Businesses need to find more ways of incentivizing good researchers to find flaws in technology before bad actors discover them, says Rafael Narezzi, CIO of financial services firm TS Lombard. For every bug hunter with good intentions, how many more are developing weaponized exploits for sale on darknet markets?
CISO Mitchell Parker of Indiana University Health says healthcare organizations that have focused on HIPAA compliance when crafting security and privacy policies need to be making plans to comply with the EU's GDPR if they handle Europeans' data. How will that influence decisions about data protection?
Want to stop the latest cybercrime bogeyman? For the umpteenth time, put in place well-known and proven strategies for repelling online attacks, such as the Australian Signals Directorate's top 4 mitigation strategies for repelling targeted cyber intrusions.
Information Security Media Group's Healthcare Security Summit in New York on Nov. 14-15 will feature a top-notch lineup of more than 40 experts, including leading CISOs, who will explore such issues as battling ransomware, improving medical device security and beefing up breach prevention.
The latest ISMG Security Report features highlights from the recent panel discussion at the ISMG Fraud and Breach Prevention Summit in London on preparation for the European Union's General Data Protection Regulation set to be enforced next May.
When it comes to warding off phishing attacks, too many organizations are reliant on internal awareness campaigns. But a more proactive defense and controls are needed, says John "Lex" Robinson of PhishMe.
Is digital transformation an impending "disaster" - leaving more attack surfaces open to exploit and putting enterprises at further risk? Or is there a chance to rewrite how the security department operates? Former Burberry CISO John Meakin shares his views.
Can U.S. law enforcement use a warrant to seize emails stored outside the U.S. by a cloud services provider? That's the question the Supreme Court has agreed to consider next year. Microsoft continues to fight an order to turn over emails stored in an Irish data center.
The clock is ticking on the General Data Protection Regulation (GDPR) coming into effect and while there isn't wide scale panic yet, lots of organizations are either in denial or just coming to grips with its implications. The difficulty with GDPR is that the regulation states the "WHAT" but pretty much is silent on...
A discussion with ISMG Security and Technology Editor Jeremy Kirk about his chat with the cyber gang "The Dark Overlord," which threatened some U.S. school districts with extortion, leads the latest edition of the ISMG Security Report. Also, an update on surging IT security employment.
New York state's Department of Financial Services is enforcing minimum cybersecurity standards by which all banks and other financial services firms that it regulates must abide. Think of the new regulation "as a playbook or a guidepost," says cybersecurity attorney Paul Ferrillo.
The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? Jacob Olcott of BitSight discusses how to prepare for this new generation of cybersecurity regulations.
The latest edition of the ISMG Security Report is devoted to a special report on how enterprises around the world should prepare for the European Union's General Data Protection Regulation, which starts being enforced in May.
Artificial intelligence and machine learning are among the top industry buzzwords of the year. But how can AI truly make a significant impact on organizations' cybersecurity operations? Brian NeSmith of Arctic Wolf Networks offers insight.