The new rules do not give a "free pass" for those acting in bad faith, the DOJ says. (Source: U.S. Department of Justice)

DOJ Revises Policy for Good-Faith Security Researchers

Mihir Bagwe • May 20, 2022

The U.S. Department of Justice has revised its policy on who it charges with violations under the Computer Fraud and Abuse Act. The DOJ now specifies that good-faith security research and researchers cannot be charged under the CFAA because they help improve cybersecurity standards.

3rd Party Risk Management

Trusting Our Global Supply Chain

Profiles in Leadership: Octavia Howell, Equifax Canada

Latest

Blockchain & Cryptocurrency

US Sets Up Multiagency Initiatives to Curb Ransomware

Prajeet Nair • May 23, 2022

The U.S. is setting up a Joint Ransomware Task Force, headed by the Cybersecurity and Infrastructure Security Agency and the FBI, as well as two international initiatives, chaired by the Department of Justice, to tackle illegal cryptocurrency activities related to ransomware.

Blockchain & Cryptocurrency

Proof of Concept: How Can We Improve Industry Collaboration?

Anna Delaney • May 23, 2022

In this edition, Ari Redbord and Grant Schneider join ISMG editors to discuss the challenges ahead for the U.S. government as it plans to roll out EDR deployments at more than half of federal agencies this year, how stable the stablecoin economy really is and how to improve industry collaboration.

Business Continuity Management / Disaster Recovery

Cyberattack Affects Greenland's Healthcare Services

Mihir Bagwe • May 23, 2022

The healthcare services in the island country of Greenland, an autonomous Danish dependent territory, have been crippled by a cyberattack that began on May 9, 2022. Healthcare executives continue to face IT challenges to date, including lack of access to patient records and email services.

Endpoint Security

How Broadcom Acquiring VMware Would Shake Up Cybersecurity

Michael Novinson • May 23, 2022

The tumultuous experience of Symantec under Broadcom's control presents a cautionary tale for CISOs currently using VMware's security technology. Symantec saw massive customer and employee attrition following deal close, and the company's technology doesn't fare as well in reviews by Gartner.

Application Security

Pathlock-Appsian Deal Combines App Governance, ERP Security

Michael Novinson • May 20, 2022

Pathlock has merged with Appsian to form a 500-person vendor that secures users and data across SAP and Oracle's ERP apps. Bringing Pathlock, Appsian and Security Weaver together will allow the firm to take a larger bite out of the $110 billion market focused on compliance testing for business apps.

Business Continuity Management / Disaster Recovery

ISMG Editors: The Case of the 'Dr. Evil' of Ransomware

Anna Delaney • May 20, 2022

In the latest update, four ISMG editors discuss the alarming, bizarre case of a cardiologist in Venezuela charged with developing malware and recruiting affiliates, recent ransomware and data leak incidents in healthcare and how the economy is causing mature cybersecurity startups to slow hiring.

3rd Party Risk Management

Canada Bans Huawei, ZTE to Secure Telecom Systems

Prajeet Nair • May 20, 2022

Canada says it will no longer allow the use of products and services from China's Huawei Technologies and ZTE Corp. in its telecommunications systems. The government says its decision is based on reviews by independent security agencies and was made in consultation with its "closest allies."

Endpoint Detection & Response (EDR)

Palo Alto CEO: Vendor Consolidation Is Fueling Our Growth

Michael Novinson • May 19, 2022

Palo Alto Networks' product portfolio is paying dividends as customers look to reduce their vendor footprint, says CEO Nikesh Arora. He says despite pressures in the global economy, enterprises aren't currently stressing about their IT budgets.

Fraud Management & Cybercrime

Ransomware Attack Vectors: RDP and Phishing Still Dominate

Mathew J. Schwartz • May 19, 2022

Attackers who successfully infect targets with ransomware primarily first gain access by exploiting poorly secured remote desktop protocol or VPN connections or by using malware-laden phishing emails, reports security firm Group-IB, based on more than 700 attacks it investigated in 2021.

Critical Infrastructure Security

Ransomware Ecosystem: Big Changes Since Colonial Pipeline

Anna Delaney • May 19, 2022

The latest edition of the ISMG Security Report analyzes the changes in the ransomware landscape one year after the attack on Colonial Pipeline. It also revisits the Ryuk ransomware attack on a school district in Illinois and examines common culprits hindering effective Zero Trust adoption.

Access Management

Proof of Concept: Apple/Microsoft/Google Back Passwordless

Anna Delaney • May 16, 2022

In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.

Next-Generation Technologies & Secure Development

Late-Stage Startups Feel the Squeeze on Funding, Valuations

Michael Novinson • May 13, 2022

Mature cybersecurity startups are beginning to slow hiring and prune operating expenses as macroeconomic storm clouds obscure future funding sources. Emerging vendors must grapple with an IPO market that has essentially dried up and investors unwilling to offer valuations anywhere near 2021 levels.