When creating a security action plan, not enough organizations include provisions for communicating with the police, says Kenrick Bagnall, a detective constable in the cybercrime unit of the Toronto Police Service.
Craig Gibson of Trend Micro has spent more than a decade researching the topic of security orchestration. He offers tactical advice for how organizations can best deploy their human resources to best maximize security across the enterprise.
In North America, many organizations mistakenly believe the European Union's General Data Protection Regulation won't impact them, says Robert Mills of the Information Security Forum. "If they are multinational and holding EU data, it does apply to them," he points out.
Most organizations are good at collecting threat intelligence, but they struggle to operationalize it - and especially to use it for threat attribution. Arbor Network's Paul Bowen tells where organizations are commonly missing the mark.
Given the current threat environment, it's urgent that organizations add technical experts to their boards of directors to help ensure the development of effective cybersecurity strategies, says Art Coviello, retired chairman of RSA.
Canada led North America in EMV adoption, and now it is seeing a commensurate growth in card-not-present fraud. Gord Jamieson of Visa Canada describes how Visa is responding to this latest wave of CNP fraud.
Equifax is disputing Bloomberg's report that it suffered an undisclosed data breach, discovered in March, that predates the massive breach that began in May. Instead, Equifax says the March incident involved its payroll service and that it notified all victims and required regulators.
Many recent data breaches, including the Equifax incident, show that "applications are really the vulnerable entry point into organizations and ultimately to organizations' data," says Alex Mosher of CA Technologies.
For one month, the installer for a widely used, free Windows utility called CCleaner also installed a malicious payload that was designed to allow attackers to push additional malware onto infected PCs, warns Cisco Talos. Developer Piriform, owned by Avast, has released updates that expunge the malware.
Pressure continues to mount on credit reporting bureau Equifax over its massive data breach. In its wake, Equifax announced that its CIO and CSO would "retire" immediately and said that the Apache Struts flaw exploited by attackers was known to the security team.
The U.S. Treasury Department has announced sanctions against 11 individuals and organizations linked to Iran, some of whom have been accused of helping to launch distributed denial-of-service attacks against dozens of U.S. banks from 2011 to 2013.
Researchers in Australia says they've conquered a thorny problem: how to view information stored on multiple air-gapped networks at the same time without security or usability concerns. They've created a device, called the Cross Domain Desktop Compositor, that's been tested by the Australian Department of Defense.
The arrest of 10 men in Uttar Pradesh for allegedly cloning fingerprints of authorized Aadhaar enrollment officers is once again stirring debate over whether it's wise for India to rely so heavily on Aadhaar for authentication.
Equifax made an error that led to one of the largest and most sensitive data breaches of all time, and the mistake was elementary: The credit bureau failed to patch a vulnerability in Apache Struts - a web application development framework - in a timely manner.