The latest edition of the ISMG Security Report discusses recent research on the cyberthreats in multicloud environments and how to mitigate them. Also featured: A ransomware risk management update; tips on disaster planning.
Britain's failure to contain COVID-19 - despite Prime Minister Boris Johnson promising a "world-beating" effort - now includes a failed digital contact-tracing app. A new version, built to work with Apple and Google APIs, may be released by winter. Really, what's the rush?
Digital transformation may have occurred over a weekend in March, but the effects will be felt - and secured - for years to come. How will global enterprises in 2021 validate identities, defend networks without perimeters and secure a permanent remote workforce? A panel of CEOs and CISOs shares strategies.
An Australian IoT alliance is developing a certification program designed to raise security standards for connected device manufacturers and give consumers more confidence that they're buying secure devices. The program, slated to start in September, could expand globally.
Time for another internet of things update nightmare: Researchers have found that a little-known but widely used TCP/IP software library built into millions of internet-connected devices has 19 flaws that need fixing. Developer Treck has issued fixes, but how many vulnerable devices will end up patched?
Since the advent of the COVID-19 crisis, many enterprises have moved new workloads to the cloud. But have they been just as swift to adopt cybersecurity best practices in these multi-cloud environments? IBM's Limor Kessem analyzes a new cloud security study.
As a result of shift to a remote workforce, network segmentation is an even more critical step for safeguarding information, says Tom Dolan of Forescout Technologies, who discusses how deployments can also help with meeting regulatory requirements.
An internal CIA report from 2017 - just released in heavily redacted form - found that the agency's failure to secure its own systems facilitated the massive "Vault 7" data breach that enabled classified information, including details of 35 CIA hacking tools, to be leaked to WikiLeaks.
The Trump administration's continued press against China snared an unintended victim: America's own influence over 5G standards development. But the U.S. Commerce Department says a new rule will free U.S. firms to work with any company, including China's Huawei, on developing new telecommunications standards.
Increasingly, organizations are turning to encryption to help solve multiple security issues, whether it's protecting data, managing risk or meeting government regulations. While managing all these encryption keys can be complex, Brad Beutlich of nCiper Security doesn't believe it has to be this way.
Why do so many enterprises remain chained to outdated and vulnerable identity and access management technologies - legacy systems that rely on passwords, eat budgets and kill productivity? Baber Amin of Ping Identity and Ramnath Krishnamurthi of LikeMinds Consulting preview a new virtual roundtable on Modernizing IAM.
Jewelry retailer Claire's says Magecart attackers hits its e-commerce store, hosted on Salesforce Commerce Cloud, and stole an unspecified number of customers' payment card details. Security firm Sansec, which discovered the breach, says Magecart attacks have grown more targeted during lockdown.