Latest

Encryption & Key Management

Sen. Wyden Asks NIST to Develop Secure File Sharing Standards

Scott Ferguson  •  June 25, 2019

U.S. Sen. Ron Wyden, D-Ore., is urging the National Institute of Standards and Technology to create new standards and guidelines for individuals and organizations to securely share sensitive documents online. He contends current security measures are inadequate.

Identity & Access Management

The Evolution of IAM in the Cloud

Geetha Nandikotkur  •  June 25, 2019

More organizations are deploying single sign-on mechanisms when they move to software-as-a-service applications to help enhance authentication and control access, says Moshe Ferber, chairman of the Israeli chapter of the Cloud Security Alliance.

Cybercrime

Alleged AlphaBay Moderator Faces Racketeering Charge

Scott Ferguson  •  June 24, 2019

An alleged moderator of the AlphaBay underground marketplace has been indicted for facilitating sales on the darknet site before law enforcement shut it down.

3rd Party Risk Management

Developing a Robust Third-Party Risk Management Program

Suparna Goswami  •  June 24, 2019

Too many organizations around the world take a "bare minimum" approach to third-party risk management, says Jonathan Ehret, founder of the Third Party Risk Association, who offers risk mitigation insights.

3rd Party Risk Management

NASA's Jet Propulsion Lab a Frequent Hack Victim: Audit

Scott Ferguson  •  June 21, 2019

Hackers have repeatedly stolen valuable data - including launch codes and flight trajectories for spacecraft - from NASA's Jet Propulsion Laboratory in recent years, according to a new inspector general audit, which describes weak security practices.

►

Cybercrime

Hacked With Words: Email Attack Sophistication Surges

Mathew J. Schwartz  •  June 21, 2019

The early days of email attacks - so much noise in the form of malware, spam and links - have given way to attacks that often rely on little more than words, and email gateways often struggle to arrest social engineering ploys, says Michael Flouton of Barracuda Networks.

►

Fraud Management & Cybercrime

Life Beyond Blocking: Adopting Behavior-Based Cybersecurity

Mathew J. Schwartz  •  June 21, 2019

Many cybersecurity tools are designed to block or allow specific activities based on prescribed rules, but with insider breaches continuing, enterprise protection also requires real-time reaction to actual user behavior, says Carl Leonard of Forcepoint.

►

Privileged Access Management

Privileged Attack Vectors: Key Defenses

Mathew J. Schwartz  •  June 21, 2019

Attackers crave insider-level access to IT infrastructure and regularly target insiders - and especially administrators- to steal their credentials, says BeyondTrust's Karl Lankford, who advises organizations to ensure they manage, monitor and audit all privileged access.

►

Identity & Access Management

Mitigating Insider Threats With IAM

Nick Holland  •  June 21, 2019

Provisioning and deprovisioning employee credentials is a critical component of mitigating insider threats, says Andrew Clarke of One Identity, who discusses the importance of identity and access management.

►

Governance

The Role of DNS in Cybersecurity

Nick Holland  •  June 21, 2019

DNS is cybersecurity's best-kept secret for eliminating threats, says Stuart Reed of Nominet, who explains the value of analyzing traffic.

►

Training & Security Leadership

Filling the Cybersecurity Skills Gap

Nick Holland  •  June 21, 2019

Gamification can play an important role in addressing the cybersecurity skills shortage, says Giovanni Vigna of Lastline.

Governance

Migrating to the Cloud: Top Security Lessons

Marianne Kolbasuk McGee  •  June 21, 2019

When migrating systems, data and applications to the cloud, a critical security step is to involve compliance auditors in the process as early as possible, says Thien La, CISO at Wellmark Blue Cross Blue Shield. He'll be a featured speaker at ISMG's Healthcare Security Summit on June 25 in New York.