Lisa Young prepares security teams to protect and defend their organizations from cybercriminals by seeing the things that others miss and asking the questions that others are too afraid to ask. She discusses how critical thinking improves cybersecurity.
"Email security doesn't get the attention it deserves" because "phishing is not going away and is not getting any less," says Jess Burn, a senior analyst at Forrester. She shares best practices for phishing prevention.
How do you identify a BIN - Bank Identity Number - attack, let alone stop it? Ernie Moran, senior vice president of risk at Brightwell Payments, shares his experience of how he managed a BIN attack on his firm.
In the latest weekly update, four ISMG editors discuss the state of cyber insurance today and why its future is uncertain; applying a security-by-design reliability model to analyze vulnerabilities; and how Russia takes down members of the REvil ransomware group as cyber aggressions in Ukraine rise.
Although flaws in Apache Log4j software that need remediating remain widespread in organizations, "some of them are aware of the issue, some of them aren't aware of the issue, and likely this issue is going to be persisting with us for many, many years," says Jeff Macko, an offensive security expert at Kroll.
When Marcel Lehner was hired to be the CISO of MM Group in Vienna, his mandate was clear: to better embed information security management and governance throughout the manufacturer's organization. To do that, he ran a "hearts and minds" campaign to communicate his vision and strategy and boost uptake.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
While approximately ⅔ of infosec professionals believe that staffing shortages are putting their organizations at risk, the depth of the cybersecurity skills gap is both wider and deeper than is often fully appreciated. From the myriad of complicated technologies we expect our security experts to implement and...
The increasingly connected home is a vulnerable part of the extended enterprise, especially as the line blurs between personal life and work, says Forrester principal analyst Heidi Shey. She encourages organizations to adopt a two-pronged approach to protecting the "work from home" workforce.
In the latest update, four ISMG editors discuss key cybersecurity issues, including myth busting from the founder of Zero Trust, the reason behind the surge in high-profile cryptocurrency scams in India and how ransomware attackers routinely lie about their inclinations, motivations and tactics.
The Apache Log4j vulnerability capped the end of a long year for CISOs and incident responders, and it left them with a mitigation project that carries them well into the New Year. CISOs John Bassett and Martin Dinel discuss how their teams have tackled Log4j - and significant lessons learned.
Where are security practitioners in their zero trust journeys, and what approach to zero trust have they taken? Three experts - Netskope's David Fairman, Exceture's Mario Demarillas, and Petronas' Soumo Mukherjee - share their thoughts in a panel discussion.
The U.S. government has taken notable moves to enforce cybersecurity regulation and propose legislation, says Andy Watkin-Child, founding partner of the Augusta Group. To help prepare for these shifts, he advises organizations to improve their "understanding in global regulation in cyber."
The cultural divide between application security and developer teams is well known. But threat modeling offers a new strategy to bring these teams together and achieve business benefits. Panelists from ServiceNow and IriusRisk discuss the road map.
To crack down on the criminal use of cryptocurrency, including for ransomware, authorities are increasingly targeting "cryptocurrency businesses that do not have the compliance controls in place necessary to mitigate the risks of illicit activity," says Ari Redbord of TRM Labs.