In the latest weekly update, ISMG editors discuss ways organizations commonly founder when implementing a zero trust strategy, what the latest version of India's digital data protection bill means for CISOs, and how a 2022 data breach confirmed by Twitter may be worse than initially thought.
Is a four-month delay between learning your systems were breached and notifying affected customers acceptable? After spotting an attack in August, private utility South Staffordshire Water in England is only beginning to alert customers that they're at risk of identity theft.
Zscaler has notched large, multiyear, multipillar deals as the economic downturn prompts clients to seek replacements for expensive legacy point products, says CEO Jay Chaudhry. Clients are increasingly buying Zscaler's secure web gateway, private access and digital experience tools as one bundle.
The Russia-based ransomware gang behind the hack of Australia's largest private health insurer says it posted a full set of stolen data. The Australian Information Commissioner said it will probe the insurer's personal information handling practices.
Security, observability and search vendor Elastic will shrink its workforce by 13% due to small and medium businesses reducing their purchases amid the economic downturn. Elastic will lay off nearly 400 of its 3,056 employees as it adopts an automated, low-touch motion for SMB customers.
Hackers stole customer information but not passwords when they broke into password manager LastPass' third-party cloud storage service, the company disclosed. An unauthorized party used information stolen during a dayslong incident in August to exfiltrate the data.
Open Systems has purchased an early-stage Microsoft-centric MSSP to help automate investigating, triaging and responding to basic security alerts. The Silicon Valley-based MDR provider says its acquisition of U.K.-based Tiberium will free up security analysts to focus on preventative defenses.
As three Brooklyn safety net hospitals grapple with the aftershocks of a Nov. 19 cyber incident, sources say other area hospitals are complaining about a lack of transparency. One Brooklyn Health System has been tight-lipped about the cause of the outage, which is suspected to involve ransomware.
Okta has stemmed employee attrition and accelerated customer identity sales by clarifying product function but now has to grapple with longer sales cycles for small to midsized businesses. Okta says efforts to reposition its customer identity offering over the past quarter have borne fruit.
A longer sales cycle for small businesses and delayed subscription start dates for large enterprises have forced CrowdStrike to lower its sales forecast going forward. The Austin-based endpoint security company says deals with SMB clients took 11% longer to close in the fiscal quarter ended Oct. 31.
India's flagship combined public medical university and hospital continues to grapple with the fallout of a cyber incident it underwent last Wednesday. Patient care services remain affected as of Tuesday as physicians and staff use manual processes in place of disabled electronic systems.
The push to migrate applications to cloud-native architectures has driven increased use of containers and created the need for more security, says Veracode CEO Sam King. Veracode's expertise in application security helps the company identify open-source code and known vulnerabilities in containers.
Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.
What does the latest version of India's data protection bill mean for CISOs, and what impact does it have on security practitioners? Khushbu Jain, advocate, of the Supreme Court of India, shares some of the fine print in the draft legislation and discusses some changes that CISOs may need to make.
The shortage of cybersecurity professionals in the United States includes a scarcity of expertise in medical device security, says Bill Aerts, senior fellow and managing director of the University of Minnesota's recently launched Center for Medical Device Cybersecurity.