Dozens of lively discussions sprung up among the healthcare CISOs, legal experts and leaders from government agencies and technology vendors at Information Security Media Group's Healthcare Security Summit in New York. So what are some of the key takeaways?
A recently published 2017 survey of over 400 security professionals in the U.S., U.K. and Germany measured how well their organizations implemented security controls for SSH keys. The results show that most organizations are underprepared to protect against SSH-based attacks, with fewer than half following industry...
Take control of your SSH keys to minimize your risk of intrusion
SSH keys provide the highest level of access rights and privileges for servers, applications and virtual instances. Cyber criminals want this trusted status and invest considerable resources into acquiring and using SSH keys in their attacks.
SSH is used for secure administrative access, but what happens if it's not secure? Despite the sweeping access SSH keys grant, including root access, most are not as tightly controlled as their level of privilege requires.
If your organization doesn't know which administrators or SSH keys have access to which...
Businesses need to find more ways of incentivizing good researchers to find flaws in technology before bad actors discover them, says Rafael Narezzi, CIO of financial services firm TS Lombard. For every bug hunter with good intentions, how many more are developing weaponized exploits for sale on darknet markets?
Clearly, adherence to HIPPA, NIST and other regulators in healthcare is paramount, but that does not mean that your organization isn't vulnerable to cybercrime hacking. When the average breach is worth $3.62 million with $380 per patient record compromised (as per Ponemon's 2017 Cost of
a Data Breach Report), the...
What started as robust debates over social media among computer security professionals has turned into a drawn-out, bitter battle that has found its way into the Australian courts. The disputes highlight how those who foresake polite debate for legal battles may find themselves being called to account.
Since last year, North Korean hackers have been targeting businesses in the financial services, aerospace and telecommunications sectors by exploiting a remote administration tool, or RAT, according to an alert issued Tuesday by the United States Computer Emergency Response Team.
In the year ahead, cyber threats to the healthcare sector will continue to evolve from attacks primarily involving the theft of health data to assaults aimed at disrupting organizations' operations, predicts Sean Murphy, CISO of health insurer Premera Blue Cross.
With the aim of protecting data privacy, the government of Singapore is considering taking steps to greatly reduce the use of the National Registration Identity Card numbers for verifying consumers' identities.
A top DHS cybersecurity official says she has seen no conclusive evidence that Russian-owned Kaspersky Lab's security software had been exploited to breach federal information systems. Jeanette Manfra told a House panel most agencies have complied with a directive to stop using Kaspersky software.
The PCI Security Standards Council is creating a payments software framework, including two new standards that can evolve as the software rapidly changes, Troy Leach, the council's CTO, explains in this in-depth interview.
India is expected to announce in the coming months the formation of a cyber defense agency that would focus on protecting critical infrastructure, especially government and defense networks, from cyberattacks.
Dr. Suzanne Schwartz of the FDA clears up some myths and misunderstandings about medical device security in an in-depth interview. She'll be a featured speaker at Information Security Media Group's Healthcare Security Summit, to be held Nov. 14-15 in New York.