John O'Driscoll is the first CISO for the Australian state of Victoria, a job that has purview over 1,900 entities with 340,000 public servants. He's an expert in risk and audit, and that has subsequently lead to interesting conversations about who is accountable for risk and how to manage risk.
The breach of text message routing giant Syniverse revealed yet another supply chain attack involving a key supplier, exacerbated by outdated communications protocols desperately in need of a security revamp and better incentives for improvement, says mobile telephony security expert Karsten Nohl.
The White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations. This gathering aims to elevate both law enforcement collaboration and diplomatic efforts. Noticeably absent from the summit: Russia.
A compromise of sensitive health information affecting nearly 38,000 individuals discovered nearly a year after a terminated company executive accessed the data spotlights some of the top security and privacy challenges covered entities and business associates face with insiders.
Microsoft, in its annual threat review report, Digital Defense, says 58% of cyberattacks worldwide over the past year originated in Russia. And 92% of the Russia-based threat activity came from the nation-state threat group Nobelium.
The number of breach reports filed by U.S. organizations looks set to break records, as breaches tied to phishing, ransomware and supply chain attacks keep surging, the Identity Theft Resource Center warns. It says that there's also been a rise in tardy breach notifications containing little detail.
The latest edition of the ISMG Security Report features an analysis of the arrest of two suspects tied to a major ransomware group in Ukraine. Also featured: Introducing "The Ransomware Files" and defining the next-gen CISO.
Deepayan Chanda discusses the four principles of cybersecurity - reliability, accuracy, architecture and resiliency - that he believes cover most of the aspects of how CISOs can maintain the level of cybersecurity that their organzations need to sustain attacks.
Who had heard of Syniverse before it recently disclosed a five-year breach, potentially exposing call-routing data and text messages for hundreds of mobile phone networks? The incident is just the latest supply chain attack to hit a lesser-known but nevertheless critical service provider.
Telecommunications service provider Syniverse, which routes 1 trillion messages annually for many of the world's mobile phone carriers, has disclosed a five-year breach of its systems, which handle call metadata and text messages. Experts say the exposed data poses serious criminal and espionage risks.
The Food and Drug Administration on Tuesday issued a warning notifying patients that medical device maker Medtronic has expanded a recall of remote controllers for certain wireless insulin pumps that were part of an earlier recall. The FDA has classified the recall as the most serious type due to issues that could...
As Cybersecurity Awareness Month kicks off this week, U.S. President Joe Biden has weighed in on his administration's efforts to curb cyberattacks and bolster the federal government's security posture.
Of all the areas under his direction - business continuity, GRC, data governance - third-party risk is the most challenging, says Peter Gregory, senior director of cyber GRC at GCI General Communications Inc. "Their breach is my breach," he says, offering mitigation advice.
Rant of the day: Are we getting hacked because we now work remotely in the new normal? No, we're being hacked because we're not managing our risks and being lazy - and because the CISO is not being heard.
Hacking incidents - especially those involving ransomware attacks and vendors - continue to rack up some of the largest victim counts in major health data breaches being reported to federal regulators in 2021. Will the trend continue?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.