By applying analytics to user behavior, organizations can better prioritize the actual risks facing their business, thus helping cut through the sheer volume of security alerts they face daily, says Doug Copley, deputy CISO of Forcepoint.
Attackers continue to target enterprise assets both from outside and - too often - inside the corporate perimeter. To help, more organizations are turning to software-defined secure networks, says Mihir Maniar of Juniper Networks.
An analysis of integrity - a core foundation of cybersecurity - in the era of fake news leads the latest edition of the ISMG Security Report. Also, a new initiative aims to help ensure the security of medical devices and financial institutions in New York face new state cybersecurity regulations.
Fooling hackers into giving up traceable information about themselves through "reflective" social engineering is helping researchers curb fraud losses and protect would-be victims, say Dell Secureworks researchers Joe Stewart and James Bettke.
This edition of the ISMG Security Report features updates from RSA Conference 2017 on emerging technologies, the forthcoming White House cybersecurity executive order and Microsoft's call for a "Digital Geneva Convention."
U.S. Rep. Michael McCaul says Washington must accept that we are losing on the global cyber battlefield. But the Homeland Security Committee chairman contends the Trump administration has the opportunity to turn the tide by prioritizing cybersecurity and investing the right resources in partnerships and defense.
A discussion on how the understanding of epidemiology, immunology and genetic research processes can help developers create methods to secure information systems leads the latest episode of the ISMG Security Report. Also featured: insights on strengthening ATM defenses.
For too long, ensuring that code is securely written - and bug free - has been a business afterthought. But there's been new hope for building security into the development lifecycle, thanks to the rise of DevOps, aka rugged software, says Chris Wysopal, CTO of the application security firm Veracode.
In this edition of the ISMG Security Report: An evaluation of the challenges law enforcement faces in using lawful hacking and metadata as an alternative way to collect evidence when cracking an encrypted device is not an option. Also, a look at Trump's revised cybersecurity executive order.
Just like epidemiologists studying disease outbreaks, cybersecurity professionals can benefit from identifying and mitigating certain behaviors, says Dr. Elizabeth Lawler, an epidemiologist who is CEO of Conjur, a data security firm.
We know why phishing works; we know how it works. And yet the schemes still succeed, and they're only getting more effective. How can we stop phishing? Jim Hansen of PhishMe has some ideas, and they just might surprise you.
In this edition of the ISMG Security Report: an analysis of a major fine against a Texas hospital and its implications for how the Trump administration might enforce HIPAA rules. Also, an IRS-related phishing scheme targets businesses.
When Army intelligence specialist Chelsea Manning leaked classified documents to WikiLeaks in 2010, the federal government's security clearance process served as the main defense against malicious insiders. CERT's Randy Trzeciak explains how insider threat defenses have changed since then.
A report on passage by the House of Representatives of a bill aimed at toughening insider threat defenses at the Department of Homeland Security leads the latest edition of the ISMG Security Report. Also, analyzing the use of blockchain technology to secure healthcare data.
Cybersecurity strategies developed for data-centric information technology are not necessarily suitable for protecting operational technology, where availability, rather than confidentiality, is the key security concern, says Vikram Kalkat of Kaspersky Lab.