The city of Atlanta's ransomware outbreak cleanup and response tab has hit $2.6 million after a March attack froze corporate servers, employees' PCs and resident-facing portals. Some security experts say the breach response funds would have been put to better use preventing the outbreak in the first place.
One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
What can be done to address the shortage of personnel to fill the ever-expanding roster of cybersecurity jobs - from entry-level positions through the CISO role? (ISC)2's John McCumber describes organizational and governmental efforts to lower barriers to entry and build tomorrow's workforce.
Corporate espionage appears to be the motive behind cyberattacks targeting a variety of medical-related equipment and systems, researcher Jon DiMaggio of Symantec says in an in-depth interview about the activities of a hacker group the company has dubbed "Orangeworm."
Great news: "SunTrust to offer free identity protection ... at no cost on an ongoing basis." Of course, nothing comes for free, at least for 1.5 million customers of the Atlanta bank, whose personal details may have been sold to criminals by a former employee.
For years, Dawn Cappelli studied and wrote about the insider threat. Then she went to Rockwell Automation and built an insider program. She discusses the program's success and her expanded role as vice president and CISO.
As the world prepares for GDPR enforcement, a new Privacy Maturity Benchmark study finds that 65 percent of respondents say their organizations experience sales delays because of data privacy issues. Cisco's Michelle Dennedy outlines the concept of data friction.
The average tenure of a CISO can be brief - especially in the wake of a breach. What should security leaders do from day one to get a good handle on the job? Joel de la Garza, CISO of Box, offers career advice.
Incident response is a critical pillar of an effective endpoint security program, one that will gain importance as GDPR enforcement comes into play on May 25. Organizations must be ready to react if and when an incident occurs in order to meet the stringent requirements that apply during an incident.
As corporate information silos fall, traditional approaches to governance, risk and compliance are giving way to the new category of integrated risk management solutions. Vivek Shivananda, CEO of Rsam, discusses the evolution.
Taking a threat-centric approach - trying to defend against every threat out there - is a recipe for failure in the current threat landscape, says RSA CTO Zulfikar Ramzan, who advocates a business-driven approach instead.
"Digital transformation" is the theme of the year, but it comes with specific cybersecurity challenges - and they put a new burden squarely on the shoulders of the CISO, says Fortinet's Jonathan Nguyen-Duy.