It has never been more vital to secure your supply chain, with governments also recognizing the urgency by increasingly calling for Software Bills of Materials (SBOMs) and the implementation of effective third-party security risk management (TPRSM) to stem the surge in ransomware and other cyberattacks.
ISACA's State of Digital Trust 2022 survey shows significant gaps between what enterprises are doing and what they should do to earn customer trust in digital ecosystems. While 98% of those surveyed say digital trust is important, only 12% have dedicated staff roles to digital trust.
In this episode of "Cybersecurity Unplugged," Amit Shah, director of product marketing at Dynatrace, discusses the implications of the Log4Shell software vulnerability and the need for organizations to take an observability-led approach to software development and security going forward.
Australia's largest telecom provider acknowledged Tuesday a data breach, but said the data came from a now-defunct employee rewards program from 2017. A company executive accused the hacker behind the breach of seeking to profit from a tense climate created by a much larger breach at rival Optus.
In the latest weekly update, ISMG editors discuss how organizations can comply with the new PCI DSS 4.0 requirements, whether other countries should follow the U.S. lead on legislating software bills of materials, and key strategies for CISOs preparing for an economic downturn.
Over his 23-year career in cybersecurity, Tom Kellermann has focused on policy, endpoints and even strategic investments. Now, in his new role as senior vice president of cyber strategy at Contrast Security, his mission is to protect code security - particularly in the public and financial sectors.
The latest edition of the ISMG Security Report discusses what went wrong for Optus in the wake of one of Australia's biggest data breach incidents, the state of code security today and the growing trend of private equity firms pursuing take-private deals.
Recent hacking incidents involving an emergency medical transport company and a firm that provides billing services to ambulance companies underscore how protected health information is subject to risk and oversight alike before a patient even steps into a hospital.
The latest edition of the ISMG Security Report discusses financial giant Morgan Stanley's failure to invest in proper hard drive destruction oversight, the future of ransomware and the gangs that have attacked organizations in recent years, and the methods required to secure new payments systems.
From SolarWinds to Kaseya, Accellion, Log4j and Okta, third-party security breaches are among the most devastating for organizations affected. Tony Morbin of ISMG dives into the story behind the results of a global survey with Demi Ben-Ari, the co-founder, CTO and head of security at Panorays.
Internally hosted resources harboring sensitive PII or intellectual property may reside anywhere, from your on-premises data center to public cloud services such as AWS, Azure or GCP. Third parties accessing these resources pose an additional risk, expanding your attack surface to contractors, vendors, resellers and...
Palo Alto Networks has been in a 19-month dry spell when it comes to major acquisitions, but it looks like that's about to change. Israeli business publication Calcalist reported Monday the firm is closing in on a deal to buy New York-based code risk platform provider Apiiro for around $600 million.
From SolarWinds to Kaseya, Accellion, Log4j,
or Okta, third-party security breaches are
among the most devastating for organizations
Defense against third-party risk is
a top-tier risk register item, and it is not a one-off either – you need
continuous monitoring to evaluate the security stance of...
In this episode of "Cybersecurity Unplugged," U.S. Air Force Chief Software Officer Nicolas M. Chaillan, a former DHS and DOD adviser, shares his opinions about the government's handling of DevSecOps and cybersecurity, where progress is being made and where more work needs to be done.