Too few organizations have in-house incident response teams. As a result, they lack the native ability to even detect evolving threats, such as ransomware, says Ann Barron-DiCamillo of Strategic Cyber Ventures in this video interview. What are the must-have response capabilities?
The federal tally of major health data breaches is littered with hundreds of incidents blamed on business associates that affected a total of tens of millions of individuals. But vendor involvement in breaches is probably actually a lot worse than what's reflected on the HHS tally.
Restaurant chain Wendy's says fewer than 300 of its 5,500 locations were affected by a fall 2015 malware attack that infected a POS system not used at its other locations. The breach highlights why all franchisees under a corporate brand should use the same well-tested POS system, says Gartner's Avivah Litan.
The same Turkish hacking group that recently leaked data from Qatar National Bank and UAE's InvestBank apparently has leaked data that appears to belong to five banks in Nepal and Bangladesh. But are the leaks the result of new breaches?
It's one thing to talk or even plan about "What happens if we are breached?" It's quite another to undertake a true breach exercise. What are the critical elements of such a drill? Author Regina Phelps shares advice from her new book.
The Verizon 2016 Data Breach Investigations report finds malware, ransomware and phishing attacks are more common than ever and creating even more damage. Organizations are continuing to get exploited via vulnerabilities that are months or even years old, forensics expert Laurance Dine explains in this interview.
Is it ever acceptable for ransomware victims to pay a ransom to obtain the decryption key required to restore access to their data? Due to poor preparation, many organizations continue to face that question.
Government auditors question the effectiveness of a U.S. military response to aid civil authorities during cyber-related emergencies because it's unclear which one of two defense units would lead such operations.
What steps can organizations take to help ensure they're not the next victim of a ransomware attack? Technology expert Craig Musgrave of The Doctors Company, which offers cyber insurance, identifies the top priorities.
SANS conducted a survey focused
on the current state of Incident Response (IR), polling security
professionals from more than 19 industries and various-sized companies
and organizations. The goal was to get a clearer picture of what IR teams
are up against today - the types of attacks they see and what...
A watchdog agency's audit of the Department of Veterans Affairs makes nearly three dozen recommendations for how the VA should address "material weakness" in its information security program. The VA's CIO tells Congress all the issues raised will be addressed by the end of next year.
Credit card and other personal information was exposed in a data breach of Internet hosting provider Staminus Communications, which specializes in protection against distributed denial-of-service attacks. The company hosts the website of the Ku Klux Klan white supremacist group, which was also brought down.
We all realize that the black hats are typically a step ahead of the white hats. But do we accept that our own security controls are contributing to the deficit? Sam Curry of Arbor Networks describes how security leaders can regain their lead in this video interview.
Hackers stole $100 million from the Bangladesh Bank after apparently obtaining payment-transfer codes and moving the money overseas in what experts say appears to be one of the largest bank heists in history.
The Department of Health and Human Services has a long list of information security weaknesses, including identity and access management and incident response shortcomings, that need more attention, according to a federal watchdog agency's audit report.