Enterprise security teams have a namesake job to do – secure their organizations – but it does not have to come at the expense of their colleague’s privacy. How, then, do organizations balance the requirements and expectations of both sides and keep their data secure while ensuring that the company refrains from violating privacy laws?
These days, every report on the Internet of Things (IoT) reminds us that we are continuing to increase our connectivity to the Internet through everyday appliances, sensors, and wearables, despite rampant security risks. In this new Experts Corner, Scott Totzke looks at how already-vulnerable technologies are left wide open.
Is cybersecurity insurance a necessary evil? Assuming it is, how can organizations make the most of their audit and compliance efforts to get the best coverage and rates possible? Expert Alan Zeichick speaks with experts from multiple angles to see how best to streamline the application process.
As the issue of IT threats loom over the unprotected, there are several steps the legal industry can take to ensure critical case data remains intact and accessible. Expert Derek Brost shares some of those tips with us today.
Verizon has released its 10th annual Data Breach Investigations Report (DBIR), a comprehensive and multi-faceted look-back on breach trends, threat actor tactics and apparent motivations, based on analysis by the company or one of its 65 partners of 1,935 breach events occurring in 2016. This Experts Corner article examines some of its findings by some of the industry's top experts.
A new Kaspersky report shows criminals are enjoying profit margins of up to 95% on some DDoS attacks. Attackers are also demanding a ransom from a target in return for not launching a DDoS attack, or calling off an ongoing attack. Ben Herzberg from Imperva tells us why you need to pay attention to these stats.
Want to learn why the $100 million attack on two U.S. Tech companies will accelerate the adoption of machine learning for information security? Then read this Experts Corner from InfoSec expert, Eyal Benishti.
Great advancements have been made in cyber risk insurance since the first policies were introduced nearly two decades ago. Options available in 2017 offer organizations the ability to not only survive a data breach but the resources and finances to swiftly take it head on and win. Cyber threats have evolved but has your approach to insurance?
When it comes to ingesting, digesting, and applying threat intelligence in a meaningful way, it can seem like information overload. With their Threat Catalogue, HITRUST is helping the healthcare industry overcome this challenge with a complete list of security and privacy threats geared toward the threats the industry faces on a daily basis.
It’s 2017 and we can no longer afford to ignore good cybersecurity practices. In this ITSPmagazine exclusive, we connected with top cybersecurity experts to get their recommendations on protecting business and users from malicious attacks.
We’ve heard about cyberattacks against critical infrastructure sites and systems including dams (Bowman Avenue Dam in NY), railroads, electrical grids (Israel, US, Ukraine), and even nuclear power plants (Germany). But it doesn't stop there. And it may not even begin there.
We can learn a lot about a vendor by looking at external indicators of compromise. But, are we getting the whole picture or just framing the risk at the moment?
Psychology skills are supplanting technical skills as a critical hacker skill. "A culture of security is in place when rhetoric is replaced with action," says Gene Fredriksen CISM, CRISC and VP & CISO, PSCU.
The inability to measure the security posture of third-party vendors and the inability to confirm whether they have suffered cyberattacks involving sensitive information serves as a wake-up call for all businesses.
Expert Harry Wan takes a deep dive into the findings of a recent Ponemon Institute survey which should create the call-to-action for businesses to search for processes and tools to help them deal with these challenges.
If you're at a wealthy firm that performs annual SOC1 and SOC2 audits, then you're providing your clients with these reports. If you're not one of the well-funded shops, then you're handling this verification the manual way—over and over again.
Expert Gary Landau digs deeper into the third-party risk - organizations should start by setting a good example.
My telecom provider wants a VPN connection and server login to maintain our phone system and voicemail server. Great. I've outsourced this support to a qualified expert and I just need to ensure they have remote access. Life is good, or is it?
Expert Gary Landau looks at the risks associated with providing access to third-party vendors. Perhaps organizations operating from glass houses shouldn't throw stones.