Latest

►

Breach Preparedness

By the Book: How to Thwart Cyberattacks

Eric Chabrow  •  June 28, 2017

The Cyber Threat Alliance is developing playbooks that will show organizations how to stop hackers from causing havoc. Alliance President Michael Daniel explains how the playbook could help to disrupt a cyber attacker's business model and processes.

Ransomware

Crypto-Locking Ransomware Attacks Spike

Mathew J. Schwartz  •  June 27, 2017

With massive profits available to criminals who can infect PCs and servers and extract a ransom, it's no surprise that attacks involving crypto-locking ransomware continue to increase. Security experts say such attacks are increasingly driven by ransomware-as-a-service programs.

Anti-Malware

Spying on Citizens with Malware Aimed to Battle Criminals

Eric Chabrow  •  June 27, 2017

The latest ISMG Security Report leads off with a look at the growing industry of mobile spyware designed exclusively for governments, but often misused to track citizens and activists. Also, Australia's push to get allies to adopt tools to counter encryption.

►

CISO

Insights on Strategic Cybersecurity Investments

Tom Field  •  June 26, 2017

What factors are security leaders weighing today when making decisions about investments to protect their organizations tomorrow? Neustar's Joseph Loveless comments on results of ISMG's new Strategic Cybersecurity Investments Study.

►

CISO

Qualys Customer Is Now the CISO

Tom Field  •  June 26, 2017

A former Qualys customer for more than a decade, Mark Butler is now the company's CISO. And one of his jobs is to help spread the word to other security leaders about the vendor's vulnerability management solutions.

Authentication

British Parliament Targeted by Brute-Force Email Hackers

Mathew J. Schwartz  •  June 26, 2017

Members of Parliament in Britain have had their remote email access suspended following an apparent brute-force hack attempt aimed at exploiting weak passwords to gain access to their accounts. Officials say fewer than 90 email accounts appear to have been breached.

Encryption

Australia Pushes 'Five Eyes' for Tools to Counter Encryption

Jeremy Kirk  •  June 26, 2017

Worried about the use of encryption by terrorists, Australia plans to lobby its key signal intelligence partners at a meeting in Canada for the creation of new legal powers that would allow access to scrambled communications. But Australia says it doesn't want backdoors. So what does it want?

►

Events

WannaCry and the Business of Crimeware

Tom Field  •  June 25, 2017

The business of crimeware is evolving - and so are the exploits that take advantage of unprotected systems. How do security leaders focus on managing their most critical vulnerabilities? Gidi Cohen, CEO of Skybox Security, shares insights.

Breach Response

$115 Million Settlement in Massive Anthem Breach Case

Marianne Kolbasuk McGee  •  June 23, 2017

Health insurer Anthem has agreed to a proposed $115 million deal to settle a class action lawsuit over a 2015 cyberattack that resulted in data breach affecting nearly 78.9 million individuals. If approved, lawyers say it would be the largest data breach settlement ever.

►

Awareness & Training

CISO Thom Langford on Risk and Awareness

Tom Field  •  June 23, 2017

Publicis Groupe CISO Thom Langford discusses how best to measure your organization's true risk appetite and the business value of blending storytelling techniques into your security awareness programs.

►

DDoS

The Weaponization of DDoS

Tom Field  •  June 23, 2017

The Mirai botnet is just the most high-profile example of the new weaponization of DDoS. Attacks are stronger than ever, and multilayer defenses are needed to prevent disruption and distraction, says Darren Anstee of Arbor Networks.

Anti-Malware

The Return of the Luddite: Securing Critical Systems

Eric Chabrow  •  June 23, 2017

The latest edition of the ISMG Security Report leads off with a look at why organizations turn to paper when critical systems can't be secured. Also, how to hack air-gapped systems over the internet.