As insider channels increasingly become the vector through which attackers gain unauthorized access to data, organizations must look at context-aware security to understand user behavior and prevent data leak, says Naveen Gurusiddaiah of Micro Focus.
With rampant password, patch management and data missteps, it can feel like information security déjà vu all over again as security professionals fight so many of the same battles as 10 or 20 years ago, says white hat hacker Cris Thomas, a.k.a. "Space Rogue."
IBM is deploying its Watson supercomputer to help organizations answer this essential question: In the face of nonstop security events, potential intrusions and patches, what's the next, best action that an organization's security analyst should take?
As cybersecurity demand surges in India, there is a crippling shortage of skilled professionals that the industry has been facing. KPMG's Sundar Ramaswamy suggests increased impetus on automating security roles will alleviate the problem.
In the latest ISMG Security Report, our editors analyze Symantec's pending purchase of Blue Coat; vulnerabilities in mobile banking apps; retailers' objections to a national data breach notification bill; and the relaunching of the IRS Get Transcript tool after a breach.
For years, organizations have been threatened by DDoS attacks on several fronts, ranging from volumetric attacks to application-level and DNS strikes. Now come ransom-based attacks. Trey Guinn of CloudFlare discusses how to respond to each type of attack.
While many enterprises in the West adhere strictly to data breach notification norms, India remains far behind in reporting such incidents. What are the barriers? Supreme Court Advocate Pavan Duggal offers insights.
In the latest ISMG Security Report, our editors examine the top concerns of security practitioners gathered at Infosecurity Europe, NIST's planned revision of its cybersecurity framework and U.S. government efforts to make sure patients can securely access their electronic health records.
The scale of the global IT security skills crisis is well documented. But what is its direct impact on cybersecurity with the government agencies of Washington, D.C.? Dan Waddell of (ISC)² discusses the problem - and a new way to address it.
Cybercrime alert: In March, 93 percent of all phishing emails studied contained ransomware designed to forcibly encrypt PCs, says PhishMe chief operating officer Jim Hansen. In an interview, he offers insights on how to respond.
Many organizations still fail to practice smart web security, warns penetration testing expert Ilia Kolochenko, who notes that 23 percent of all websites still use SSL version 3, despite it leaving them at risk from POODLE and BEAST attacks.
NIST plans next year to clarify certain provisions in its cybersecurity framework. "Just to be clear, we're not headed toward a version 2.0 right now," Program Manager Matt Barrett explains in an interview. "We're headed to something that's more like a 1.1."
This ISMG Security Report features a discussion of the impact on the global financial services industry of the SWIFT-related theft of $81 million from Bangladesh's central bank and similar thefts. You'll also hear reports on making IT systems more trustable and national governments' spending on cybersecurity.
Narayan Neelakantan, outgoing CISO at the National Stock Exchange of India, is concerned that the lack of capacity in incident response is going to haunt Indian organizations in the near future. He shares insight on IR maturity and the imminent need.
Security is moving fast, but is still playing a catch-up game with technology. In this scenario, age-old paradigms need to be revised to remain relevant, says Oracle's security lead for APAC, Chris Pickett