Most large organizations at least pay lip service to breach preparedness. But when it comes to proper policies, planning and practice, far too many still fall short, says Stuart Mort of the Australian telecommunications firm Optus. Here's what they are overlooking.
Penetration tests can reveal holes in an organization's security. But framing the scope of a penetration test can be challenging, and good results don't necessarily mean 100 percent security. says attorney Kay Lam-MacLeod.
RSA set the tone for its Singapore conference with President Rohit Ghai establishing the importance of precision advantage in the context of the escalating threat landscape. However, the key question is: Are security practitioners resonating with the idea of learning the lessons to bring the change?
When it comes to risk, attorney Mark Doepel sees what he describes as "high cyber awareness, but low cyber literacy" among senior business leaders. But as nations adopt new breach legislation, boards and C-suites need to develop a deeper, granular understanding of risk - and fast.
Australia's mandatory data breach notification law, which goes into effect next February, brings a host of new requirements. Gordon Hughes, an attorney and data protection expert, discusses what organizations need to be aware of ahead of its implementation.
While the power grid malware unleashed against Ukraine could be repurposed to attack other grids, "it's not to the point yet where people should be freaking out or building bunkers or anything silly like that," says Robert M. Lee, who heads industrial cybersecurity firm Dragos.
Police in Greece arrested Russian national Alexander Vinnik, who was indicted by a U.S. federal grand jury for allegedly running the BTC-e bitcoin exchange and helping to launder $4 billion in cryptocurrency tied to criminal enterprises, including the hack of the Mt. Gox bitcoin exchange.
With less than a year to go before enforcement of the EU's General Data Protection Regulation, or GDPR, which applies to any organization that handles Europeans' data, many larger organizations affected in India have yet to make much headway in appointing a data protection officer as required by the law.
By 2020, organizations will be spending $100 billion annually on cybersecurity products and services. But are they securing the assets that matter most to their enterprises? RSA's Peter Beardmore discusses the emerging concept of business-driven security.
It has been a fairly slow year for Mac malware. But a former NSA researcher has dug into the first Mac malware sample that was detected earlier this year - dubbed "Fruitfly" - and found at least 400 computers, and possibly more, infected with a variant of the malware.
Police in Beijing have arrested 11 employees of a Chinese digital marketing agency on charges that they developed and distributed Fireball, malicious adware with 250 million global installations worldwide that reportedly generated $12 million, at least some of it via click fraud.
The ISMG Security Report leads with an analysis of when it would be appropriate for the United States and Russia to engage in cybersecurity negotiations. Also, how NotPetya malware attack victims continue to struggle weeks later.
In an in-depth interview, two security experts go head-to-head over the appropriateness of the White House engaging the Kremlin on cybersecurity matters in light of Russia's hacking of the 2016 U.S. presidential election.
Security comes to Las Vegas this week in the form of Black Hat USA 2017. Hot sessions range from an analysis of power grid malware and "cyber fear as a service" to details of two major hacker takedowns and how the world's two largest ransomware families cash out their attacks.