Microsoft Warns Users: Beware of Damaging BlueKeep Attacks

Akshaya Asokan • November 11, 2019

Now that security researchers have located the first exploits that take advantage of the BlueKeep vulnerability in Windows, Microsoft is warning users to apply patches the company issued for this flaw before more dangerous exploits merge.

Artificial Intelligence & Machine Learning

A CISO Sizes Up Critical Technologies, Emerging Challenges

Latest

General Data Protection Regulation (GDPR)

Take Two: Why Organizations Are Reviewing GDPR Efforts

Mathew J. Schwartz • November 11, 2019

The EU's General Data Protection Regulation rewrote the rules of the data privacy and breach notification game when it went into full effect last year. Now, however, numerous organizations are revisiting and refining their GDPR compliance efforts around preparation and remediation, says PwC's Polly Ralph.

Governance

Insider Threat: Greater Risk Mitigation Required

Mathew J. Schwartz • November 11, 2019

Too many organizations are still failing to prioritize mitigating the risk posed by insiders, whether they're malicious actors or model employees who make mistakes that unintentionally lead to a data breach, says Veriato's Chris Gilkes.

General Data Protection Regulation (GDPR)

Privacy Nirvana: Some Assembly Still Required

Mathew J. Schwartz • November 11, 2019

Data privacy discussions must focus not just on collecting, storing and securing data, but also the impetus for doing so - and whether it is being done in an ethical manner, says consultant Thom Lagford, a former CISO, who addresses GDPR compliance issues.

Governance

Data Breach Defense: Email and File Lockdown

Mathew J. Schwartz • November 11, 2019

Preventing data breaches requires safeguarding information, and for many organizations that means having strong controls in place to protect email as well as files, says Zivver's Olivier Paling.

Governance

'Digital Climate Change': An Inconvenient Truth

Mathew J. Schwartz • November 11, 2019

Too many organizations continue to use digital assets and infrastructure even when they can see that they have information security problems and deficiencies that they're failing to fix, says cybersecurity expert John Walker.

Fraud Management & Cybercrime

Despite Instagram Changes, Minors Are Still at Risk

Jeremy Kirk • November 11, 2019

In June, I wrote an in-depth story about how millions of Instagram users worldwide under 18 years old were exposing their email addresses, phone numbers or both. Instagram has finally made a change to address the issue - but it doesn't go far enough.

Governance

Cybersecurity Success Rule No. 1: Prioritize Culture Change

Mathew J. Schwartz • November 8, 2019

The one factor with the biggest impact on any organization's digital transformation efforts - regardless of the organization's size or sector - is the ability to change its privacy, cybersecurity and IT culture, says Stephen Owen, CISO of Bourne Leisure Group.

Cyberwarfare / Nation-State Attacks

Staying Ahead of Nation-State Cyberattacks

Mathew J. Schwartz • November 8, 2019

As nation-state attackers increasingly aim to steal intellectual property, businesses must ensure they have the best possible defenses in place, says Ran Shahor, CEO of HolistiCyber.

Governance

Cybersecurity at the Heart of the 4th Industrial Revolution

Mathew J. Schwartz • November 8, 2019

At this year's annual meeting of the World Economic Forum, the cybersecurity message was clear: World leaders see it as essential for fixing the failures associated with past industrial revolutions as well as safeguarding future digital transformation, says Fortinet's Alain Sanchez.

Security Awareness Programs & Computer-based Training

User Awareness Training: Improvement Still Required

Mathew J. Schwartz • November 8, 2019

Despite organizations enduring decades of security policies, programs, plans, metrics and awareness training, CISOs still complain that too many employees are failing at the cybersecurity basics, says Virtually Informed's Sarb Sembhi.

Incident & Breach Response

Why a Data Breach Response Plan Is Essential

Mathew J. Schwartz • November 8, 2019

Having a detailed data breach response plan that's regularly tested by all players and continually refined is essential, says PwC's James Lloyd, who offers strategic insights.

Governance

Identity Management: More Devices, Greater Complexity

Mathew J. Schwartz • November 8, 2019

Employees view the ability to bring their own devices into their workplace life as a prerequisite for any job, which complicates organizations' identity management and cybersecurity efforts, says Barry McMahon of LastPass.