It's common to say, "The human element is our weakest cybersecurity link." But author and educator James Bone has a different perspective. He weighs in on the human factor and the criticality of modifying enterprise risk management strategies.
As a retired Air Force general and the former federal CISO of the United States, Gregory Touhill is well-versed in critical infrastructure protection and resiliency. Now, as the new director of CMU SEI's CERT division, he has the opportunity to help foster new levels of education and collaboration.
As CISO of Johnson & Johnson, Marene Allison was used to gauging her security posture by the top threat activity: nation-state, cybercrime, insider or hacktivist. But in 2020, they all struck at once. Here is one CISO's take on the state of the industry.
Ireland's privacy regulator has launched an investigation into Facebook after personal information for 533 million of the social network's users appeared for sale online. It will analyze whether Facebook violated the country's data protection law or the EU's General Data Protection Regulation.
Four editors at Information Security Media Group review the latest cybersecurity issues, including Microsoft Exchange server hacks, insider threat management and implementing a "collective defense."
The latest edition of the ISMG Security Report features an analysis of recent “tell-all” interviews with members of ransomware gangs. Also featured: insights on securing IoT devices and mitigating insider threat risks.
Recent research highlights the growth in risky remote work behaviors. Dr. Margaret Cunningham of Forcepoint X-Lab discusses the implications of this increase in insider threats and shares risk mitigation strategies.
A Russian national who conspired to extort millions from electric car manufacturer Tesla by trying to plant malware in the company's network has pleaded guilty to a single federal conspiracy charge, according to the U.S. Justice Department. The FBI thwarted the plot before it could be carried out.
Nearly four years after the WannaCry ransomware hit the world, targeting the EternalBlue vulnerability in Microsoft SMB version 1, security firms say the malware continues to be a top threat detected in the wild by endpoint security products. Why won't WannaCry just die?
Did Russia pass a tough new cryptocurrency law to help authorities recruit or compel criminal hackers to assist the government? That's the thesis of a new report, which notes that the new regulation includes a host of provisions designed to unmask cryptocurrency users' transactions - or else.
Ransomware attacks continue to pummel organizations, but fewer victims have been paying a ransom, and when they do, on average they're paying less than before, says ransomware incident response firm Coveware, which traces the decline to attackers failing to honor their data deletion promises.
Does your organization have a plan in place if one of your employees is accused of being an insurrectionist? If your software was being used to spread plans for a riot, could you detect that? Threat modeling expert Adam Shostack discusses how companies should be prepared to respond to issues in the news.
Among remote workers, senior managers apparently are taking cybersecurity hygiene far less seriously than rank-and-file employees, a recent survey shows. Kathy Ahuja of OneLogin offers an analysis.
A former Cisco engineer has been sentenced to serve two years in federal prison after pleading guilty to charges that he hacked his former company, causing $1.4 million in damages.
Darkside is the latest ransomware operation to announce an affiliate program in which a ransomware operator maintains crypto-locking malware and a ransom payment infrastructure while crowdsourced and vetted affiliates find and infect targets. When a victim pays, the operator and affiliate share the loot.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.