The National Institute of Standards and Technology has published its initial draft of its first revision to its cybersecurity framework, which is designed to help critical infrastructure operators and other organizations safeguard their digital assets.
In a reminder that healthcare organizations continue to be targeted by more than just crypto-locking extortionists, a cyberattack against an NHS trust didn't involve ransomware - as some initial reports suggested - but rather a never-before-seen Trojan.
Encrypted web communication routinely bypasses enterprise security controls. Left unscanned, these channels are perfect vehicles for hiding infection, command & control, and data exfiltration.
The malicious use of encryption is growing at an alarming rate, from 104 in 2014, to 13,542 as of mid-2016, according to...
Encryption keeps data confidential, but we're left unprotected from threats that may be embedded in the data. In fact, encryption actually conceals these threats and adds network performance burdens for organizations that wish to inspect encrypted traffic.
The first in a series on encryption, this technical brief...
Breach detection systems (BDS) are security products that offer timely detection of threats. When evaluating these products, customers must take into account traditional factors, such as security effectiveness, deployment options, performance and administrative capabilities.
Since cybercriminals prize new threats...
Replacing traditional antivirus (AV) with advanced endpoint protection (AEP) products may not be the best decision for every organization. If you do decide to switch, determining which AEP product is the best fit can be challenging as claims of capabilities and value differ between products.
This guide provides...
Advanced endpoint protection (AEP) products are still relatively immature, which makes it difficult to decide whether to replace or augment existing endpoint protection (EPP). Adding to the difficulty in assessing AEP products is the fact that measuring some of their features can be complicated.
AEP products are...
Rudy Giuliani, the former New York mayor who's been tapped by U.S. president-elect Donald Trump to lead a cybersecurity corporate outreach program, runs a security consulting firm with a website that's been given a failing grade for its security.
Although HIPAA requires healthcare organizations to conduct a periodic security risk analysis focused on systems containing PHI, larger entities should also perform more comprehensive security self-assessments, advises CISO David Loewy of SUNY Downstate Medical Center, who explains his approach.
In 2016, organizations experienced the greatest number of data breaches. A checkbox approach to security does little to help ensure protected data remains secure. Organizations must create a practical action plan to accomplish many goals, such as ensuring endpoints are secure, minimizing the risk of breaches, and...
The U.S. Federal Trade Commission has filed a complaint against router and camera manufacturer D-Link for allegedly failing to secure its products. Experts say it's the opening salvo in what could be a long-term battle to fix IoT devices.
Seven state insurance commissioners conclude in a new in-depth report that the massive cyberattack on Anthem Inc. was carried out by a hacker on behalf of a nation-state. But they stop short of naming the nation involved or penalizing Anthem for the breach that affected 80 million.
Because cyberattackers are now using memory-resident malware that leave no trace on the disk, forensics experts using traditional methods will face a challenge, says Christopher Novak, director of Verizon's global investigative response unit.
Two government agencies have issued alerts about cyber vulnerabilities in certain cardiac devices from St. Jude Medical, which were at the center of a controversial report by an investment firm last year. The device maker, recently acquired by Abbott Laboratories, has issued software updates to address the problems.
A new report from a bipartisan Congressional workgroup examining the benefits and challenges of the internet of things spotlights cybersecurity and privacy as top concerns. But will the new Congress take any action on these issues?