The PCI Security Standards Council is creating a payments software framework, including two new standards that can evolve as the software rapidly changes, Troy Leach, the council's CTO, explains in this in-depth interview.
India is expected to announce in the coming months the formation of a cyber defense agency that would focus on protecting critical infrastructure, especially government and defense networks, from cyberattacks.
All U.S. publicly traded companies should review how they internally disseminate breach information and expect to see revised cybersecurity guidance, says William Hinman, the director of corporation finance for the U.S. Securities and Exchange Commission.
A report on the head of Equifax contending that his company - not individual consumers - owns the personally identifiable information the credit reporting agency markets to lenders leads the latest version of the ISMG Security Report. Also, a preview of the ISMG Healthcare Security Summit.
The financial sector is under increasing threat from cybercrime syndicates, and the distributed nature of today's predominantly Russian-speaking attackers is making them tough to disrupt, says Rob Wainwright, director of Europol.
Security practitioners must do a much better job of prioritizing their investments based on the most significant risks their organizations face, says Zulfikar Ramzan, chief technology officer at RSA, who offers insights on "fighting the right battle."
The former CEO of Yahoo, which has had 3 billion records exposed in a 2013 data breach, testified at a Senate hearing that it's tough for any corporation to defend against nation-state backed cyberattacks. That led senators to grill Marissa Mayer about the security steps Yahoo had taken.
With only six months until the EU's General Data Protection Regulation is enforced, organizations across the world that handle Europeans' data are grappling with compliance challenges, including how long to retain PII, says Devender Kumar of Mphasis, who offers advice on effective strategies.
Want to stop the latest cybercrime bogeyman? For the umpteenth time, put in place well-known and proven strategies for repelling online attacks, such as the Australian Signals Directorate's top 4 mitigation strategies for repelling targeted cyber intrusions.
Fraudulent SWIFT money-moving attacks continue, as one of Nepal's largest private-sector commercial banks, NIC Asia Bank, says attackers tried to steal $4.4 million after hacking its SWIFT server. Most of the funds have since been recovered.
Equifax says four senior executives - including its CFO - did not know the company had suffered one of the worst breaches in history when they collectively sold about $1.8 million worth of shares. Equifax's board found that 12 days elapsed before the first of the four learned about the hack.
Prasanna Lohar, head of technology at DCB Bank, describes how 20 banks in India are working together to identify the best ways to leverage blockchain technology to help fight fraud and improve services, such as customer onboarding.
Many enterprises use remote desktop protocol to remotely administer their PCs and mobile devices. But security experts warn that weak RDP credentials are in wide circulation on darknet marketplaces and increasingly used by ransomware attackers.
Thom Langford, CISO of Publicis Groupe, says all companies should consider two essential elements when crafting an incident response plan: strong legal representation and a communications plan that considers both internal and external messaging.
The latest ISMG Security Report features highlights from the recent panel discussion at the ISMG Fraud and Breach Prevention Summit in London on preparation for the European Union's General Data Protection Regulation set to be enforced next May.