Rare, massive data breaches don't necessarily pose the greatest risk to organizations, according to a new study co-authored by Google researchers. Also beware of quiet pedestrian schemes - think phishing, keyloggers - and attack tactics unchanged since the mid-2000s.
All U.S. publicly traded companies should review how they internally disseminate breach information and expect to see revised cybersecurity guidance, says William Hinman, the director of corporation finance for the U.S. Securities and Exchange Commission.
The former CEO of Yahoo, which has had 3 billion records exposed in a 2013 data breach, testified at a Senate hearing that it's tough for any corporation to defend against nation-state backed cyberattacks. That led senators to grill Marissa Mayer about the security steps Yahoo had taken.
Former Yahoo CEO Marissa Mayer may have envisioned spending her post-Yahoo days seeking new work or experimenting with other search engines. Instead, she gets to sit in a Senate hot seat alongside former Equifax CEO Richard Smith, defending past data breach response decisions.
Fraudulent SWIFT money-moving attacks continue, as one of Nepal's largest private-sector commercial banks, NIC Asia Bank, says attackers tried to steal $4.4 million after hacking its SWIFT server. Most of the funds have since been recovered.
Equifax says four senior executives - including its CFO - did not know the company had suffered one of the worst breaches in history when they collectively sold about $1.8 million worth of shares. Equifax's board found that 12 days elapsed before the first of the four learned about the hack.
Malaysia is grappling with a sweeping data breach that exposed 46 million mobile phone records, job seeker profiles and data from medical organizations. The breach, which may have occurred in 2014, is the largest Malaysian breach to ever become public.
The cyber threat analysis discipline blends aspects of intelligence analysis, information security and forensic science. By using cyber threat analysis, one can detect infiltrations faster, regardless of their source. Pairing advanced platforms with a human is the most effective way to detect an...
Moving from capabilities that understand "the now" to those that can understand the future is what the goals of cyber threat analysis should be.
Download this eBook and learn how cyber threat analysis utilizes:
The human element.
A significant challenge for many organizations has been enabling their analysts to find the "unknown unknown." Whether that unknown is malware lurking within the enterprise or within slight variations in fraudulent transactions, the result has been the same: enterprises continue to fall victim to cybercrime....
In today's dynamic threat landscape, "real-time" is the operative phrase - and it needs to apply both to threat detection and incident response. But what are the required security controls and tools?
Download this eBook on real-time capabilities and learn:
What's at risk for organizations that lack these tools and...
It is said that "Data is the new oil." If that's the case, then organizations need to do a far better job inventorying and securing their wells.
Download this eBook interview transcript with Laurence Pitt of Juniper Networks and learn about:
Data's true value in today's economy;
How organizations are exposing...
The RSA Conference returns to Abu Dhabi in November, and event organizers Linda Gray Martin and Britta Glade say this year's agenda is packed with new speakers and topics unique to this growing annual event.
A discussion with ISMG Security and Technology Editor Jeremy Kirk about his chat with the cyber gang "The Dark Overlord," which threatened some U.S. school districts with extortion, leads the latest edition of the ISMG Security Report. Also, an update on surging IT security employment.