscape of AI, executive liability, incident response strategies in the face of a global ransomware attack and how to build personal resilience to avoid burnout.
Any healthcare organization that embeds tracking technologies in its website should carefully review whether it is inadvertently violating HIPAA or other federal regulations, said Nick Heesters, senior adviser for cybersecurity at the Department of Health and Human Services' Office for Civil Rights.
Dragos completed a Series D extension to help organizations address enhanced OT security requirements from regulators and cyber insurance providers. The money will allow Dragos to help EU businesses affected by updated cybersecurity directives requiring many smaller organizations to boost security.