Penetration tests can reveal holes in an organization's security. But framing the scope of a penetration test can be challenging, and good results don't necessarily mean 100 percent security. says attorney Kay Lam-MacLeod.
RSA set the tone for its Singapore conference with President Rohit Ghai establishing the importance of precision advantage in the context of the escalating threat landscape. However, the key question is: Are security practitioners resonating with the idea of learning the lessons to bring the change?
When it comes to risk, attorney Mark Doepel sees what he describes as "high cyber awareness, but low cyber literacy" among senior business leaders. But as nations adopt new breach legislation, boards and C-suites need to develop a deeper, granular understanding of risk - and fast.
Australia's mandatory data breach notification law, which goes into effect next February, brings a host of new requirements. Gordon Hughes, an attorney and data protection expert, discusses what organizations need to be aware of ahead of its implementation.
While the power grid malware unleashed against Ukraine could be repurposed to attack other grids, "it's not to the point yet where people should be freaking out or building bunkers or anything silly like that," says Robert M. Lee, who heads industrial cybersecurity firm Dragos.
The ISMG Security Report leads with an analysis of when it would be appropriate for the United States and Russia to engage in cybersecurity negotiations. Also, how NotPetya malware attack victims continue to struggle weeks later.
Security comes to Las Vegas this week in the form of Black Hat USA 2017. Hot sessions range from an analysis of power grid malware and "cyber fear as a service" to details of two major hacker takedowns and how the world's two largest ransomware families cash out their attacks.
The 2017 RSA Conference Asia Pacific & Japan, to be held July 26-28 in Singapore, will offer a security road map, imparting lessons to practitioners to help them navigate through cybersecurity complexities. Here's a preview of some of the top sessions.
Sweden is grappling with the fallout from a data breach that occurred two years ago and the scope of which has only recently trickled out. It resulted in the prosecution of the former head of the Transport Agency and deep questions over an outsourcing arrangement with IBM.
About 210 websites of central and state government departments in India were displaying personal details and Aadhaar numbers of beneficiaries. Security experts are questioning why auditors did not detect problems that led to the data leakage and say it's time to take strong action against faulty auditors.
A deep dive into the takedowns of AlphaBay and Hansa, and their impact on the secretive illicit darknet marketplace, leads the latest edition of the ISMG Security Report. Also, a puzzling breach at Ricoh Australia.
AusCERT is one of the oldest CERT's in the world, and Phil Cole says the independent organization is now laser-focused on helping enterprises across sectors to fundamentally improve their strategies and solutions for incident response.
Ricoh's Australia office has notified banks, government agencies, universities and many large businesses about a curious data breach that, in some cases, exposed login credentials for its multifunction devices.
Fighting a well-established cyber underground churning out increasingly complex malware requires that defenders change tactics to make it far more difficult for attackers to succeed, says Sajan Paul of Juniper Networks.