Latest

Anti-Malware

Microsoft Brings Defender ATP Platform to macOS

Jeremy Kirk  •  March 22, 2019

A decade or more ago, this would have been unthinkable: Microsoft developing an anti-malware platform for macOS. But Windows Defender ATP is now available for Macs via a limited preview. Microsoft says the move will help protect customers running non-Windows machines.

Awareness & Training

Norsk Hydro's Ransomware Headache

Nick Holland  •  March 22, 2019

The latest edition of the ISMG Security Report discusses the recent ransomware attack on aluminum giant, Norsk Hydro. Plus, confessions of a former LulzSec and Anonymous hacktivist, and the growing problem of cyber extortion.

3rd Party Risk Management

Email Server Migration Incident Impacts 277,000

Marianne Kolbasuk McGee  •  March 21, 2019

An incident involving a third-party vendor migrating a server containing archived email of a medical device provider has resulted in a reported health data breach impacting more than 277,000 individuals. What went wrong?

►

Governance

Mitigating the Insider Threat at Scale

Tom Field  •  March 21, 2019

Enterprises are getting wiser to understanding the insider threat. But mitigating it? That remains a challenge - especially at a large scale. Mohan Koo of Dtex Systems talks about how to blend human and data analytics to address the challenge.

Data Breach

Report: Facebook Stored Millions of Passwords in Plaintext

Scott Ferguson  •  March 21, 2019

Facebook has corrected an internal security issue that allowed the company to store millions of user passwords in plaintext that were then available to employees through an internal search tool.

►

Fraud Management & Cybercrime

The Art of the Steal: Why Criminals Love Cyber Extortion

Mathew J. Schwartz  •  March 21, 2019

Criminals continue to target organizations and individuals with extortion schemes, in part via such cybercrime schemes as infecting targets with Ryuk and GandCrab ransomware, say Raj Samani, chief scientist of McAfee, and John Fokker, McAfee's head of cyber investigations.

►

Awareness & Training

Beyond Phishing: The New Face of Cybersecurity Awareness

Tom Field  •  March 21, 2019

As CEO of Terranova Security, an awareness training provider, Lise Lapointe sees an evolution of education programs that used to be merely phishing simulation tests. What are the most effective forms of training?

Endpoint Security

North Carolina County Suffers Repeat Ransomware Infections

Scott Ferguson  •  March 21, 2019

Attackers have hit North Carolina's Orange County with ransomware for the third time in six years. Government officials say IT teams have been working overtime to restore systems, and that no data has been lost.

►

Education

Culture Change and Awareness: CSOs' Ultimate Duty

Mathew J. Schwartz  •  March 21, 2019

The ultimate responsibility of every CSO and CISO is to foster culture change and awareness, because that is every organization's single greatest data security and physical security control, says Andrew Rose, CSO of Vocalink, which is a MasterCard company.

Cybercrime

Former Hacktivist: Why Persistence Is Key

Scott Ferguson  •  March 20, 2019

At ISMG's Fraud Summit in New York, former Black Hat hacker and hacktivist Hector Monsegur explains why security executives need to listen to people like him and why attackers simply won't go away.

►

Cybersecurity

Bot-Driven Credential Stuffing Attacks

Varun Haran  •  March 20, 2019

The threats from bad bots and the consequences of ignoring them continue to rise, says Patrick Sullivan, global director of security at Akamai.

►

Cybersecurity

Securing the Hyper-Connected Enterprise

Tom Field  •  March 20, 2019

In today's hyper-connected enterprise, organizations are at risk of two different types of attack. Larry Link, CEO of Cequence Security, explains how to defend at a platform level - without adding friction.