As the threat of malware infections, especially those involving ransomware, grows, organizations need to balance their perimeter-based security practices with an "intrusion tolerance" strategy that helps ensure a quick recovery, says medical device cybersecurity expert Kevin Fu.
What steps can organizations take to help ensure they're not the next victim of a ransomware attack? Technology expert Craig Musgrave of The Doctors Company, which offers cyber insurance, identifies the top priorities.
Today's distributed enterprise faces two key challenges: Provide top-notch cybersecurity and ensure a seamless user experience. Paul Martini, CEO and co-founder of iboss Cybersecurity, discusses a new strategy designed to meet both goals.
At a time when workers use more apps than ever to do their jobs - and from more locations and devices than ever - traditional IAM is simply not sufficient, says David Meyer of OneLogin. Cloud-Based IAM is what organizations truly need.
A new coalition of leaders from government, industry and privacy advocacy groups hopes to help provide a framework for reaching a consensus on how to use IT to ensure society's security while protecting individuals' privacy, says Art Coviello, an organizer of the new Digital Equilibrium Project.
MedStar is but the latest healthcare entity to fall victim to a ransomware attack. What can organizations do proactively to improve their ransomware defenses and response? PhishMe CEO Rohyt Belani offers insight.
David Finn, a former healthcare CIO, says he agreed to join a new Department of Health and Human Services cybersecurity task force because he supports its mission of involving representatives of all healthcare sectors in the effort to tackle challenges. In this interview, he outlines key security issues.
Many organizations both misunderstand and underestimate the power and scale of today's DDoS attacks, says Darren Anstee of Arbor Networks. And these lapses may be negatively impacting enterprises' DDoS defense.
PCI DSS 3.1 is scheduled to become effective as of June 30, 2016, and with that comes several changes - and challenges for security professionals. In an interview, Dell's Tim Brown discusses why network security is instrumental to ultimately meeting PCI DSS 3.1.
A new report, Threat Horizons 2018, from the Information Security Forum paints a fairly pessimistic picture of enterprises' ability to protect their IT from cybercriminals over the next two years. In an interview, ISF's Steve Durbin discusses what organizations can do to mitigate cyberthreats.
Now that the Department of Health and Human Services has announced that it will soon begin the next round of HIPAA compliance audits, organizations need to take specific steps to prepare in case they're chosen for scrutiny, says attorney Robert Belfort, a regulatory specialist.
Although the battle over whether the courts should compel Apple to help the FBI unlock the iPhone used by one of the San Bernardino shooters is on hold for now, the debate over the privacy issues involved isn't going away, says Greg Nojeim of the Center for Democracy and Technology.
In many enterprises, the CISO reports to the CIO, and occasionally you find a CIO who reports to the CISO. But Venafi's Tammy Moskites holds both roles. How does she manage the natural tension between IT and security?
Cambridge Savings Bank in Massachusetts is incorporating biometrics into its online and mobile banking platform as a way to limit, and in some cases remove, the need for username and password authentication. In this case study interview, two bank executives discuss what others can learn from the project.
The White House has yet to announce who will be the government's first CISO, a position President Obama announced six weeks ago. In this audio report, experts weigh in on whether there's enough time left for the new information security leader to be effective before the president's term ends.