While many organizations rely on employee training to help mitigate the risks of spear phishing, such efforts are generally ineffective, says Eric Johnson of Vanderbilt University, who explains why a technical solution might be better.
The National Institute of Standards and Technology this spring will unveil updated guidance on role-based cybersecurity training, which will help government agencies as well as private businesses to protect information.
Technology is the biggest challenge to ethics and compliance in organizations today, says Deloitte's Keith Darcy. "We have the capacity to do things before we ever consider the ethical consequences ..."
From new malware to the Target breach, cyber-attacks reached an all-time high in 2013, says Cisco's Annual Security Report. Cyberthreat expert Levi Gundert tells how organizations can regain the advantage in 2014.
Target Corp. is providing $5 million to help fund an effort to educate consumers about the risks of cybercrime. Meanwhile, a group of House Democrats had called for a hearing about the retailer's breach, while two senators have demanded details.
Training that's designed to help workers avoid clicking on links from spear-phishing e-mails may be ineffective because employees often fail to read training materials, says Eric Johnson, a Vanderbilt University professor who's co-author of a new study on the subject.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.
Call center fraud is one of the leading threats that financial institutions will battle next year because fraudsters consider the centers to be an easy target. But what can be done to mitigate this threat?
Managers at all levels must understand their responsibilities in providing role-based cybersecurity training, says Patricia Toth, a computer scientist at the National Institute of Standards and Technology.
Wayne Dunn, CTO of HarborOne Bank in New England, says improving vendor management is a top security priority for institutions in 2014. As more core banking functions are outsourced, due diligence becomes increasingly critical.
In case you missed ISMG's 2013 Fraud Summit - or even if you were there and want to share insights with colleagues - I'm pleased to announce the availability of a series of session videos featuring top fraud experts.
U.S. Attorney Steve Wiggington says identity theft, especially linked to card skimming, is still the No. 1 fraud threat facing financial services institutions as well as consumers. He stresses information sharing is critical for fighting fraud.