Many Indian organizations are not prepared to detect a breach, readiness assessments conducted by Smokescreen Technologies show, says Raviraj Doshi, the company's CTO, who describes current detection challenges.
With the increased emphasis on detection and response, practitioners may be beginning to dilute the fundamentals of security, neglecting the need to first protect and defend, says Brijesh Datta, CISO at Reliance Jio Infocomm.
Some security practitioners in India are questioning the value of the government setting up a CERT for the financial sector as well as a second Cyber Coordination Centre in Delhi to help deal with the changing cyber threat environment.
It's not enough to comply with government and industry regulations such as SOX, PCI, MICS, and HIPAA. Organizations must also prove their compliance to auditors on a regular basis. Even companies not bound by regulatory requirements may need to confirm their adherence to internal IT security policies.
But...
The cost of a data breach can throw businesses into turmoil and derail careers. And that cost continues to rise. The potential for significant damage is massive on servers like IBM's Power Systems servers running IBM i, because they're widely used for database management, financial data processing, and business...
Security leaders face more threats than they'd like, but with fewer security personnel than they need. Aaron Miller of Palo Alto Networks discusses the case for new automated security solutions.
The latest edition of the ISMG Security Report leads off with a look at why organizations turn to paper when critical systems can't be secured. Also, how to hack air-gapped systems over the internet.
The back story behind the ransom attack that led to the unauthorized early release of the Netflix series "Orange Is the New Black" is a cautionary tale in dealing with cyber extortionists such as The Dark Overlord.
A just-released study from IBM Security and the Ponemon Institute documents the rising costs of data breaches, but IBM's security lead Kartik Shahani in an interview discusses ways organizations can mitigate those costs, including investing in sound governance practices.
South Korean web hosting firm Nayana has agreed to pay attackers a record-shattering $1 million to unlock 153 Linux servers crypto-locked by ransomware. Security researchers say the infection was likely exacerbated by the company running ancient versions of the Linux kernel, as well as Apache and PHP.
Concerns over Russian hacking of state election systems are mounting. In New York, Gov. Andrew Cuomo has ordered a review of security efforts related to state elections. On Capitol Hill, Sen. Mark Warner wants DHS to release additional details relating to cyberattacks targeting state election systems.
A new dump from WikiLeaks has revealed an apparent CIA project - code named "CherryBlossom" - that since 2007 has used customized, Linux-based firmware covertly installed on business and home routers to monitor internet traffic and exploit targets' devices.
Cybercriminals and nation-state threat actors are beginning to act alike - and that's bad news for cybersecurity leaders and their enterprises, says Eward Driehuis of SecureLink. Here are the trends to track.
Former U.S. CISO Gregory Touhill says the federal government must rethink how it hardens its workforce to prevent cyberattackers from succeeding. Organizations, he says, should regularly conduct cybersecurity exercises to help build their cyber defense.
The city of Dubai has launched a revised cybersecurity strategy that offers voluntary guidance for businesses and government units. Some observers say it represents a substantial improvement over earlier efforts, while others say it fails to articulate an action plan to help secure UAE against new threats.
