Thom Langford, CISO of Publicis Groupe, says all companies should consider two essential elements when crafting an incident response plan: strong legal representation and a communications plan that considers both internal and external messaging.
The U.S. Justice Department has identified at least six members of the Russian government that investigators believe orchestrated last year's hack of Democratic National Committee computers and dumping of stolen information and may file charges next year, the Wall Street Journal reports.
Malaysia is grappling with a sweeping data breach that exposed 46 million mobile phone records, job seeker profiles and data from medical organizations. The breach, which may have occurred in 2014, is the largest Malaysian breach to ever become public.
To help prevent breaches caused by third parties, organizations need to improve their vendor risk evaluation methods, carefully assessing their business partners' processes and risk mitigation methods, says Anuj Tewari, CISO of HCL Technologies.
The latest edition of the ISMG Security Report leads with an analysis of a British parliamentary probe into the WannaCry ransomware attack on England's National Health Service. Also featured: a discussion of cyber threats posed by outdated industrial systems.
Former Trump campaign aide George Papadopoulos learned that Russia had thousands of pilfered emails containing "dirt" on Hillary Clinton three months before they appeared online, according to court documents.
Security officials at Britain's biggest airport have been left scrambling after a USB stick that reportedly contained sensitive information was found on a London street. Heathrow Airport says it has launched an investigation and is working with London's Metropolitan Police.
The National Health Service in England should have been able to block the "unsophisticated" WannaCry ransomware outbreak, U.K. government auditors have found. Security experts say the findings should be studied by senior executives across all industries to "learn from the mistakes of others."
Much of the world's critical infrastructure gets controlled by ICS or SCADA systems. But passive network traffic analysis by industrial control system security firm CyberX found vulnerable protocols, widespread Windows XP use and other concerns.
If Eugene Kaspersky had attended Wednesday's House hearing on the risk his company's anti-virus software poses to the U.S. federal government, he would have faced an unfriendly reception. But Kaspersky wasn't invited, although the panel may "entertain" the possibility of inviting him to a future hearing, according to...
DataBreachToday Executive Editor Mathew J. Schwartz's examination of the growing threats facing the critical energy sector leads the latest edition of the ISMG Security Report. Also in this report: A discussion of safeguarding the telehealth marketplace.
Security companies are warning that a global attack using compromised IoT devices may be coming soon. Check Point says one million organizations are running a device infected with IoTroop, also known as Reaper, which is botnet code that perhaps is related to Mirai but spreads in a much different way.