Many organizations still fail to practice smart web security, warns penetration testing expert Ilia Kolochenko, who notes that 23 percent of all websites still use SSL version 3, despite it leaving them at risk from POODLE and BEAST attacks.
NIST plans next year to clarify certain provisions in its cybersecurity framework. "Just to be clear, we're not headed toward a version 2.0 right now," Program Manager Matt Barrett explains in an interview. "We're headed to something that's more like a 1.1."
This ISMG Security Report features a discussion of the impact on the global financial services industry of the SWIFT-related theft of $81 million from Bangladesh's central bank and similar thefts. You'll also hear reports on making IT systems more trustable and national governments' spending on cybersecurity.
Narayan Neelakantan, outgoing CISO at the National Stock Exchange of India, is concerned that the lack of capacity in incident response is going to haunt Indian organizations in the near future. He shares insight on IR maturity and the imminent need.
Security is moving fast, but is still playing a catch-up game with technology. In this scenario, age-old paradigms need to be revised to remain relevant, says Oracle's security lead for APAC, Chris Pickett
Don't blame a lack of information security standards, security products or cybersecurity competence for the failure of breach defenses. In many cases, the culprit is design and implementation flaws in IT products, Robert Bigman, former CIO at the CIA, contends.
ISMG editors, in a special report, examine the status of data breach notification laws in a number of regions, including the European Union, which this past week implemented the General Data Protection Regulation, although enforcement won't take place for two years.
As Asian countries work to bring their cybersecurity capacity up to speed, collaboration can help ease the burden. Dr. Amiruddin Wahab, Cybersecurity Malaysia's CEO, shares insight on national capacity building and cross-regional cooperation.
Start preparing immediately for the EU's new General Data Protection Regulation - even though it doesn't go into force for two more years - because it mandates a number of new privacy and security requirements, warns cybersecurity expert Brian Honan.
The U.S. Congress delves into the issue of whether CISOs should report to CIOs, a topic that leads the Friday, May 27, 2016, edition of the ISMG Security Report, an on-demand audio report offered every Tuesday and Friday.
Distributed denial-of-service attacks are increasingly targeting the application layer, rather than the network, which means organizations must build new defensive strategies, says Sanjai Gangadharan of A10 Networks.
Cyberattacks are increasing in frequency, complexity, nuance and stealth. But human error, business compulsions and increasingly complex environments make it difficult to maintain adequate defenses, says Juniper Network's CTO for India and SAARC