Profiles in Leadership: Bruce Phillips

Tom Field • August 11, 2022

As CISO of West, a Williston Financial Group company, Bruce Phillips recognizes that cybersecurity is not the enterprise's core business. But what, then, is the right level of cybersecurity to bring to a nonsecurity business? He discusses this and other leadership challenges.

►

Black Hat

One Identity Snags Ex-LogRhythm CEO Mark Logan as New Leader

Latest

Fraud Management & Cybercrime

ENISA Report: Threat Landscape for Ransomware Attacks

Anna Delaney • August 15, 2022

ENISA’s new "Threat Landscape for Ransomware Attacks" report analyzes 623 ransomware incidents in the EU, U.K. and U.S. from 2021 to 2022. ENISA cybersecurity officer Ifigeneia Lella shares how attacks have evolved and how 95% of reported incidents lack key data about how the breaches occurred.

Finance & Banking

Building Resilience in a Multi-Cloud Environment

Anna Delaney • August 15, 2022

A well-managed multi-cloud strategy "is a sensible approach" because it allows organizations to move different workloads between providers, but it gets a "bit more complicated when you start thinking about workload portability," says Lee Newcombe, security director, Capgemini U.K.

Cyberwarfare / Nation-State Attacks

Why Being Prepared Is the Key to Preventing Cyberattacks

Steve King • August 15, 2022

Hybrid war includes cyberattacks, critical infrastructure attacks and efforts to get information. Victoria Beckman, director of Microsoft's Digital Crimes Unit in the Americas, says Ukraine used a national cybersecurity strategy to withstand such attacks from Russia and so can other countries.

Anti-Money Laundering (AML)

ISMG Editors: Analyzing the Twilio Breach

Anna Delaney • August 12, 2022

In the latest weekly update, four ISMG editors discuss the breach of customer engagement platform Twilio, a cyberattack on the U.K.'s NHS that has reignited concerns about supply chain security in the healthcare sector, and the U.S. Treasury clamping down on shady cryptocurrency mixers.

Governance & Risk Management

Zero Trust: Incorporate Critical, Systems, Design Thinking

Tom Field • August 12, 2022

Enterprises spend a lot of time on what zero trust is, but too little time on design thinking - and why cybersecurity solutions need that element baked in from the start. Brian Barnier and Prachee Kale of ThinkDesignCyber and CyberTheory Institute give an overview of their zero trust strategy.

Attack Surface Management

Black Hat: Incident Recovery, Threat Hunts & Blockchain Woes

Michael Novinson • August 12, 2022

Security executives at Black Hat USA 2022 discuss the latest cybersecurity trends from confidential computing and unified threat hunting languages to attack surface management and recovery services, social engineering campaigns and blockchain vulnerabilities.

Governance & Risk Management

FTC Initiates Privacy and Data Security Rule-Making

David Perera • August 11, 2022

U.S. companies could see new cybersecurity rules and restrictions on consumer data collection under a rule-making process initiated by the FTC. No regulatory outcome is guaranteed, but today's advanced notice of proposed rule-making is a first step to new data security and privacy regulations.

Cyberwarfare / Nation-State Attacks

Cyber Operations Keep Affecting Civilians as War Continues

Anna Delaney • August 11, 2022

The ISMG Security Report discusses how cyberattacks and operations tied to the Russia-Ukraine war have been affecting civilians since the start of Russia's invasion, whether a practicing cardiologist living in Venezuela is also a ransomware mastermind and effective bot management tooling strategies.

Application Security

Secrets in the Code: Open-Source API Security Risks

Steve King • August 11, 2022

In this episode of "Cybersecurity Unplugged," Apiiro's Moshe Zioni, vice president of security research, discusses the company's "Secrets Insights 2022" report on the real-world risks of hardcoded secrets across the software supply chain and how to mitigate the potential damage they can cause.

Black Hat

Krebs to Vendors at Black Hat: No More 'Band-Aid' Approach

Michael Novinson • August 11, 2022

Black Hat USA 2022 opened with somber warnings from Chris Krebs about why application developers, vendors and the government need to solve major industry challenges. Key security executives also discussed DNS visibility, cloud security, patch management, APT strategies and supply chain woes.

Fraud Management & Cybercrime

Microsoft Patches 'DogWalk' Zero-Day in August Patch Tuesday

Prajeet Nair • August 10, 2022

More than two years after being notified of it, Microsoft issued a fix for a Microsoft Windows Support Diagnostic Tool vulnerability known as DogWalk. The fix is part of the operating system giant's newest Patch Tuesday dump, which includes patches for 141 flaws.

Black Hat

Black Hat 2022 Opens Today With Focus on Emerging Threats

Michael Novinson • August 10, 2022

Black Hat 2022 kicks off today with security experts sharing cutting-edge research and insights through demos, technical trainings and hands-on labs. Keynote speaker Chris Krebs will discuss risk trends in cybercrime, geopolitical threats and what they mean for tomorrow's network defenders.