Incident Response: Best Practices in the Age of Ransomware

Mathew J. Schwartz • December 6, 2021

Good news on the breach prevention and incident response front: More businesses are getting more mature practices in place, although as attackers continue to improve their efforts, so too must defenders, says incident response expert Rocco Grillo of consultancy Alvarez & Marsal.

►

Cybercrime

Cybersecurity Leadership: Cut Through the Zero Trust Hype

Latest

Application Security

Going Inside the Mind of an Ethical Hacker

Anna Delaney • December 6, 2021

Casey Ellis, founder and CTO of Bugcrowd, shares insights from the company's annual report, Inside the Mind of a Hacker 2021, which reveals that 8 out of 10 ethical hackers recently identified a vulnerability they had never seen before.

Access Management

Missouri Governor's Hack Accusation Loses Steam

Jeremy Kirk • December 6, 2021

In October, Missouri's governor accused a journalist of hacking after he alerted the state to exposed personal information on a state education website. Now, emails reveal that state planned on thanking him before it chose to pursue prosecution and that the FBI immediately dismissed the incident.

Endpoint Security

Report: NSO Group Spyware Found on State Department Phones

Dan Gunderman • December 3, 2021

Spyware from sanctioned Israeli firm NSO Group has reportedly been detected on at least nine iPhones belonging to U.S. State Department officials with "state.gov" email addresses, who are located in Uganda or whose work focuses on Uganda, according to Reuters.

Account Takeover Fraud

ISMG Editors: Are We Close to Cracking Cybercrime Ecosystem?

Anna Delaney • December 3, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how the FBI has seized bitcoins from an alleged REvil ransomware affiliate, how to mitigate risks from BIN attacks and the latest COVID-19 trends globally.

Business Continuity Management / Disaster Recovery

Need to Negotiate a Ransomware Payoff? Newbies: Start Here

Anna Delaney • December 3, 2021

The latest edition of the ISMG Security Report features an analysis of best practices for negotiating a ransom payment. Also featured: Busting Zero Trust myths and the dangers of mythologizing defenders.

Access Management

The ROI of Shift-Left Automated Testing

Information Security Media Group • December 1, 2021

Forrester evaluates the benefits of automated testing for the mainframe.

Access Management

The Evolution of Privileged User Monitoring for Mainframes

Information Security Media Group • December 1, 2021

Learn how the latest advances in privileged user monitoring can close windows of opportunity for attackers and keep business-critical data safe from credential theft, lateral attack movement, ransomware, and other threats.

Cyberwarfare / Nation-State Attacks

How to Stop a Potential Ransomware Attack Before it Happens

Information Security Media Group • December 1, 2021

In this on-demand webinar, you’ll learn how you can get out in front of the ransomware threat to stop hackers from locking down your data in the first place.

Governance & Risk Management

Troublemaker CISO: Penny-Wise, Pound-Foolish & Insider Risk

Ian Keller • December 1, 2021

The saying "Penny-wise, pound-foolish" is relevant when we talk to those friendly, knowledgeable finance people about ongoing employee screening due to the dreaded insider threat and the costs associated with it - which leads to us pulling out our hair in utter frustration. This rant is about that.

Fraud Management & Cybercrime

Why Today's Security Rhetoric is Harmful and Must Change

Anna Delaney • November 30, 2021

In her latest book, "Rhetoric of InSecurity: The Language of Danger, Fear and Safety in National and International Contexts," academic Victoria Baines questions the imagery and rhetoric we use to communicate safety and security issues, and details their unwelcome impact on the workforce.

3rd Party Risk Management

Forrester Predictions: Rethinking Supply Chain Management

Anna Delaney • November 30, 2021

Forrester's Sandy Carielli and Jeff Pollard discuss their latest research, Predictions 2022: Cybersecurity, Risk and Privacy, which highlights the need for gaps in third-party relationships, collaboration and trust to be addressed.

Governance & Risk Management

Securing Your Hybrid Workforce Using a SASE Approach

Geetha Nandikotkur • November 30, 2021

SASE adoption is being driven by numerous factors, including the opportunity to address the challenges with unmanaged applications and devices, providing greater visibility into various tasks, and ensuring consolidation of investments in the networking infrastructure to bring down the administrative cost, according to...