The best way to take a holistic approach to the current threat landscape is to define security issues as business problems and then put the problem before the solution - not the other way around, contends RSA CTO Zulfikar Ramzan.
Although cybersecurity plans sometimes clash with business goals, the role of security should be to enable the business and not necessarily lock everything down, says Andrew Woodward of Australia's Edith Cowan University.
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.
One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
What advice does the world's first CISO have for the current generation of CISOs? Stephen Katz emphasizes, first and foremost, that cybersecurity must be treated as a business risk management issue rather than a technology issue. He'll be a featured speaker at ISMG's Security Summit in New York Aug. 14-15.
The fundamentals of governance, risk and compliance are sorely lacking in too many organizations that are striving to improve cybersecurity, says Malcolm Palmore, an assistant special agent at the FBI.
Finding threats in your big data can be like finding a needle in a haystack. Splunk Enterprise Security streamlines the process by extracting indicators of compromise (IOCs) in your threat intelligence data to help you pinpoint potential attack activity in your enterprise.
Download this whitepaper to learn about a...
"Our risk landscape has changed from protecting the things that we operate to protecting the things that we buy, and that's why third party risk management is the place where people are really focusing," says Joel de la Garza of the venture capital firm Andreessen Horowitz.
The fight against fraud in a cashless economy requires investments in technologies that can offer early warning signals, says Bharat Panchal, senior vice president and head of risk management at National Payment Corporation of India.
Better, stronger fraud-detection intelligence - that's the promise of the new 3-D Secure 2.0 protocol for digital merchants, networks and financial institutions. But what should organizations do to prepare? James Jenkins of CA Technologies weighs in.
The Reserve Bank of India issued a notice to all cooperative banks advising them to apply caution while deploying third-party core banking applications and check for appropriate security standards. The move came after credential theft incidents at some banks. But will banks heed the advice?
Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. politicians and county and state election boards. Here's how to play better phishing defense.
RoboCent, a company that specializes in robocalling voters, left nearly 3,000 files containing detailed data about Virginia voters online by mistake. The data has been secured, but the incident points again to ongoing problems of security misconfigurations in repositories and lack of end-to-end encryption.
A ministry of agriculture website in India lacks basic security measures, risking exposing personal data of millions of farmers who use the site to obtain crop insurance, a security practitioner who uses the site has pointed out.
Behavioral analytics have taken the fast lane from emerging tech to mature practice.
The key element that has made behavioral analytics move so fast and become something so important to security is that the focus has been not on the technology itself but on the value it provides the enterprise, notably when being...