Earlier this year, the PCI Security Standards Council issued version 4.0 of PCI DSS. Two experts from Verizon, Ferdinand Delos Santos and Rokon Zaman, discuss the new requirements of the regulations and strategies for implementing them to reduce risk and improve an organization’s overall security.
Australian telecommunications giant Optus is warning that current and former customers' personal details were exposed, including some driver's license and passport details, but no passwords or financial details, after it suffered a major data breach.
How has cybersecurity technology evolved, and are legal frameworks keeping pace with the evolution? Dr. Pavan Duggal, an advocate at the Supreme Court of India, shares his journey and talks about his passions.
Vikas Malhotra, country manager, LastPass, discusses establishing a password management program as the first line of defense in establishing user identity, followed by 2FA and MFA as the second step in the protection process.
An identity-centric approach to security will establish legitimate user behavior against suspicious user behavior using SIEM solution, coupled with machine learning algorithms, says Vivin Sathyan, senior technical evangelist at ManageEngine.
Today's big challenge for practitioners is identifying the "known and unknown" attack surface faster than the hackers. There is a need to build purpose-built sensors and asset management strategies to discover unknown attacks, says Debashish Jyotiprakash, vice president - Asia at Qualys.
China again accused the United States of cyberespionage as it seeks to reframe the global narrative on hacking. China's status as the world's worst cyber thief "annoys them tremendously," says Jim Lewis of CSIS. Beijing says it caught the NSA hacking into Northwestern Polytechnical University.
Chinese intelligence is conducting cyberespionage campaigns targeting corporations involved with energy extraction in the South China Sea, researchers say. Proofpoint and PwC conclude with moderate confidence the campaign is the work of the threat actor known as TA423 or Red Ladon.
The Cl0p ransomware group has been attempting to extort Thames Water, a public utility in England. Just one problem: the group attacked an entirely different water provider. Through ineptitude or outright lying, this isn't the first time that a ransomware group has claimed the wrong victim.
Response to supply chain attacks has evolved thanks to increased awareness and education, but more work needs to be done to understand how challenges can be addressed more systematically, says Sean Duca, vice president and regional chief security officer, Asia-Pacific and Japan, Palo Alto Networks.
A large number of security practitioners still don't understand the difference between security of the cloud and security in the cloud, says Archit Rajesh, group CISO at TeamLease, a human resources company headquartered in India. He discusses the complexities of cloud security.
The Indian government has scuttled its personal data protection bill after the proposal grew in scope beyond data protection "and was creating degrees of complexity." Arrka Consulting CEO Shivangi Nadkarni shares her views on what the new bill must incorporate.
This edition of the ISMG Security Report analyzes the latest ransomware trends from the European Union Agency for Cybersecurity, findings from the first-ever Cyber Safety Review Board on the Log4j incident, and how security and privacy leaders are harmonizing new U.S. privacy laws.
Britain's Conservative Party is holding a leadership contest, with the winner set to become the country's next prime minister. But the balloting process has been delayed after the National Cyber Security Center warned that hackers could abuse a process allowing members to change their online vote.
Thales plans to enter the customer identity and access management market through its purchase of an emerging European CIAM player. The French firm plans to capitalize on OneWelcome's strong product by extending its footprint beyond Europe and into North America and Asia-Pacific.