The attacks targeting financial services organizations continue to increase in both volume and sophistication. Security-conscious enterprises need to prepare for threats that emanate from external cybercriminals as well as employee errors and malicious insiders.
While detection, threat intelligence and other...
The Cyber Risk Institute this week is releasing a new version of its "Cyber Profile" risk assessment framework for the financial services industry that includes expanded information on third-party risk and cloud security. Institute founder, Josh Magri, describes the updates.
Threat actors are increasingly weaponizing advanced analytical tools to attack enterprises, which means organizations must change their security strategies, says Ray Boisvert, associate partner, national public sector, IBM Canada.
Businesses must address third party risk or face the loss of hundreds of millions in third party data breaches. While exchanging information with organizations is the lifeblood of business, once data leaves your hands, it takes its own journey through your third parties and their suppliers, and so on. Your data is...
Businesses must address third party risk or face the loss of hundreds of millions in third party data breaches. While exchanging information with organisations is the lifeblood of business, once data leaves your hands, it takes its own journey through your third parties and their suppliers, and so on. Your data is...
COVID-19 accelerated everything else digital; why not fraud, too? In this latest CEO/CISO panel, cybersecurity leaders talk frankly about the pace and scale of new fraud schemes from business email compromise to card not present to insider risk.
The latest edition of the ISMG Security Report features an analysis of the EU General Data Protection Regulation fines that have finally been imposed on Marriott and BA over serious data breaches each suffered. Also featured: Regional digital fraud trends, and a look at the CISO role and its responsibilities.
California voters passed Proposition 24, the California Privacy Rights Act, on Nov. 3, which expands upon the recently activated California Consumer Privacy Act specifically when it comes to enforcement and how businesses handle personal data.
Attackers have been actively exploiting a flaw in Rackspace's hosted email service to send phishing emails, bearing legitimate and validated domain names, as part of business email compromise scams, warns IT security testing consultancy 7 Elements. Rackspace tells customers it plans to fix the problem soon.
A recently identified hacking group dubbed UNC1945 used a never-before-seen zero-day vulnerability in the Oracle Solaris operating system to target corporate networks and plant malware, according to FireEye Mandiant. This threat actor is known to focus on telecom, financial and consulting firm targets.
Brian Brackenborough, CISO, Channel 4, the British television network, and Nick Nagle, CISO, Security Critical, a U.K.-based consultancy company, discuss the lessons learned in 2020 and how they might impact the year ahead, agreeing that 2021 provides an "opportunity for a re-set."
Data breaches are a rapidly growing problem for businesses worldwide. People-centric threats can jeopardize enterprises even more than technical vulnerabilities.
On behalf of Proofpoint, The Economist Intelligence Unit surveyed more than 300 corporate executives on how they are managing the frequency and severity...
The U.K. NCSC responded to over 700 cyber incidents over a 12-month period, 200 of which were related to the COVID-19 pandemic, according to the cyber agency's annual report. NCSC also notes that's it's preparing to step-up its response to cyber incidents involving the NHS and vaccine development.
Microsoft plans to patch on Nov. 10 a zero-day kernel vulnerability found by Google's Project Zero bug-hunting team. Google released the details of the flaw after a week because attackers are using it in the wild.