))
Exclusive, insightful audio interviews by our staff with data breach/security leading practitioners and thought-leaders
A ransomware attack knocking out a medical center's imaging and lab equipment is an incident felt by an entire network of healthcare providers. Entities everywhere should plan for outages even when they don't directly experience an attack, say Aftin Ross of the FDA and Penny Chase of MITRE.By DataBreachToday.com
Businesses should capitalize on AI, ML and robotic process automation to address every event rather than just ignoring the ones deemed unimportant by a SIEM. Palo Alto Networks founder and CTO Nir Zuk says AI can be used to probe security incidents in real time rather than waiting for a breach.By DataBreachToday.com
The latest edition of the ISMG Security Report discusses how investigators saw the collapse of cryptocurrency exchange FTX as "one of the biggest financial frauds in American history," how CISOs can guard against their own liability, and major security and privacy shifts and the outlook for 2023.By DataBreachToday.com
Companies have transitioned since COVID-19 began from lifting and shifting their existing apps to the cloud to entirely rebuilding their applications in cloud-native form. Palo Alto President BJ Jenkins says companies need "shift left" security to get protection as they're coding and building apps.By DataBreachToday.com
When healthcare organizations come together through mergers or acquisitions, it is critical for the entities to carefully assess the cyber risk each poses, as well as its level of cyber maturity, says Jigar Kadakia, CISO and chief privacy officer at Boston-based Mass General Brigham.By DataBreachToday.com
The $250 million acquisition of Cider Security will allow Palo Alto Networks to secure a piece of code from development to its implementation in a runtime environment. CEO Nikesh Arora says the company must understand the tool sets and open-source widgets coming into the customer's supply chain.By DataBreachToday.com
Defenders have made strides in disrupting ransomware, but assessing the effectiveness of countermeasures is tough due to a scarcity of information, says cybersecurity veteran Jen Ellis. "We know what the tip of the iceberg looks like, but we don't know what percentage of that iceberg we can see."By DataBreachToday.com
The Health Sector Coordinating Council is embarking on a five-year strategic plan to help the healthcare and public health sector address future cybersecurity threats, risks and associated difficulties, says Greg Garcia, executive director for cybersecurity at HSCC.By DataBreachToday.com
This week's edition of the ISMG Security Report discusses the mistakes enterprises commonly make when building ransomware defenses, the cybersecurity capabilities being built by the U.S. Department of Energy, and the first female CEO at Securonix - one of only a handful in the vendor community.By DataBreachToday.com
The latest edition of the ISMG Security Report discusses why too few organizations admit to being victims of ransomware attacks, how delayed enterprise subscription start dates forced CrowdStrike to cut sales forecasts, and leveraging threat intelligence to protect critical infrastructure.By DataBreachToday.com
The shortage of cybersecurity professionals in the United States includes a scarcity of expertise in medical device security, says Bill Aerts, senior fellow and managing director of the University of Minnesota's recently launched Center for Medical Device Cybersecurity.By DataBreachToday.com
The latest edition of the ISMG Security Report discusses how the profits of ransomware group Zeppelin have been smashed by security researchers, FTX again highlighting the risks of trading cryptocurrencies, and vendor Extrahop's newly appointed, high-profile president.By DataBreachToday.com
Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems. But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta.By DataBreachToday.com
On the heels of the recent FTX financial meltdown came the theft of millions of dollars that left thousands of investors, exchanges and others in the lurch. Hugh Brooks of CertiK shares the status of data that FTX stores, the role of regulations and best cybersecurity practices for crypto exchanges.By DataBreachToday.com
On the heels of the recent FTX financial meltdown came the theft of millions of dollars that left thousands of investors, exchanges and others in the lurch. Hugh Brooks, director of security operations at CertiK, shares how the funds may have been stolen and what happens next.By DataBreachToday.com
A decade ago, ransomware was one of the internet's petty street crimes, but it has now evolved into a major threat. Tech reporter Renee Dudley, the co-author of a new book titled "The Ransomware Hunting Team," says the FBI lost ground early on in the fight against ransomware.By DataBreachToday.com
Despite the strategic priorities laid out by the Biden administration and initial indicators provided by the Department of Defense, it's unclear how the next national defense strategy will prioritize threats and define the primary role of the U.S. military. Chris Dougherty discusses cyberwarfare.By DataBreachToday.com
Complexity is the enemy of security, and information technology grows ever more complex. Have we created a problem space in computing so complicated that we will be unable to safely operate in it for its intended purposes? Fred Cohen says that's unlikely. He discusses managing risk in the future.By DataBreachToday.com
This edition of the ISMG Security Report discusses how Australian health insurer Medibank is facing stark consequences for not paying a ransom to a group of cyber extortionists, how to limit unnecessary cybersecurity exposure during M&A, and how to manage challenges in hybrid environments.By DataBreachToday.com
Aging medical imaging devices are among those most vulnerable to security incidents, often due to misconfigurations and a lack of security controls, says Elisa Costante, vice president of research at security firm Forescout. She discusses how vendors can reduce security risks in connected products.By DataBreachToday.com
In this episode of "Cybersecurity Unplugged," Dr. Chris Miller, an associate professor of international history at the Fletcher School at Tufts University, discusses the cybersecurity aspects of the Russia-Ukraine war and how perceptions of the two countries may have been inaccurate.By DataBreachToday.com
The latest edition of the ISMG Security Report discusses how Australian health insurer Medibank is deliberating on whether to pay a ransom to extortionists, analyzes the growing number of layoffs in the security vendor space, and shares a tribute to threat intelligence researcher Vitali Kremez.By DataBreachToday.com
It's no secret: As pharmaceutical companies develop new health treatments, adversaries seek to steal or sabotage their intellectual property. This dynamic adds extra urgency to authentication. Tom Scontras of Yubico talks about how the pharma sector approaches authentication.By DataBreachToday.com
Security & ease of use: It is one thing for non-healthcare entities to debate these merits of new authentication in solutions. But in healthcare, where the decisions directly impact patient safety, the stakes are critical. Tom Scontras of Yubico talks about how healthcare approaches authentication.By DataBreachToday.com
Many entities fight an uphill battle against increasingly clever phishing and related scams that lead to serious data compromises, say former CIA analyst Eric Cole and former Department of Justice Assistant Attorney General David Kris, who are both advisers at security firm Theon Technology.By DataBreachToday.com
Too many medical device makers don't pay close attention to the fine details and features of their product designs to ensure they are safe and secure, says Naomi Schwartz, a former product reviewer at the Food and Drug Administration and current cybersecurity adviser at security firm MedCrypt.By DataBreachToday.com
The latest edition of the ISMG Security Report discusses how Russian-speaking ransomware gangs have their eyes on a new target, offers the latest on Australia's data security reckoning and the government’s response, and outlines emerging trends in customer identity and access management.By DataBreachToday.com
Cyberattacks on healthcare entities result in poor patient outcomes, including delayed procedures and even a rise in mortality, according to a recent survey conducted by research firm the Ponemon Institute. Ryan Witt of Proofpoint, which sponsored the study, discusses the findings.By DataBreachToday.com
A study by data privacy firm Lokker found thousands of healthcare providers deploying Facebook Pixel and other similar tracking tools. Those trackers reveal "medical and other data that consumers don't know is being tracked and haven't authorized," says Ian Cohen, Lokker's chief executive officer.By DataBreachToday.com
Plan for a ransomware attack the same way you plan for a hurricane, says Paige Peterson Sconzo, director of healthcare services at security firm Redacted Inc. A cyber incident capable of disrupting network connectivity requires careful thinking about how to revert to the pre-internet era.By DataBreachToday.com
Security flaws in a vital signs monitoring device from a China-based manufacturer could allow hackers to launch an attack that spreads to all other devices connected to the same network. This is among the most serious security issues involving medical devices, says Jason Sinchak of Level Nine.By DataBreachToday.com
CEO Yotam Segev says Cyera eschews the focus of data loss prevention tools on blocking users from pulling down data and instead embraces an approach that reduces friction. Cyera has sought to safeguard data by making preventative changes in areas like configuration, permissions and security posture.By DataBreachToday.com
The latest ISMG Security Report examines whether banks should be held liable for the rapidly increasing Zelle fraud problem, explores the latest M&A activity among IAM vendors, and discusses the implications of the new legal framework for personal data transfers between the U.S. and Europe.By DataBreachToday.com
In this episode of "Cybersecurity Unplugged," as the use of Kubernetes and cloud containers over traditional forms of storage continues to increase, Nikki Robinson of IBM discusses the benefits of breaking down "complicated environments into something that's tangible and easy to manage."By DataBreachToday.com
The latest edition of the ISMG Security Report discusses how adversaries have a new favorite tactic to circumvent MFA, why vendor Akamai is an appealing target for private equity, and what the industry can do differently to attract more females to leadership roles.By DataBreachToday.com
What if you were hired for an office job but ended up negotiating with cybercriminals? There aren’t many rules around ransomware, but this is a story about one rule that was definitely broken. By the end, the path to the truth led to a place on the other side of the world where no one wanted to be.By DataBreachToday.com
In this episode of "Cybersecurity Unplugged," Amit Shah, director of product marketing at Dynatrace, discusses the implications of the Log4Shell software vulnerability and the need for organizations to take an observability-led approach to software development and security going forward.By DataBreachToday.com
Passwords are supported everywhere. But, says Andrew Shikiar, executive director of the FIDO Alliance, "they have been proven time and time again to simply be unfit for today's networked economy." In this episode of "Cybersecurity Unplugged," Shikiar discusses how to move beyond passwords.By DataBreachToday.com
Reusable digital identities are the present and future of cybersecurity, says Gordon Harrison of Jumio. He explains why digital identity techniques are on course to replace existing identity proofing/identity verification tools and systems.By DataBreachToday.com
The United States is arguably involved in a cyberwar against Russia and China - and appears to be losing. In this episode of "Cybersecurity Unplugged," Tom Kellerman of Contrast Security and Richard Bird of Traceable.ai discuss what the U.S. government and companies need to do to win this cyberwar.By DataBreachToday.com
The latest edition of the ISMG Security Report discusses what went wrong for Optus in the wake of one of Australia's biggest data breach incidents, the state of code security today and the growing trend of private equity firms pursuing take-private deals.By DataBreachToday.com
The latest edition of the ISMG Security Report discusses financial giant Morgan Stanley's failure to invest in proper hard drive destruction oversight, the future of ransomware and the gangs that have attacked organizations in recent years, and the methods required to secure new payments systems.By DataBreachToday.com
Dain Drake was CEO of a steel fabrication factory. In June 2019, Drake found himself standing outside a closed adult boutique in Houston at 10:00 a.m. on a Sunday. He called the owner and pleaded for him to come. He needed something inside, which might just save his business - from ransomware.By DataBreachToday.com
The latest edition of the ISMG Security Report discusses the appearance at a Senate hearing this week by the former head of security for Twitter; the top-performing web application and API protection vendors, according to Gartner's Magic Quadrant 2022; and threat trends to watch for in 2023.By DataBreachToday.com
In this episode of "Cybersecurity Unplugged," U.S. Air Force Chief Software Officer Nicolas M. Chaillan, a former DHS and DOD adviser, shares his opinions about the government's handling of DevSecOps and cybersecurity, where progress is being made and where more work needs to be done.By DataBreachToday.com
Vulnerabilities in certain medication infusion pump products from manufacturer Baxter could compromise a hospital's biomedical network. The flaws highlight the risks involving the acquisition and disposal of medical technology, says researcher Deral Heiland of Rapid7.By DataBreachToday.com
In this episode of "Cybersecurity Unplugged," Mark Cristiano of Rockwell Automation discusses Rockwell's cybersecurity journey, the particular challenges of deploying cybersecurity in an OT environment, and the minimum and proper industrial protections that organizations need to have in place.By DataBreachToday.com
The latest ISMG Security Report discusses a new phishing-as-a-service toolkit designed to bypass multifactor authentication, the decision by Lloyd's of London to exclude nation-state attacks from cyber insurance policies, and challenges at Okta after it acquired customer identity giant Auth0.By DataBreachToday.com
Cybersecurity threat modeling: automated tools or manual methods? It's not an either-or situation, say Stephen de Vries, CEO and co-founder of IriusRisk, and Adam Shostack, president of Shostack and Associates. Each approach brings unique business value, and they discuss the merits of both methods.By DataBreachToday.com
The sheer number of connected devices in healthcare environments is one of the top challenges healthcare entities face in adopting a zero trust approach to cybersecurity, says Zachary Martin, senior adviser at law firm Venable. He discusses the obstacles to achieving zero trust in healthcare.By DataBreachToday.com
