The U.S. Cybersecurity and Infrastructure Security Agency has begun issuing alerts about 56 flaws across operational technology equipment built by 10 different vendors. Researchers at Forescout Technologies say the flaws trace to poor design decisions by vendors.
Two U.S. senators are backing a bipartisan proposal requiring the Food and Drug Administration to update its medical device cybersecurity guidance every two years. The bill is the latest move by Congress aimed at improving medical device security.
In the latest "Proof of Concept," Lisa Sotto of Hunton Andrews Kurth LLP and former CISO David Pollino of PNC Bank join ISMG editors to discuss the many new privacy laws in the U.S., current ransomware and scam trends, and handling the potential corporate risk of sharing information on social media.
A proposed federal class action lawsuit alleges that Facebook is unlawfully collecting "millions" of individuals' information from the websites and patient portals of "hundreds" of medical providers without the knowledge and consent of patients.
Insurance claims being filed by ransomware victims are growing as criminals continue to hit businesses with crypto-locking malware. To avoid these claims, organizations can take a number of proven steps to better protect themselves, says Payal Chakravarty of Coalition.
The need for more modern identity and access management capabilities such as biometric and passwordless authentication has been amplified by the COVID-19 pandemic and the shift to remote work, according to Forrester researchers Paul McKay and Merritt Maxim.
Cloudflare sees opportunity in the growth of zero trust and is integrating recent email and cloud security acquisitions with native data security and network discovery capabilities. "I like the fact that we can grow in both directions," says company CEO Matthew Prince.
When building an insider risk management program, don't start "too large or too quickly," says Randy Trzeciak of Carnegie Mellon University. He says the first step is to protect your organization's critical assets and services and then "build a risk program appropriate to those assets."
Ronald Raether of Troutman Pepper says privacy, data security and information governance departments must collaborate to reduce unauthorized access to systems by criminals and make data operationalization more effective. He also says proper data mapping, governance and classification are critical.
CTO Daniele Catteddu of the Cloud Security Alliance sees significant gaps in how the cybersecurity industry delivers education and training. For example, he says, while organizations are demanding Zero Trust services and guidance on implementation, the industry's offerings do not meet that demand.
The overlying problem in cybersecurity is scale and the complexity that comes from that scale, says Philip Reitinger, president and CEO of the Global Cyber Alliance. He says we need to simplify how we defend ourselves and "give individuals and companies products that meet them where they are."
Publicly traded companies will need to beef up their cybersecurity knowledge since the the U.S. Securities and Exchange Commission is proposing rules and guidelines that would mandate more stringent oversight of cyber risk, says Roger Sels, former vice president of cyber solutions for BlackBerry.
Crum & Forster CISO Chris Holden says it's critical to see cybersecurity as a business enabler rather than a business inhibitor. He is taking on the perception that security is the "Department of No" and works hard to change the culture at his company.
Canada's Desjardins Group has reached an out-of-court settlement to resolve a data breach class action lawsuit. The breach, which the credit union group first disclosed in 2019, traced to a "malicious" insider who for 26 months had been selling personal details for 4.2 million active customers.
Issues with passwords are legion: too many to remember; inherent security weaknesses, and inconvenience, but while many look forward to the day when passwords are no more, for now they are ubiquitous because they are useful, and one of the best ways to enhance their security is through the use of a password manager.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.