The Verizon 2016 Data Breach Investigations report finds malware, ransomware and phishing attacks are more common than ever and creating even more damage. Organizations are continuing to get exploited via vulnerabilities that are months or even years old, forensics expert Laurance Dine explains in this interview.
Five new payment card data security requirements for third-party service providers are among the most significant changes included in version 3.2 of the PCI Data Security Standard released April 28, says Troy Leach of the PCI Security Standards Council.
The most important lesson from the lawsuit electronic health records vendor Epic Systems filed against Tata Consultancy Services is that data security controls must extend beyond protecting personally identifiable information to include intellectual property, attorney Ron Raether explains in this audio report.
"Internet of Things" developers must think about how attackers might attempt to exploit a device, and why, and then write code designed to block such attacks, says Charles Henderson, IBM's global head of security testing and threats.
U.S. merchants of all sizes - not just smaller retailers - have seen significant increases in chargebacks in the wake of the Oct. 1, 2015, EMV fraud liability shift date, Liz Garner, vice president of the Merchant Advisory Group, contends in this in-depth interview.
Only 23 percent of surveyed organizations can respond effectively to a cybersecurity incident. This is among the findings of Solutionary's fourth annual Global Threat Intelligence Report. Researcher Rob Kraus discusses the security gaps.
What steps can organizations take to help ensure they're not the next victim of a ransomware attack? Technology expert Craig Musgrave of The Doctors Company, which offers cyber insurance, identifies the top priorities.
Today's distributed enterprise faces two key challenges: Provide top-notch cybersecurity and ensure a seamless user experience. Paul Martini, CEO and co-founder of iboss Cybersecurity, discusses a new strategy designed to meet both goals.
At a time when workers use more apps than ever to do their jobs - and from more locations and devices than ever - traditional IAM is simply not sufficient, says David Meyer of OneLogin. Cloud-Based IAM is what organizations truly need.
A new coalition of leaders from government, industry and privacy advocacy groups hopes to help provide a framework for reaching a consensus on how to use IT to ensure society's security while protecting individuals' privacy, says Art Coviello, an organizer of the new Digital Equilibrium Project.
MedStar is but the latest healthcare entity to fall victim to a ransomware attack. What can organizations do proactively to improve their ransomware defenses and response? PhishMe CEO Rohyt Belani offers insight.
David Finn, a former healthcare CIO, says he agreed to join a new Department of Health and Human Services cybersecurity task force because he supports its mission of involving representatives of all healthcare sectors in the effort to tackle challenges. In this interview, he outlines key security issues.
Many organizations both misunderstand and underestimate the power and scale of today's DDoS attacks, says Darren Anstee of Arbor Networks. And these lapses may be negatively impacting enterprises' DDoS defense.
PCI DSS 3.1 is scheduled to become effective as of June 30, 2016, and with that comes several changes - and challenges for security professionals. In an interview, Dell's Tim Brown discusses why network security is instrumental to ultimately meeting PCI DSS 3.1.