The lack of skilled personnel is hampering incident response, but automation can help, says Mike Fowler of DFLabs. Providing responders with "playbooks" for step-by-step incident response processes, for example, is essential, he contends.
The healthcare sector's cybersecurity efforts needs to shift from a focus on protecting patient information confidentiality to protecting patient safety, says Joshua Corman, co-founder I Am The Cavalry, a grassroots, not-for-profit cyber safety organization.
Canadian citizen Karim Baratov has pleaded guilty to targeting more than 11,000 webmail accountholders to steal their passwords, including targeting 80 Gmail accounts at the request of an alleged Russian intelligence agent tied to a 2014 hack attack against Yahoo that exposed 500 million accounts.
From GDPR to the NIST Cybersecurity Framework, vendor risk management is a key component of every new piece of cybersecurity guidance. Yet, security leaders still struggle to inventory and assess their strategic partners. Sam Kassoumeh of SecurityScorecard explores the challenges.
Looking for a way to benchmark your cybersecurity organization against those of your peers? Intel Health and Life Sciences and its partners offer a Healthcare Security Readiness program that provides a benchmarking opportunity, David Houlding explains.
As data protection breaches have become daily headline news and everyone becomes increasingly sensitive about privacy, the regulatory regime is getting tougher. Data protection laws in Europe are more important than ever before - especially as the enforcement deadline of the EU GDPR looms.
Fool me once, shame on you. Fool me twice, shame on me. That's the situation facing victims of Equifax's massive data breach, who are being offered identity theft or fraud monitoring services from none other than Equifax. First, however, they have to share some personal information.
As a security researcher at Cisco, Brad Antoniewicz has the opportunity to watch cybersecurity threats emerge and evolve. Among the latest: a shift in phishing campaigns to target cryptocurrencies. Antoniewicz explains the shift and how organizations can respond.
The U.S. government has charged three employees of Chinese cybersecurity firm Boysec with stealing valuable intellectual property from Siemens, Moody's Analytics and Trimble. Security researchers say Boysec has been operating since 2007 and is also known as APT 3 and Gothic Panda.
It's more than a honeypot, and it's different from "hack back." The topic is deception technology, and Carolyn Crandall of solutions vendor Attivo discusses myths and realities of this emerging cybersecurity toolset.
Are you an accused Russian hacker who's been detained on foreign soil at the request of U.S. authorities? Bad news: While Mother Russia will go to court to try to bring you home, your odds of resisting U.S. extradition don't look good.
Reports that a plea deal is about to be reached for Karim Baratov - extradited from Canada to the United States on charges that he assisted Russian intelligence agents with the massive hack of Yahoo in 2014 - are premature, his attorney tells Information Security Media Group.
Every new cybersecurity regulation includes at least some emphasis on improving vendor risk management. But what happens when vendors balk at the extra degree of scrutiny required? Moffitt Cancer Center's Dave Summitt describes his risk-based approach to business associates.
As the GDPR's enforcement date nears, North American healthcare organizations are scrambling to ensure their data protection policies and practices are up to snuff. Mitch Parker of Indiana University Health System offers his prescription for GDPR compliance.