Warning: Attackers are abusing poorly secured and managed implementations of Microsoft Windows Active Directory to hack organizations and distribute ransomware. Fewer old operating systems and greater Active Directory security knowledge are helping mitigate the threat. But experts say more must be done.
A major misconception about cloud IAM is that it's easy to implement, says Mark Perry, CTO for APAC at Ping Identity. Implementation poses challenges, and cloud IAM must be carefully integrated with other systems, he says.
SSH keys are widely used to provide privileged administrative access but are routinely untracked, unmanaged and unmonitored. Mike Dodson of Venafi outlines an approach for better key protection.
The traditional IAM strategy has been to tie individual users with a unique device. But that doesn't work in healthcare settings, where doctors and nurses often share multiple devices. Jigar Kadakia of Partners HealthCare talks about how he approaches this critical challenge.
Healthcare information is a prime target for malicious attackers because it has a high value on the black market, says Amanda Rogerson of Duo Security, who calls for adoption of a "zero trust" model to boost security.
Security professionals are hard-wired to focus on the technical aspects of cyber attacks during a breach response, but non-technical aspects are often deceptive and go overlooked. Identity can be a powerful tool to bolster your defenses - and the untapped market potential is huge.
Download this eBook to learn from...
Often in breach response, security professionals focus on the technical aspects of the attack. Yet, the non-technical aspects are often more insidious, says Teju Shyamsundar of Okta. And Identity can be a powerful tool to bolster defenses.
In the digitally-transformed healthcare landscape, PHI is transmitted and stored in the cloud and accessed by legions of privileged users; patients now have unprecedented access to their own data and records, which are coveted by fraudsters on the Dark Web; and regulators are increasingly scrutinizing the privacy and...
Blair Bonzelaar of Okta discusses the requirements for making the transition to a zero trust model for securing enterprises and offers practical identity management insights.
Google is notifying administrators and users of its business-oriented G Suite product that the company had been storing unhashed passwords for years because of a flaw in the platform. The company believes no customer data was leaked and that all passwords remained encrypted.
Cybercrime has targeted bank and payments solutions for a long time, but in the past few years has expanded its target industries to airlines, insurance, travel, retail and others. CISOs and fraud leaders that have been focused on insider threats are finding they need to consider the fraud darknet eco-system and...
Access risk: Security leaders understand their governance and technology challenges. But addressing them with new automated tools - and selling these new processes within their organizations? Those are the problems attendees attempted to solve at a recent dinner in Philadelphia.
The latest edition of the ISMG Security Report features an update on a congressional report that slams Equifax for lacking a strong cybersecurity culture. Also featured: A new study on the status of women in the cybersecurity industry and the use of Android phones as security keys.
Google's latest security feature enables the use of Android phones as a security key, eliminating the need for a separate token or hardware device. The free feature is potentially more appealing that Google's Titan security keys, which cost $50.
Facebook has corrected an internal security issue that allowed the company to store millions of user passwords in plaintext that were then available to employees through an internal search tool.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.
