Getting cybersecurity right means CISOs need peer relationships with other operations executives. CISOs need board access and a handle on the company business, writes Ian Keller, director of security at a telecom company. "And then you'll wake up and realize this is not as simple as it sounds."
Three ISMG editors discuss important cybersecurity issues, including the sharp rise in Maui ransomware attacks, how the FBI seized cryptocurrency ransom payments worth $500,000 from North Korean attackers and advice for CISOs navigating the great zero trust debate.
Atlassian released a patch for a critical vulnerability in its workspace collaboration tool Confluence stemming from hard-coded credentials. The Australian company found no evidence of exploitation of the flaw that allows remote, unauthenticated attackers access to vulnerable servers.
Harish Sekar, senior technical evangelist & head of business development, ManageEngine, discusses the ways in which a CISO's job can be a "nightmare," offers tips on how to manage the "how" as well as the "what" of zero trust and handle product sprawl, and weighs in on the importance of false positives.
Satyavathi Divadari's passion for continuous learning has helped the chair of the Cloud Security Alliance to grow her career in cybersecurity. Divadari discusses the advantage of working in multiple industries, her devotion to including women in cybersecurity and some of her career highlights.
To be cyber resilient, an organization needs visibility across the entire infrastructure landscape, says Venugopal Arcot, senior director and head of solution consulting at ServiceNow. He discusses including the board in security conversations and integrating enterprise data in one location.
The best protection against a ransomware attack is a very good backup policy, says Krishna Sastry Pendyala, partner, cybersecurity, at Ernst & Young. He discusses ransomware trends in Asia, how CISOs view the question of whether to pay a ransom, and where cyber insurance fits in.
The basic foundation of designing a reliable and dynamic cyber resilience program is to have an elaborate incident response plan that can take into account different cyberthreat scenarios and outcomes, says Singapore-based Christophe Barel, who is managing director for Asia-Pacific at FS-ISAC.
Compromised logon credentials are the root cause of most data breaches, especially because users tend to reuse passwords, says Vikas Malhotra. Passwords are not going anywhere, he says. The LastPass India country manager also discusses password management and managing identities.
With dozens of cybersecurity vendors offering solutions, today's zero trust debate is not about whether to do it but rather how to implement it. Some argue that firewalls and VPNs are dead while others caution against cobbling together new solutions. Experts advise to start small - but start now.
How does a zero trust architecture help reduce the risk of remote access to corporate networks? Ajay Kumar Dubey, channel director at Forcepoint, shares his views on why VPNS are no longer relevant. He also discusses implementing SASE and controlling access to cloud and private apps.
Researchers at BitSight say a common GPS tracker used in fleet management by organizations around the globe could be used by hackers to abruptly stop vehicles on highways or disable a car for ransom. Chinese manufacturer MiCODUS hasn't responded to researchers or U.S. officials.
Thales plans to enter the customer identity and access management market through its purchase of an emerging European CIAM player. The French firm plans to capitalize on OneWelcome's strong product by extending its footprint beyond Europe and into North America and Asia-Pacific.
Cyberattacks aren't just an annoyance but have real-world effects. Case in point: ransomware attacks on Colonial Pipeline and on food processor JBS. IBM Security's Chris McCurdy discusses these developments and security scenarios emerging from the cyber-physical fusion.
A new assessment framework aims to help patients, healthcare providers and others examine the various privacy, security and other risks of digital health technologies, says Tim Andrews of the nonprofit Organization for the Review of Care and Health Applications, which co-developed the framework.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.