Gartner's Avivah Litan, a featured speaker at ISMG's Fraud and Breach Prevention Summit in New York on Aug. 8, says hacker attribution is taking on new importance, as traditional methods of determining attack risk and detection linked to indicators of compromise are no longer effective.
Some experts say a federal appeals court's overturning of a lower court's decision to dismiss a class action lawsuit filed against health insurer CareFirst in the wake of a cyberattack could be precedent-setting.
As financial organizations deploy artificial intelligence and machine learning in the fight against money-laundering fraud, David Stewart of SAS offer tips to help separate fact from market hype when reviewing new data analytics tools.
Britain's home secretary claims that "real people" don't really want unbreakable, end-to-end encryption - they just like cool features. Accordingly, she asks, why can't we just compromise and add backdoors, thus breaking crypto for everyone?
Vendors that provide the U.S. government with internet-connected devices would need to ensure they can be patched, don't include hard-coded passwords that can't be changed and are free of known security vulnerabilities, according to a new, bipartisan Senate bill.
FireEye has confirmed that one of its Mandiant breach investigation employee's personal laptops was breached by hackers, and corporate data dumped. The hackers say the leak is the first in a series of "Operation LeakTheAnalyst" attacks against cybersecurity researchers.
Hackers have struck Hollywood again, claiming HBO as their latest victim. So far, some unaired programming has been leaked online, as have details relating to a forthcoming "Game of Thrones" episode - but no actual episodes.
A look by DataBreachToday Executive Editor Mathew J. Schwartz at the human element behind malware leads the latest edition of the ISMG Security Report. Also, changes in the U.S. government's healthcare breach reporting website known as the "Wall of Shame."
Most large organizations at least pay lip service to breach preparedness. But when it comes to proper policies, planning and practice, far too many still fall short, says Stuart Mort of the Australian telecommunications firm Optus. Here's what they are overlooking.
Penetration tests can reveal holes in an organization's security. But framing the scope of a penetration test can be challenging, and good results don't necessarily mean 100 percent security. says attorney Kay Lam-MacLeod.
To battle Russian hackers, Microsoft has moved to strip them of their malicious infrastructure. To do so, however, the technology giant isn't hunting the attackers down. Instead, it's taking them to court. Two cybersecurity attorneys rate Microsoft's efforts.
When it comes to risk, attorney Mark Doepel sees what he describes as "high cyber awareness, but low cyber literacy" among senior business leaders. But as nations adopt new breach legislation, boards and C-suites need to develop a deeper, granular understanding of risk - and fast.
Australia's mandatory data breach notification law, which goes into effect next February, brings a host of new requirements. Gordon Hughes, an attorney and data protection expert, discusses what organizations need to be aware of ahead of its implementation.
While the power grid malware unleashed against Ukraine could be repurposed to attack other grids, "it's not to the point yet where people should be freaking out or building bunkers or anything silly like that," says Robert M. Lee, who heads industrial cybersecurity firm Dragos.