It's no surprise that as some ransomware-wielding criminals have been hitting healthcare, pipelines and other sectors that provide critical services, governments have been recasting the risk posed by ransomware not just as a business threat but as an urgent national security concern.
"Security should not be treated as a tick mark activity for compliance purposes," says CISO Sumeet Khokhani. He discusses how security requires understanding of the nature of business processes and how a risk-based, practical approach can help organizations focus on what matters most.
The U.S. Transportation Security Administration has issued new security directives for higher-risk freight railroads, passenger rail, and rail transit that it says will strengthen cybersecurity across the transportation sector in response to growing threats to critical infrastructure.
The latest edition of the ISMG Security Report features an analysis of best practices for negotiating a ransom payment. Also featured: Busting Zero Trust myths and the dangers of mythologizing defenders.
So what happens when you as a security leader get that call to protect the cybersecurity of executive leaders/board members outside the office? What are the right and wrong responses? Chris Pierson of BlackCloak shares new insight on executive protection best practices.
The saying "Penny-wise, pound-foolish" is relevant when we talk to those friendly, knowledgeable finance people about ongoing employee screening due to the dreaded insider threat and the costs associated with it - which leads to us pulling out our hair in utter frustration. This rant is about that.
In her latest book, "Rhetoric of InSecurity: The Language of Danger, Fear and Safety in National and International Contexts," academic Victoria Baines questions the imagery and rhetoric we use to communicate safety and security issues, and details their unwelcome impact on the workforce.
Michael Lines is working with Information Security Media Group to promote awareness of the need for cyber risk management, and as a part of that initiative, the CyberEdBoard will post draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself."
The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
CISOs need to be open to ideas and suggestions from their peers and other functions and exhibit thought leadership to establish collective defense thinking in fighting threats, says Steven Sim Kok Leong, president of ISACA, Singapore chapter and chair of OT-ISAC Executive Committee.
Why has the cybercriminal underground put so much effort toward the professionalization of ransomware? Simply put, they are making tons of money from it.
The U.S. Department of Homeland Security on Monday launched a new personnel system that it says will enable the department to "more effectively recruit, develop, and retain cybersecurity professionals." Those recruited through the system will join the ranks of the DHS Cybersecurity Service, a federal team of cyber...
Including psychology in cybersecurity educational awareness programs allows employees to recognize and trust their own instincts when dealing with a potential security incident, says Denise Beardon, head of information security engagement at international law firm Pinsent Masons.
Zero Trust: Is it the operational model that's going to propel us into a more secure future? Or just another marketing message to be tossed onto the pile of past campaigns? In this latest Cybersecurity Leadership panel, the top minds in the sector weigh in on the present and future of Zero Trust.
Technology is not the solution to all cybersecurity problems, and cybersecurity awareness has to be given equal emphasis, says Tarek El-Sherif, head of IT risk at Abu Dhabi Commercial Bank. In this interview, he discusses the importance of training.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.