The shortage of cybersecurity professionals in the United States includes a scarcity of expertise in medical device security, says Bill Aerts, senior fellow and managing director of the University of Minnesota's recently launched Center for Medical Device Cybersecurity.
It has never been more vital to secure your supply chain, with governments also recognizing the urgency by increasingly calling for Software Bills of Materials (SBOMs) and the implementation of effective third-party security risk management (TPRSM) to stem the surge in ransomware and other cyberattacks.
Struggling to defend your organization against cyber attacks? Wondering how to prioritize limited resources?
A study by the Marsh McLennan Cyber Risk Analytics Center found that poor performance in many BitSight analytics is statistically significant and correlated with the likelihood of experiencing a...
ISACA's State of Digital Trust 2022 survey shows significant gaps between what enterprises are doing and what they should do to earn customer trust in digital ecosystems. While 98% of those surveyed say digital trust is important, only 12% have dedicated staff roles to digital trust.
Accounting and planning do not go away, nor does coordination. However, the role of a central operational data store such as the CMDB is a big question. Inventories and dependencies are difficult to track across increasingly dynamic infrastructures. Creating a CMDB record for a Docker container that lasted all 15...
In this episode of "Cybersecurity Unplugged," Amit Shah, director of product marketing at Dynatrace, discusses the implications of the Log4Shell software vulnerability and the need for organizations to take an observability-led approach to software development and security going forward.
Australia's largest telecom provider acknowledged Tuesday a data breach, but said the data came from a now-defunct employee rewards program from 2017. A company executive accused the hacker behind the breach of seeking to profit from a tense climate created by a much larger breach at rival Optus.
In the latest weekly update, ISMG editors discuss how organizations can comply with the new PCI DSS 4.0 requirements, whether other countries should follow the U.S. lead on legislating software bills of materials, and key strategies for CISOs preparing for an economic downturn.
Over his 23-year career in cybersecurity, Tom Kellermann has focused on policy, endpoints and even strategic investments. Now, in his new role as senior vice president of cyber strategy at Contrast Security, his mission is to protect code security - particularly in the public and financial sectors.
The latest edition of the ISMG Security Report discusses what went wrong for Optus in the wake of one of Australia's biggest data breach incidents, the state of code security today and the growing trend of private equity firms pursuing take-private deals.
Recent hacking incidents involving an emergency medical transport company and a firm that provides billing services to ambulance companies underscore how protected health information is subject to risk and oversight alike before a patient even steps into a hospital.
The latest edition of the ISMG Security Report discusses financial giant Morgan Stanley's failure to invest in proper hard drive destruction oversight, the future of ransomware and the gangs that have attacked organizations in recent years, and the methods required to secure new payments systems.
From SolarWinds to Kaseya, Accellion, Log4j and Okta, third-party security breaches are among the most devastating for organizations affected. Tony Morbin of ISMG dives into the story behind the results of a global survey with Demi Ben-Ari, the co-founder, CTO and head of security at Panorays.
Internally hosted resources harboring sensitive PII or intellectual property may reside anywhere, from your on-premises data center to public cloud services such as AWS, Azure or GCP. Third parties accessing these resources pose an additional risk, expanding your attack surface to contractors, vendors, resellers and...
Palo Alto Networks has been in a 19-month dry spell when it comes to major acquisitions, but it looks like that's about to change. Israeli business publication Calcalist reported Monday the firm is closing in on a deal to buy New York-based code risk platform provider Apiiro for around $600 million.