Tod Beardsley, director of research, Rapid7 (Photo: Mathew Schwartz)

Cyberattack Risk: Scans Find Big Businesses Exposed

Mathew J. Schwartz • June 12, 2019

Britain's biggest businesses continue to inappropriately expose servers and services to the internet, putting the organizations and data at risk, according to a study by Rapid7. Tod Beardsley describes the findings, including a widespread lack of phishing defenses as well as cloud misconfigurations.

►

Application Security

After 2 Years, WannaCry Remains a Threat

Latest

Governance

How Organizations Can Reduce Their Data Risk Footprint

Scott Ferguson • June 14, 2019

Data in non-production environments represents a significant percentage of total enterprise data volume. Non-production environments also carry more risk than production environments because there are more direct users, says Ilker Taskaya of Delphix, who discusses how organizations can reduce that risk.

Endpoint Security

Alerts: Some BD Infusion Pumps Vulnerable to Remote Attacks

Marianne Kolbasuk McGee • June 14, 2019

Medical device vendor Becton Dickinson and U.S. federal regulators have issued security alerts about vulnerabilities that potentially put certain infusion pump products from the manufacturer at risk for remote hacker attacks.

Cybercrime

10 Highlights: Infosecurity Europe 2019 Keynotes

Mathew J. Schwartz • June 14, 2019

Data breaches, incident response and complying with the burgeoning number of regulations that have an information security impact were among the top themes at this year's Infosecurity Europe conference in London. Here are 10 of the top takeaways from the conference's keynote sessions.

Cybercrime

Assange Extradition Hearing Won't Occur Until February

Scott Ferguson • June 14, 2019

A British judge has determined that an extradition hearing for WikiLeaks founder Julian Assange won't be held until next February. The U.S. is asking for the extradition so Assange can face espionage charges.

Fraud Management & Cybercrime

Instagram Shows Kids' Contact Details in Plain Sight

Jeremy Kirk • June 14, 2019

Tens of thousands of minors on Instagram expose their email addresses and phone numbers, which child-safety and privacy experts say is worrisome. The kids have turned their profiles from personal ones to business ones, which Instagram mandates must have contact details. But is that appropriate for a child?

3rd Party Risk Management

A CISO Offers Third-Party Risk Management Tips

Suparna Goswami • June 14, 2019

An essential component of a vendor risk management program is to understand how an organization's risk posture changes when a new vendor is added - especially if they have subcontractors, says Jagdeep Singh, CISO at InstaRem, a Singapore-based fintech company.

Cybercrime

Analysis: The Cybersecurity Risks Major Corporations Face

Nick Holland • June 14, 2019

The latest edition of the ISMG Security Report features a deep dive into an analysis of the cybersecurity risks that publicly traded companies face. Plus: Was the band Radiohead hacked? And what's unusual about the proposed Premera Blue Cross breach lawsuit settlement?

Geo Focus: The United Kingdom

Fusing Security With Digital Transformation for SMBs

Nick Holland • June 13, 2019

Digital transformation impacts the way that organizations deal with cybersecurity risk, says Tim Wilkinson of Avast Business, who provides advice how to place security at the center of the transformation.

Training & Security Leadership

Addressing the Human Element in Cybersecurity

Nick Holland • June 13, 2019

James Mackay of MetaCompliance explains techniques for educating and motivating employees to be more aware of cyber risks.

Artificial Intelligence & Machine Learning

Empower Employees While Preventing Insider Data Breaches

Mathew J. Schwartz • June 13, 2019

Carelessness, a lack of security awareness, unclear data ownership and poor toolsets are root causes of insider breaches, says Tony Pepper, CEO of Egress, which recently surveyed CISOs and employees to trace the cause of insider breaches resulting from both intentional and unintentional loss.

Endpoint Security

Top Drivers for Privileged Account Management

Mathew J. Schwartz • June 13, 2019

When it comes to drivers for implementing and maintaining privileged access management programs, Wallix's Grant Burst says that demonstrating compliance and safety remain top priorities. Another driver, he says, is the sheer interconnectedness of devices - driven by the rise of IoT.

Fraud Management & Cybercrime

Best Practices for Session-Based Fraud Detection/Prevention

Mathew J. Schwartz • June 13, 2019

Numerous industries, including financial services, rely on transaction-based controls to help spot and block fraud. But increasingly, organizations are also using session-based fraud detection and prevention as an "early warning" alert system, says Kaspersky's Tim Ayling.