One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.
As a security leaders, too often you are brought to the table after a digital transformation project has been initiated, so you are forced to take a reactive position. But Adam Bosnian of CyberArk sees an important, proactive role for security. And a good start is by ensuring privileged access management is a key...
The latest edition of the ISMG Security Report discusses new combination ransomware and doxing attacks. Plus, Twitter drops phone numbers in 2FA, and why we need to consider quantum cryptography today.
The insurance industry has a significant fraud problem. Whether targeting the insurance carrier, broker or policyholder, scams are a large financial burden for all stakeholders.
Insurance firms must take deliberate steps to implement a comprehensive customer authentication and fraud prevention strategy.
In this...
Some 4 terabytes of data on over 1.2 billion individuals - including LinkedIn and Facebook profiles - was exposed to the internet on an unsecured Elasticsearch server, according to an analysis by a pair of independent researchers.
Nation-state attacks often have close links to the military intelligence or state control apparatus with a high degree of technical expertise. India is fighting off an array of disruptive attacks that include advanced malware, sophisticated distributed denial-of-service attacks and nation-state actors targeting DNS...
Corporate security teams spend a large amount of their time and resources attempting to secure
their systems from outside cyberthreats - that is, from hackers who are external to the corporate
network. According to Verizon's 2019 Data Breach Investigations Report, almost 70% of confirmed
data breaches are...
One key step for preparing to comply with the California Consumer Privacy Act, which goes into effect in January, is determining how best to verify the identity of users, say two leaders of the Sovrin Foundation, who discuss the key issues.
With the goal of becoming an international university XJTLU needed to ensure that their website was high performing and available for users anywhere in the world. However, with infrastructure focused on campus, access to XJTLU's site was intermittent and slow for off campus users. This poor performance was magnified...
Securing user accounts from both bots and human attackers has become one of the most fundamental challenges of delivering modern applications and services. Attackers continuously develop ever more sophisticated techniques for taking over user accounts.
Aggressive security policies lead to false positives and...
63% of data breaches are caused by third-party, yet most organizations treat their vendors like internal employees when it comes to remote access. Because of this, the average organization spends endless hours and resources investigating incidents and pulling together reports, which only compounds the problem. Data...
The shift to the cloud has made the perimeter-centric view of security obsolete and led to the creation of the "zero trust" approach. But how do we best manage identity as the new security perimeter? Teju Shyamsundar of Okta shares insights.
The latest edition of the ISMG Security Report offers an in-depth analysis of how to prevent data exposure in the cloud. Plus: why PCI's new contactless payment standard lacks PINs, and how to go beyond the hype to accurately define "zero trust."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
