"We felt that it was very important to come out with this and say this was how easy it is for them to break into any U.S. company, and here's how they're doing it," The New York Times' Nicole Perlroth says.
A quick glance at a new survey suggests that businesses care more about protecting the privacy of their customers than governments do about their citizens. That's what the numbers say. But the numbers don't necessarily tell the whole story.
Using technology to prevent breaches is insufficient. Security leaders also must address the human factor, making sure staff members receive appropriate training on clear-cut policies - before it's too late.
"We're going to have to find a way to address the interests of other states to ... find common ground," Secretary of State John Kerry says. "We're just going to have to dig into it a lot deeper. I don't have a magic silver bullet to throw at you here today."
Hacktivists on Jan. 22 threatened more DDoS attacks against U.S. banks and claimed they recently hit three institutions. Despite banks' improvements in staving off online outages, the longevity of the attacks is concerning, experts say.
Independent monitoring shows U.S. banks doing a better job of deflecting DDoS attacks. Nevertheless, DDoS expert John Walker says the attackers continue to represent "a growing threat" to all organizations.
In this newest banking fraud scheme, fraudsters use the customer service chat feature within the online banking platform to schedule fraudulent wires. How can institutions detect and prevent this scam?
How are banks responding to DDoS phase 2? "From a technology standpoint, we have improved our defenses quite a bit," says Dan Holden of Arbor Networks. Experts discuss top DDoS lessons banks have learned.
Mobile attacks are on the rise, and banking institutions need stronger authentication and better defenses against out-of-band compromises. But what else should banks be doing in 2013? Experts weigh in.
Which fraud trends need the most attention from U.S. banking institutions in 2013? Distributed-denial-of-service attacks and account takeover, says FS-ISAC's Bill Nelson, who offers fraud-fighting tips.
Sometimes HIPAA training alone is just not enough to drill into peoples' heads why and how patient information needs to be protected. So, how are organizations getting medical staff to do the right thing?
The answer seems obvious, especially in the context of IT security and information risk. Yet, is it, especially when developing codes and standards, as well as funding research and development initiatives that involve taxpayer money?