Training employees to resist phishing emails is key to preventing compromises. But an exercise run by Tribune Publishing Co. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships.
An organization has successfully implemented a "zero trust" framework when it can achieve context-aware resolution of a risk, says Dr. Siva Sivasubramanian, CISO of SingTel Optus, an Australian telecommunications firm.
Many financial institutions have deployed fraud fusion centers as a way to help mitigate risks. But as fraudsters revamp their techniques, banks need to revamp these centers to keep up, says Jeff Dant of BMO Financial Group, who will speak at ISMG's Virtual Cybersecurity and Fraud Summit: Toronto.
The world of third-party risk management is rapidly changing. Each day, organizations like yours face new security, privacy, and compliance threats when working with third parties. The good news is there are world-class teams around the world that are paving the way with new best practices for the next generation of...
Recent hacking incidents, including one targeting Twitter, are raising awareness of the importance of privileged access management, says David Boda, group head of information security for Camelot Group, operator of the U.K. National Lottery. He describes PAM best practices.
In a court filing, online voting startup Voatz argues that most security research should be limited to those who have clear permission to probe systems and software for vulnerabilities. The amicus brief is part of a U.S. Supreme Court case that could redefine a federal computer law.
The latest edition of the ISMG Security Report features a discusssion with Equifax CISO, Jamil Farshchi, on the lessons learned from the credit reporting firm's massive data breach three years ago. Also featured: Australians' driver's licenses leaked; privileged access management tips.
The number of cybersecurity incidents reported to the U.K.'s data privacy watchdog has continued to decline, recently plummeting by nearly 40%. But is the quantity of data breaches going down, or might organizations be failing to spot them or potentially even covering them up?
While nearly three-quarters of cybersecurity professionals would grade their organization's
ability to identify and mitigate a cyberattack, as above average or superior, nearly half have
been subject to a spear-phishing attack and a third have suffered a malware incident in the
last year. Further, over half of...
He'd worked at NASA, Visa and Time Warner and stepped in at Home Depot after it was hacked in 2014. But nothing quite prepared Jamil Farshchi for the spotlight he'd face when he took over as CISO at Equifax after its massive 2017 data breach. He discusses how the Equifax security organization has rebounded.
This session is dedicated to our UK, EU and ME audiences and will provide practical steps to enable organisations to successfully implement a strategy of least privilege. Least privilege will allow you to eliminate unnecessary risk by elevating rights across multi platforms and networked devices without hindering...
State CISOs are finding it challenging to meet the needs for risk management and new cybersecurity investments at a time when tax revenue continues to shrink during the COVID-19 pandemic and agencies are expecting budget cuts.
Preparing for "common" distributed denial-of-service (DDoS) attacks is no longer enough. Thanks to the growing array of online marketplaces, it is now possible for hackers to wreak havoc with virtually no knowledge of computer programming or networks. Attack tools and services are easy to access, making the pool of...
With the growth of the microservice architecture, a new space of containerized application orchestration frameworks has evolved, and Kubernetes (an open-source platform for managing containerized workloads and services and facilitates automating application deployment, scaling and management) is one of its largest...