Every new cybersecurity regulation includes at least some emphasis on improving vendor risk management. But what happens when vendors balk at the extra degree of scrutiny required? Moffitt Cancer Center's Dave Summitt describes his risk-based approach to business associates.
As the GDPR's enforcement date nears, North American healthcare organizations are scrambling to ensure their data protection policies and practices are up to snuff. Mitch Parker of Indiana University Health System offers his prescription for GDPR compliance.
The steady stream of new reports about years-old breaches continues as Imgur, the popular photo-sharing service, belatedly warns that it suffered a breach in 2014 that compromised 1.7 million users' accounts.
Give crooks credit for topicality: They remain loathe to miss a trick. Indeed, hardly any time elapsed after Uber came clean about the year-old breach it had concealed before crack teams of social engineers unleashed appropriately themed phishing messages designed to bamboozle the masses.
Uber paid hackers $100,000 to keep quiet about a 2016 breach that exposed 57 million accounts belonging to customers and drivers, Bloomberg reports. But was the payment a bug bounty, as Uber has suggested, or really an extortion payoff and hush money?
U.S. prosecutors have unsealed an indictment against an Iranian man charged with trying to extort entertainment company HBO for $6 million in bitcoins. The case marks a rare public naming of someone accused of cyber extortion, which poses an increasing risk for all organizations.
With a rise in incidents of omnichannel financial fraud globally, financial institutions need to enhance their ability to detect fraud - while also reducing technical complexity. Maxim Shifrin of IBM Trusteer discusses new solutions.
A veteran security researcher has become entangled in a conflict with Chinese drone manufacturer DJI over his security vulnerability report, which initially qualified for the manufacturer's bug bounty program. The researcher says communications broke down after he refused to sign a legal agreement.
CIOs and CISOs must guard against making security technology decisions based on the latest threat trends hyped by vendors, focusing instead on their specific business needs, says T.S. Lim of CA Technologies.
India's Ministry of Electronics and Information Technology, or MeitY, plans to create a "challenge grant" program to support cybersecurity startup companies in an effort to encourage domestic development of innovative technologies.
Kaspersky Lab says it "inadvertently" scooped up classified U.S. documents and code from an NSA analyst's home computer, but suggests it wasn't the conduit by which the material ended up in Russian hands. It claims that the computer was riddled with malware.