In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why enterprises need a multilayered approach to securing identity, how fraud will evolve in 2022 and the need to secure backdoors to prevent ransomware attacks.
As the risks to IT and OT converge, organizations must use "zero trust" to verify user identities and build effective monitoring capabilities to track the behavior of privileged users, say Kartik Shahani of Tenable and Rohan Vaidya of CyberArk.
According to a panel of experts, protecting the Active Directory, a rich target for increasing ransomware attacks, will require organizations to audit privileged accounts and endpoints with continuous monitoring and an identity governance approach.
Even the world’s most successful organizations have significant weaknesses in their cybersecurity defenses, which today’s determined hackers can exploit at will. There’s even a term for it: Assume Breach.
But assuming you’ll be hacked isn’t an option for you. Your organization can’t afford a loss of...
As DNS remains a favorite target for attack vectors, organizations need to build unified security by establishing harmonized DNS traffic and communication to prevent data exfiltration, say Alvin Rodrigues and Pankaj Chawla from Infoblox.
The latest edition of the ISMG Security Report features an analysis of the most sought-after type of victim for ransomware-wielding attackers. Also featured: fighting extortion schemes and stress management tips.
No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.
Join Javvad Malik, Security Awareness Advocate for KnowBe4, as he provides...
Business email compromise attacks, which balance low-tech tactics with the potential for big profits, remain popular. Attackers continue to refine their tactics, including subverting legitimate redirect services as well as recruiting English-speaking business partners and cryptocurrency tumbler operators.
Phishing attacks make more than 80% of reported security incidents. Most of us use the same password for different logins. We may also believe that social media is only about fun & information- sharing and there is no real danger. This Infographic presents a crisp snapshot of the key elements to watch out for related...
As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery.
The world is now focused on ransomware, perhaps more so than any previous cybersecurity threat in history. But if the viability of ransomware as a criminal business model should decline, expect those attackers to quickly embrace something else, such as illicitly mining for cryptocurrency.
This edition of the ISMG Security Report features three segments on battling ransomware. It includes insights on the Biden administration's efforts to curtail ransomware attacks, comments on risk mitigation from the acting director of CISA, plus suggestions for disrupting the ransomware business model.
The code used to build copies of Babuk ransomware - to infect victims with the crypto-locking malware - has been leaked, after someone posted the software to virus-scanning service VirusTotal. Whether the leak was intentional - perhaps a rival gang seeking to burn the operation - remains unclear.
The prolific Avaddon ransomware-as-a-service operation has announced its closure and released 2,934 decryption keys for free. Has the increased focus by Western governments on combating ransomware been driving this and other operations to exit the fray?