Most companies have huge gaps in their cyber security defenses, and can be compromised at will by a determined hacker. The industry even has a term for it: "Assume Breach".
Join Roger A. Grimes, a 30-year computer security consultant, for this webinar where he explores the latest research on what's wrong with current...
Passwords are a pain. We all aim to protect both our customers and brand, however, passwords are weak, hard to remember and easy to hack. As organizations try to strengthen password policy requirements, legitimate customers fail and abandon into more costly channels like the call center. This cumbersome experience...
The organization that manages IT for Singapore's public healthcare sector says it has terminated, demoted or financially penalized several employees for their roles in the handling of a 2017 cyberattack on SingHealth, the nation's largest healthcare group. What do U.S. security experts think of these measures?
German officials say the suspect behind the mega-leak of politicians' and celebrities' personal details exploited their weak passwords to access email, social media and cloud service accounts. What can the security industry do to help address the password problem?
Despite increased use of two-factor authentication, single sign-on, and biometrics, passwords are still the most common form of authentication. However, when a significant percentage of breaches are caused by weak, stolen, or reused passwords, it's clear passwords pose significant risks that can't be...
Account takeover is a rapidly growing arena for
cybercriminals. How can organizations strengthen
both authentication and authorization?
Download this whitepaper to learn more about:
Why account takeover fraud is a growing and strengthening problem;
How organizations can strengthen authentication and...
With the aim of helping healthcare entities of all sizes improve their cybersecurity, the Department of Health and Human Services has issued a four-volume publication of voluntary best practices. Experts weigh in on whether it will prove helpful, especially for smaller organizations.
"Self-sovereign identity" projects based on blockchain technology are likely to gain significant momentum in 2019, says analyst Avivah Litan of Gartner Research.
Mastercard has launched a "fusion center" designed to increase its speed of response and coordination among departments in the event of a cyberattack, says CSO Ron Green, who explains the initiative.
Leading the latest edition of the ISMG Security Report: Microsoft's Joram Borenstein highlights his top three areas of focus for 2019. Plus, Randy Vanderhoof of the US Payments Forum on securing card transactions in the coming year.
The financial services industry is in the midst of sweeping change. Earlier this year, we saw one of the latest shifts with the introduction of the European Union's revised Payment Services Directive (PSD2). PSD2's Strong Customer Authentication (SCA) section requires two factors for authentication.
Financial...
A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over. The exposed database, which wasn't protected by a password, contained 26 million text messages, many of which were two-step verification codes and account-reset links.
Is it realistic to think the end of our dependency on traditional user names and passwords is in sight?
While user names and passwords may not be phased out in the near-term, eventually there will not be online services that have anything of value that don't offer multiple types of two-factor authentication....
French film production and distribution company Pathe fired the two senior managers overseeing its Dutch operations after they fell victim to a business email compromise scam and approved $21 million in transfers to fraudsters. Many organizations remain at high risk from such scams.
By establishing a trusted digital relationship with users, insurers can enable legitimate consumers to apply for new policies and legitimate providers and insurance professionals to log in to their accounts without onerous authentication requirements, while requiring users identified as high risk to fulfill additional...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
