As regulators increasingly focus on third-party risk, healthcare organizations are entering more strategic partnerships with their critical vendors. And the effort is paying off with improved vendor risk management, says Mitch Parker, CISO of Indiana University Health System.
Credential abuse attacks and identity theft incidents are rising, with attackers leveraging botnets to launch coordinated campaigns with high success rates, says Aseem Ahmed of Akamai Technologies, who shares best practices for mitigating the threats.
A new study shows mobile apps in India seek access to more data than apps in other nations, says Shivangi Nadkarni, CEO at Arrka Consulting. Nadkarni says the data protection bill being considered in India eventually could help curb access to information via apps.
The easy availability of tools for designing face-swapping deep-fake videos drove Symantec security researchers Vijay Thaware and Niranjan Agnihotri to design a tool for spotting deep fakes, which they described in a briefing at the Black Hat Europe 2018 conference in London.
Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software.
What's the outlook for moving from awareness to action when it comes to medical device cybersecurity? Dale Nordenberg, M.D., executive director of the Medical Device Innovation, Safety and Security Consortium, offers an assessment.
Banks' boards of directors need to understand the implications of cybersecurity in terms of the overall risk structure, says Bhaskar Pramanik, a board member at State Bank of India and former chairman of Microsoft India.
Vaishali Bhagwat, cyber lawyer and advocate, contends that the "harms-based" approach in India's data protection bill is more appropriate than the "rights-based" approach taken by the European Union's General Data Protection Regulation
Multifactor authentication and privilege-based controls are among the forms of identity and access management that can help security leaders address key vulnerabilities in their organizations, says Charanjit Singh Sodhi of Normura Wholesale, who offers advice.
As enterprises improve defense of their networks and data centers, cybercriminals increasingly are shifting their efforts to targeting privileged credentials. It's time, then, to take an identity-centric approach to security, says Aneesh Dhawan of Microsoft.
Understanding where data is stored so it can be protected, overcoming security misconfiguration and improving vendor management diligence are three top challenges for healthcare organizations, says Chris Bowen of ClearDATA.
To improve enterprise visibility, network and security teams need to align and evolve the way they architect networks, says Gigamon's Ian Farquhar, who shares insights on how to enhance network visibility.
An update on the hacking of email accounts of four senior aides within the National Republican Congressional Committee leads the latest edition of the ISMG Security Report. Also featured: An analysis of when the first major fines for violations of the EU's GDPR could be issued.
A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.
What are three burning questions regarding legal and compliance issues that enterprise security leaders should ponder as they head into 2019? Ed Amoroso, former CISO of AT&T and current CEO of TAG Cyber, outlines the questions and possible answers.