Shopify's announcement this week that two employees inappropriately accessed transactional data from 200 of the merchants that use its e-commerce platform demonstrates the importance of taking a "zero trust" approach to security and improving identity and access management capabilities, security experts say.
The ephemeral and dynamic nature of cloud resources makes traditional security perimeters insufficient for successful risk management. The cloud needs a new perimeter - identity. Unfortunately, the complexity of the cloud infrastructure and cloud provider identity and access management (IAM) tools makes it...
The U.S. Cybersecurity and Infrastructure Security Agency is warning of an uptick in attacks using LokiBot, an information stealer capable of sweeping up credentials. Fraudsters are using new methods to spread the malware.
Zero Trust security throws away the idea that we should have a "trusted" internal network and an "untrusted" external network. The adoption of mobile and cloud means that we can no longer have a network perimeter-centric view of security; instead, we need to securely enable access for the various users (employees,...
There's a lot of hype around Zero Trust security, but it's proving to be more than just theory.
In this brief, we review the key takeaways from our recent webinar Zero Trust in Practice, including how to align trust with context, the key pain points Zero Trust can address, and the steps to get to a Zero Trust...
Customer identity and access management - CIAM - is coming of age, as enterprises seek a unified view of their customers. Keith Casey of Okta describes what CIAM maturity looks like - and how to get there via a new playbook.
A leaked database compiled by a Chinese company has suddenly become the focus of news media reports warning that it could be used as an espionage instrument by Beijing. But on closer examination, the alleged "social media warfare database" looks like public information largely scraped from social media sites.
A bipartisan bill looks to take some initial steps toward creating nationwide digital identity standards that can address a range of security issues, including theft and fraud stemming from data breaches. The legislation is backed by the Better Identity Coalition.
Consumers hate passwords, criminals love them. And while the journey to passwordless authentication takes time, there are lessons to be learned from major global organizations who have started down the path. Dr. Rolf Lindemann of Nok Nok Labs shares insights.
Recent hacking incidents, including one targeting Twitter, are raising awareness of the importance of privileged access management, says David Boda, group head of information security for Camelot Group, operator of the U.K. National Lottery. He describes PAM best practices.
The latest edition of the ISMG Security Report features a discusssion with Equifax CISO, Jamil Farshchi, on the lessons learned from the credit reporting firm's massive data breach three years ago. Also featured: Australians' driver's licenses leaked; privileged access management tips.
This session is dedicated to our UK, EU and ME audiences and will provide practical steps to enable organisations to successfully implement a strategy of least privilege. Least privilege will allow you to eliminate unnecessary risk by elevating rights across multi platforms and networked devices without hindering...
CISOs need to fully integrate SD-WAN features with legacy infrastructure to help ensure the security of remote access, says Alain Sanchez, a CISO at Fortinet.
Today's banking market is facing an unprecedented level of disruption from open banking and new players, both of which are working to redefine the role of the bank itself. When you combine this era of disruption with the challenges of addressing rising levels of fraud, maintaining competitiveness within your financial...
The new work reality has created a change in how information is accessed and used, and attackers are targeting remote users with increasing frequency and efficiency. This has brought on a new shift in the IT paradigm which requires identity to act as the central control point in defining an enterprise security...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
