Troy Leach of the PCI Security Standards Council says data security standards are not failing; they just aren't being applied continuously. And conformance with the Payment Card Industry Data Security Standard is just one piece of the puzzle.
As financial institutions update their defenses in light of new types attacks - from scams to network-penetrating cyber-attacks - they need to ensure they factor in all of the ways that their systems and employees might be targeted or manipulated.
Declaring a national emergency over hack attacks, President Obama signed an executive order authorizing the government to impose sanctions on hackers. But information security experts voice questions - and concerns.
Some legal and security experts are questioning the potential effectiveness of President Obama's new executive order that allows the U.S. government to block or seize the assets of individuals suspected of launching significant cyber-attacks
As more mega-breaches occur, cyber-insurers will more closely assess the security risks of potential clients, leading more organizations to improve their information security programs, attorney John Yanchunis predicts.
Psychologically speaking, nothing beats the power of a well-timed deadline. And love it or hate it, Google's 90-day "Project Zero" deadline for fixing flaws - before they get publicly disclosed - has rewritten bug-patching rules.
A former systems administrator at a Romanian financial services institution has been extradited to the U.S. and charged with orchestrating an international hacking scheme that included attacks on medical offices, retailers and security firms.
Target Corp.'s pending settlement of a consumer class action lawsuit is more about public relations than compensating victims, some observers say. But will it have an impact on a pending suit filed by banks?
Web.com won't confirm or deny that its Register.com subsidiary, which manages more than 2 million domain names, has been breached. But a news report claims the FBI is investigating a year-old intrusion.
Microsoft has revoked a fraudulent SSL digital certificate issued in the name of its Finnish Windows Live service. But security experts warn that some software may "trust" the certificate for years, so it could be exploited in phishing campaigns.
Experts analyze a news report that the investigation into the hack attack against JPMorgan Chase could result in criminal charges being filed in the "coming months" because investigators believe at least some suspects can be extradited.
More hackers are holding data for ransom, demanding everything from bitcoins to the shutdown of nuclear reactors, under the threat of leaking sensitive information. But it's not clear how many such attacks generate revenue for attackers.