Third-party risk management; environmental, social and governance risk; risk quantification: They are all critical topics as we approach 2023. Richard Marcus of AuditBoard explains the significance of these areas and how security leaders should approach them strategically.
The French data protection authority fined Discord 800,000 euros for privacy and security practices that violate the General Data Protection Regulation. Authorities said the fine might have been higher except that Discord's "business model is not based on the exploitation of personal data."
Despite the strategic priorities laid out by the Biden administration and initial indicators provided by the Department of Defense, it's unclear how the next national defense strategy will prioritize threats and define the primary role of the U.S. military. Chris Dougherty discusses cyberwarfare.
Iranian hackers used Log4Shell to penetrate the network of an unnamed federal agency where they stole passwords and implanted cryptocurrency mining software. Whether the Iranians were acting wholly on Tehran's behalf, on their own behalf, or both, is uncertain.
Soccer fans watching the 2022 FIFA World Cup live from Doha should think twice about installing two apps developed for the Qatari government, warn multiple European data protection authorities. The apps likely open the door to surveillance by authorities with a spotty human rights track record.
The primary challenge with zero trust is keeping it simple, operationally efficient and easy to understand, with predictably positive outcomes. This is achieved across various systems, not with different solutions, policies and technologies in different areas, and it should involve minimal friction.
Complexity is the enemy of security, and information technology grows ever more complex. Have we created a problem space in computing so complicated that we will be unable to safely operate in it for its intended purposes? Fred Cohen says that's unlikely. He discusses managing risk in the future.
The U.S. Federal Trade Commission pushed until June 9 the date for nonbanking financial firms to follow cybersecurity mandates in the updated Safeguards Rule. The agency approved the update in a partisan vote in October 2021, imposing requirements such as a written information security program.
Twitter accounts that use SMS for two-factor authentication are at a heightened risk of account takeover with the disclosure that texting "STOP" to the verification service results in it being turned off. The vulnerability opens the door to a password reset attack or a password stuffing attack.
Apple, Google and Microsoft supported a new common passwordless sign-in standard, and a key Senate committee approved the Improving Digital Identity Act of 2022. How will these moves pay off in 2023? Identity security expert Jeremy Grant weighs in on trends and predictions for the new year.
When it comes to APIs, the challenge isn’t always obvious, and the attack types are more insidious. Most organizations simply do not know their current API inventory, and this is a major problem.
The reality – there are thousands of APIs in organizations, running on multiple clouds, and they are growing...
Ninety-four percent of recent survey respondents are concerned that TLS 1.3 will break their existing security controls. With the ever-expanding amount of encrypted network traffic mandated, it’s important to understand how to balance user and customer privacy with security controls. Join experts from Cisco Security...
The shift to remote work during COVID-19 has prompted hackers to dramatically boost phishing attacks. The pandemic has led to users reading more corporate email on personal devices and opening messages while distracted by children or pets, increasing the chances they'll click on something malicious.
In the latest weekly update, ISMG editors discuss implications of the seizure of $3.36 billion in stolen bitcoin, whether the EU is complicit in the spread of advanced spyware, and the departure of the U.K.'s Dr. Ian Levy, technical director of NCSC, with some important parting words.
A U.S. federal district judge said users would be "shocked to realize" that Facebook collects patient data. Plaintiffs suing the social media giant asked the judge to enjoin the company from intercepting health data and communications through its Pixel web tracking tool embedded into patent portals.