As the level of cyber-risk faced by organizations of all shapes and sizes grows every year, security ratings services have emerged as important tools to help companies assess the level of risk imposed by their vendors as well as quantify their own security performance.
However, as the market matures and new...
Software integrations, open APIs, and data sharing between different businesses are a staple of the modern digital organization. Unfortunately, as organizations increase their digital footprint across numerous third-party and fourth-party relationships, their risk of downstream data breaches multiplies. These ripple...
63% of data breaches are caused by third-party, yet most organizations treat their vendors like internal employees when it comes to remote access. Because of this, the average organization spends endless hours and resources investigating incidents and pulling together reports, which only compounds the problem. Data...
Organizations should develop a comprehensive strategy for managing third-party security risks and avoid over-reliance on any one tool, such as vendor security risk assessment, monitoring or ratings services, says analyst Jie Zhang of Gartner.
Currently employed technologies don't provide a complete, real-time view of cybersecurity risk. Instead, they leave security teams with point-in-time assessments that require them to cobble together data from disparate systems to truly understand the organization's security posture.
A new approach is needed that...
A survey of more than 200 security leaders has shown that enterprise security teams spend an average of 36% of their time manually producing reports, yet 89% of these organisations have concerns on lack of visibility and insight into trusted data.
The need of the hour is to unify security and IT data from different...
Sen. Maggie Hassan, D-N.H., is demanding that the U.S. Government Accountability Office review how the Department of Homeland Security shares personal data with contractors following several recent security incidents in which such information was exposed.
Agile environments benefit from development platforms and open-source software, but that also raises the risks of attacks seeded in those supply chains, says Chet Wisniewski of Sophos, who describes steps that organizations can take to mitigate the risks.
Certain types of attacks are straightforward and easy to understand. Email phishing tries to trick users into opening a link or entering their credentials. DDoS attacks flood websites with so much traffic that the real communications can't get through.
Other network attacks are more difficult to understand. The...
Bad actors are constantly looking for ways to hack into organizations. They hunt for vulnerabilities on websites, exposed data servers in the cloud, and systems that are connected directly to the Internet with little or no protection. Organizations need to understand their attack surface - all of the ways that their...
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
Large or small, enterprises from all sectors are dealing with the same vulnerabilities in open source code. The difference: the scale of the problem. DJ Schleen of Sonatype discusses insights from the latest ISMG roundtable dinner.
What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.
Significant security events have many techniques in common, says Chris Hallenbeck of Tanium, who describes why security hygiene improvement, especially patch management, is so essential.
The latest edition of the ISMG Security Report analyzes Twitter's repurposing of user phone numbers for targeted advertising. Plus: A discussion of 5G security issues and findings of the Internet Organized Crime Threat Assessment.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
