As the risks to IT and OT converge, organizations must use "zero trust" to verify user identities and build effective monitoring capabilities to track the behavior of privileged users, say Kartik Shahani of Tenable and Rohan Vaidya of CyberArk.
If your solution is out at sea, it’s time to learn more about improving integration. Micro-segmentation can allow security architects to divide data centers into unique security segments (as far down as individual workload levels) but requires integration.
Join us in this webinar where Illumio’s Field CTO...
A hacker breached a Florida city's water treatment network, increasing the amount of lye that would be added to the water to a dangerous level. Officials say they caught the change immediately and reversed it. Reuters reports that the system was accessed via the city's TeamViewer remote access software.
Kubernetes brings some specific security requirements to the table. For a managed Kubernetes service like GKE, users have three main layers that require action: the workloads running on the cluster, the cluster and its components, and the underlying GCP services on which the cluster depends, and more.
The financial sector is one of the more prominent targets for cyber-attacks. It's the second-largest source of data breaches, having notified OAIC of 42 system breaches, putting it behind only health service providers. And, with the average cost of a data breach in Australia sitting at $2.5 million, incidents can get...
Experts predict that digital transformation and remote work will accelerate in the new normal. So will the need to secure every kind of endpoint and safeguard sensitive corporate data. To succeed in the new reality, solutions must meet the rigorous security requirement of IT leaders while also accommodating users'...
The increasing use of internet-connected devices in manufacturing facilities is opening up new ways for hackers to target so-called "smart" factories with unconventional attack methods, according to an analysis by security firm Trend Micro and the Polytechnic University of Milan.
Security experts and law enforcement officials have long argued that paying ransoms doesn't pay. For starters, it directly funds the cybercrime ecosystem and makes it attractive for criminals to keep launching ransomware attacks.
Time for a fresh edition of "learn from how others get breached" focusing on Equifax. The goal is not blame, but rather to highlight specific missteps so others can avoid making the same mistakes. The Equifax breach offers a plethora of takeaways to help organizations better repel attackers.
Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
The Cyber Security Agency of Singapore has come up with an operational technology and cybersecurity master plan aimed at building a secure and resilience ecosystem to protect critical infrastructure. But will implementation prove feasible?
Building a public/private partnership for cybersecurity is time consuming and resource-intensive, but such a model can play a key role in protecting critical infrastructure, says Ravikishor Mundada, CEO of the Center of Cybersecurity Excellence, Government of Karnataka.
With the volume of data breaches and cyberattacks continuing to rise, organizations are increasingly relying on breach and attack simulation tools to provide more consistent and automated validation of controls, says Cymulate's Tim Ager.
Banks in West Africa have been targeted by at least four hacking campaigns since mid-2017, with online attackers wielding commoditized attack tools and "living off the land" tactics to disguise their efforts, Symantec warns.
The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.