It's crucial for companies to assess and monitor the security of their vendors, suppliers and business partners.
Companies must carefully check their vendors' cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire. But these can be a headache, because...
Organizations can no longer simply hire vendors without proof of a strong cyber posture, and a comprehensive questionnaire can demonstrate that vendors' internal security policies are up to par.
Yet not all questionnaires are the same. The benefits of automated questionnaires can vary, depending on the...
The process of onboarding vendors has become complicated because of concerns about cybersecurity. To prevent data breaches caused by a third party vendor, security professionals demand that vendors demonstrate and maintain a strong cyber posture.
Effectively checking vendors' cyber posture can be extremely...
With the massive shift to telework as a result of the COVID-19 pandemic, shadow IT is becoming a more critical security issue around the world. Security experts offer tips on mitigating the risks involved.
One measure of the popularity of the Zoom teleconferencing software: Cybercrime forums are listing an increasing number of stolen accounts for sale, which attackers could use to "Zoom bomb" calls and push malicious files to meeting participants. Security experts describe essential defenses.
The remote workforce, connected devices, business resiliency - these are new concepts for many midmarket organizations now coping with the COVID-19 crisis. Kristin Judge of the Cybercrime Support Network discusses cybersecurity resources available to guide small and midsized entities.
"Zero trust" could be described as the bumper sticker for cybersecurity in 2020, but what does it actually mean? In a preview of a virtual roundtable discussion, Lisa Lorenzin of Zscaler offers a clear definition and describes how to implement it in the current environment with a growing remote workforce.
As healthcare organizations navigate the COVID-19 crisis, they should take critical steps to improve their security posture and third-party security risk governance, says consultant Brenda Ferraro, the former CISO at Meritain Health, an Aetna subsidiary.
In January, hackers reportedly compromised portions of the New York state government's computer network by taking advantage of an unpatched vulnerability in Citrix enterprise software. Although state officials say no data was compromised, the attack reportedly disabled some state agency information systems.
Before the COVID-19 pandemic, venture capitalist Hank Thomas helped launch SCVX, a cybersecurity-focused special purpose acquisition company. Post-pandemic, Thomas sees a bright future in filling what he sees as the market need for a scalable, integrated platform.
As the COVID-19 crisis continues, healthcare organizations need to ramp up efforts to mitigate the threats posed by cybercriminals who are trying to exploit the chaos, says attorney Jason G. Weiss, a cyber forensics expert and retired FBI agent.
As governments and organizations around the globe rethink their use of the Zoom teleconference platform as a result of ongoing privacy and security concerns, the company is making more system changes and has formed a CISO advisory board.
Gartner analyst Avivah Litan says China is attempting to leverage blockchain technology in the country's COVID-19 recovery. What are the benefits and concerns of this approach, and how should it shape the future use of blockchain?
The latest edition of the ISMG Security Report discusses the cybersecurity challenges posed by the work-at-home shift. Also featured: Tips from NIST on developing remote worker security policies, plus a discussion of the nascent threat of AI meeting assistants.
Patch or perish alert: Less than 20 percent of vulnerable Microsoft Exchange servers have received a fix for a serious flaw that Microsoft first disclosed nearly two months ago, security firm Rapid7 warns. It also found a "concerning number" of Exchange 2007 servers, which Microsoft stopped supporting in 2017.