A U.K. Information Commissioner's report on its investigation into a 2015 TalkTalk breach offers essential information security takeaways for any organization that wants to avoid being breached, says David Stubley of 7 Elements.
Advanced threats are multi-layered and borderless - and so are today's enterprises. These are among the factors pushing organizations to adopt the Intelligent Hybrid Security approach, says Anil Nandigam of NSFOCUS.
The transition to a new presidential administration makes forecasting for HIPAA enforcement activity in 2017 difficult, says privacy attorney David Holtzman of the consultancy Cynergistek, who sizes up what the HHS Office for Civil Rights might do this year.
As the Trump administration begins, expect a ramp-up in cyber espionage as well as more "test attacks" by nation-states, says cybersecurity specialist Brad Medairy of the consultancy Booz Allen Hamilton.
In addition to announcing sanctions against Russia for election-related cyberattacks, the Obama administration has declassified technical information on Russian intelligence services' malicious cyber activities in an effort to help thwart additional attacks.
An analysis of a National Institute of Standards and Technology initiative to identify algorithms that could defend encryption against attacks from quantum computers leads the latest edition of the ISMG Security Report. Also featured: An update on new FDA guidance on cybersecurity for medical devices.
Now that more breaches are targeting industrial control systems, organizations that have paid little attention to operational technology security must ramp up their protection efforts, says breach response expert Christopher Novak of Verizon.
Because cyber threats are becoming increasingly sophisticated, bolstering employee and customer awareness and training about ransomware, phishing and other cyber risks must be a top priority in 2017, says Curt Kwak, CIO of Proliance Surgeons.
Will more "historical" breaches be revealed in 2017 and beyond? Data breach expert Troy Hunt is optimistic that such revelations will become rare as large businesses operating online continue to improve security. But what about small and mid-size organizations?
With the rise of malware infecting IoT devices, DDoS defenders "have to assume that the attackers have an unlimited supply of machines that they can compromise," says Akamai's Michael Smith. But quarantines, ISP feedback loops and better patch management can bolster defenses.
President-elect Donald Trump names Thomas Bossert as assistant to the president for homeland security and counterterrorism. He'll help lead the shaping of the incoming administration's cyber doctrine and will bring extensive experience to the job, say people who know him.
Security software often generates so many warnings that it can be difficult to figure out which ones are the most serious. How can one differentiate good intelligence from bad? John Watters, founder of iSight Partners, discusses how to separate the signal from the noise.
In this special edition of the ISMG Security Report, DataBreachToday Executive Editor Mathew Schwartz discusses the Russian groups behind damaging hacks against the U.S. and Strategic Cyber Ventures CEO Tom Kellermann details cyberthreats posed by the West's nation-state adversaries.
Cyber espionage groups are using unconventional channels to hack target organizations, according to Mandiant' s latest research. Trusted service provider relationships are being exploited to compromise organizations in government and defense, says Rob van der Ende, Mandiant's vice president for Asia Pacific and Japan.