The Need for Systems Thinking in Cybersecurity

Brian Barnier • October 26, 2021

In preparation for the relaunch of ISMG’s education platform, CyberEd.io, Ron Ross of the National Institute of Standards and Technology and Brian Barnier, who is designing a course on critical thinking and design thinking, discuss the need for reorienting toward systems thinking in cybersecurity.

Cybercrime

Positive Security: Inspiring Behavioral Change at Workplace

Profiles in Leadership: Dr. Frances Undelikwo, Fidelity Bank

Identity & Access Management

Silicon Valley VC Firm Leaked 'Deal Flow' Data

Governance & Risk Management

Securing Digital Transformation for Legacy Systems

Latest

Breach Notification

Why Healthcare Entities Fall Short Managing Security Risk

Marianne Kolbasuk McGee • October 27, 2021

Why do so many HIPAA -covered entities and their vendors do such a poor job managing security risk and safeguarding patient's protected health information? Many critical factors come into play, say Roger Severino, ex- director of HHS OCR, and Bob Chaput, founder of security consultancy Clearwater.

3rd Party Risk Management

Defending Against Open-Source Supply Chain Attacks

Anna Delaney • October 26, 2021

Findings from CyberTheory's 2021 Third Quarter Review indicate that criminals are exploiting the open-source supply chain, and those exploits are proving much more difficult to identify, defend and stop in terms of complexity and depth than we've seen before, says CyberTheory's director, Steve King.

Cryptocurrency Fraud

CoinMarketCap: No Breach Despite 3.1M Email Address Leak

Jeremy Kirk • October 25, 2021

CoinMarketCap says it has found no evidence of a data beach despite the circulation of a list of 3.1 million email addresses that correlates with accounts on its service. Regardless of the source, the list would be useful for attackers to launch phishing attacks against those interested in cryptocurrency.

Governance & Risk Management

Troublemaker CISO: Do You Know What You Should Be Doing?

Ian Keller • October 25, 2021

In his second Rant of the Day for the CyberEdBoard Profiles in Leadershop blog, Ian Keller, security director at Ericsson and CyberEdBoard executive member, talks about what a CISO does - and what a CISO should do.

Blockchain & Cryptocurrency

ISMG Editors’ Panel: Regulators Get Tough on Crypto Firms?

Anna Delaney • October 22, 2021

In the latest weekly update, four ISMG editors discuss: a federal judge imposing the maximum sentences on a hacker who pleaded guilty to conspiracy and aggravated identity theft, regulators getting tougher on cryptocurrency lending platforms and the return to in-person roundtables.

Leadership & Executive Communication

Profiles in Leadership: Wouter Veugelen of Oil Search Ltd

Jeremy Kirk • October 22, 2021

It's often noted that some view cybersecurity as putting the brakes on business. But it's actually the opposite, says Wouter Veugelen, CISO of Oil Search Ltd.

3rd Party Risk Management

Ransomware Warning: Are Businesses Stepping Up?

Anna Delaney • October 22, 2021

The latest edition of the ISMG Security Report features an analysis of whether businesses are stepping up their ransomware defenses in response to several warnings released by the U.S. and U.K. governments highlighting the threat posed to infrastructure. Also featured are the Thingiverse data breach and airline fraud...

Endpoint Security

Why Reporting Security Bugs Can Be Fraught With Tension

Jeremy Kirk • October 20, 2021

Reporting security vulnerabilities to organizations with no disclosure policies can be fraught with tension. In the worst conflicts, security researchers could face lawsuits or even prosecution. Some experts say laws should provide a safe harbor for responsible security research.

Critical Infrastructure Security

Preparing for Ransomware Attacks in the Education Sector

Anna Delaney • October 19, 2021

A spate of ransomware incidents affecting the education sector has led to the loss of student coursework, financial records and data relating to COVID-19 testing. Matthew Trump, senior IT security officer for the University of London, U.K., outlines incident response strategies.

Business Continuity Management / Disaster Recovery

BlackMatter Ransomware Defense: Just-In-Time Admin Access

Mathew J. Schwartz • October 19, 2021

How many ways do U.S. businesses need to be told to lock down their systems to safeguard themselves from ransomware? That's the focus of a new, joint cybersecurity advisory from the U.S. government pertaining to BlackMatter, following an advisory issued last month about Conti.

Breach Notification

Accenture: Ransomware Attack Breached Proprietary Data

Mathew J. Schwartz • October 18, 2021

Accenture says an online attack against it that it first disclosed in August resulted in "the extraction of proprietary information by a third party, some of which was made available to the public by the third party." The LockBit 2.0 ransomware operation has taken credit for the attack and dumping data.

Breach Notification

Thingiverse Breach: 50,000 3D Printers Faced Hijacking Risk

Jeremy Kirk • October 18, 2021

A data breach affecting MakerBot's Thingiverse 3D printing repository website is far bigger than what the company has acknowledged, a former employee claims. Upwards of 2 million users may have been affected by the breach, which left their 3D printers at risk of being hijacked.