The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir. Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues.
The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year.
Insider threats are difficult to counter. What happens when an employee goes rogue, and how do you catch them? Charles Carmakal of Mandiant, who says his firm is dealing with more insider threat investigations, shares tips for better defenses.
While hacking incidents grab the top spots on the federal tally of large health data breaches these days, the serious threat of malicious insiders must not be overlooked or underestimated, the HIPAA enforcement agency and security experts warn.
Progressive companies seeking to improve their security are increasingly adopting bug bounty programs. The theory is that rewarding outside researchers improves security outcomes. But in practice, bug bounty programs can be messy and actually create perverse incentives, says bug-hunting expert Katie Moussouris.
Fortinet's FortiGuard Labs global threat research team is creating research playbooks that provide deep-dive analysis of not only threat trends, but also cybercriminal and adversary tools and techniques. Derek Manky and Tony Giandomenico discuss the playbook model and how it can help in the fight against cybercrime.
The Justice Department has indicted two men on charges of paying more than $1 million in bribes to AT&T employees who helped plant malware on the carrier's network and access the company's internal systems. The complicated scheme involved unlocking 2 million smartphones from AT&T's network, prosecutors say.
Capital One's enormous data breach is a subject of intense scrutiny as well as fear. A definitive post mortem is likely months away. But security professionals have ideas as to how the breach was achieved and the weaknesses that led to it.
The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements.
The cause of Capital One's breach is known. But experts say the incident still raises questions over why Capital One held onto personal data so long and if the bank was adequately monitoring administrator accounts.
The Capital One data breach is in early stages of remediation. Art Coviello, former chair of RSA, which was breached in 2011, shares first-hand insight on steps the breached institution and its CEO should be taking now.
The sentencing of a former worker at a substance abuse treatment provider in connection with a Medicaid fraud conspiracy "is an important reminder about the threats from insiders," one privacy attorney says.
A former software engineer for an Illinois-based locomotive manufacturer allegedly stole proprietary information and other intellectual property from the company before fleeing to China, according to an indictment the U.S. Justice Department unsealed Thursday.
George Orwell's "1984" posited a world in which Big Brother monitored us constantly via "telescreens." But thanks to our "smart" AI home assistants - from Google, Amazon and others - we're increasingly installing the monitoring equipment ourselves, and it may "hear" much more than we realize.
For years, security leaders focused primarily on malicious insiders - those who intend to do harm to an organization. But CISOs are increasingly concerned about the accidental insider. And Anne-Marie Scollay of Axiom Law has a program targeting this growing threat.