Facebook's response to news reports.

Report: Facebook Stored Millions of Passwords in Plaintext

Scott Ferguson • March 21, 2019

Facebook has corrected an internal security issue that allowed the company to store millions of user passwords in plaintext that were then available to employees through an internal search tool.

Cybercrime

Adapting to the Privacy Imperative

Latest

Cybersecurity

Cyber Risk Management: Why Automation is Essential

Mathew J. Schwartz • March 22, 2019

The challenge of wanted to adopt the latest and greatest point products, as opposed to opting for a more platform-based approach, seems never-ending, and can only be managed by bringing greater amounts of automation to bear, says Skybox Security's Michelle Cobb.

Breach Response

Washington, D.C. AG Wants Better Data Breach Protection

Scott Ferguson • March 22, 2019

Karl Racine, the attorney general for Washington, D.C., is looking to strengthen the District's data breach laws, specifically by offering greater protection for consumers and holding businesses accountable when they are breached or lose data.

Data Breach

GDPR: Data Breach Notification 101

Mathew J. Schwartz • March 22, 2019

Since the EU's new GDPR privacy law came into effect in May 2018, one challenge for organizations that suffer a breach is knowing whether or not they must report it to authorities, says Brian Honan, president and CEO of BH Consulting in Dublin.

Breach Response

EU Seeks Better Coordination to Battle Next Big Cyberattack

Scott Ferguson • March 22, 2019

Life after WannaCry and NotPetya: Europol, the EU's law enforcement intelligence agency, wants member states to be able to rapidly respond to the next big cyberattack against Europe. But with warnings of ongoing Russian election interference campaigns, the next big attack may already be underway.

Anti-Malware

Microsoft Brings Defender ATP Platform to macOS

Jeremy Kirk • March 22, 2019

A decade or more ago, this would have been unthinkable: Microsoft developing an anti-malware platform for macOS. But Windows Defender ATP is now available for Macs via a limited preview. Microsoft says the move will help protect customers running non-Windows machines.

Cybersecurity

The Future of Cybersecurity Education - Part 2

Tom Field • March 22, 2019

What are America's universities doing to help fill the cybersecurity skills gap felt by enterprises worldwide? In part two of a two-part panel discussion on the future of cybersecurity education, Lisa Ho of the University of California-Berkeley and Amit Elazari Bar On of Intel Corp. offer insights.

Cybersecurity

The Future of Cybersecurity Education - Part 1

Tom Field • March 22, 2019

What is the role of professional certification companies in the cybersecurity education ecosystem? In part one of a two-part panel discussion on the future of cybersecurity education, John McCumber of (ISC)2 and Rob Clyde of ISACA share their philosophies.

Awareness & Training

Norsk Hydro's Ransomware Headache

Nick Holland • March 22, 2019

The latest edition of the ISMG Security Report discusses the recent ransomware attack on aluminum giant, Norsk Hydro. Plus, confessions of a former LulzSec and Anonymous hacktivist, and the growing problem of cyber extortion.

Governance

Mitigating the Insider Threat at Scale

Tom Field • March 21, 2019

Enterprises are getting wiser to understanding the insider threat. But mitigating it? That remains a challenge - especially at a large scale. Mohan Koo of Dtex Systems talks about how to blend human and data analytics to address the challenge.

Fraud Management & Cybercrime

The Art of the Steal: Why Criminals Love Cyber Extortion

Mathew J. Schwartz • March 21, 2019

Criminals continue to target organizations and individuals with extortion schemes, in part via such cybercrime schemes as infecting targets with Ryuk and GandCrab ransomware, say Raj Samani, chief scientist of McAfee, and John Fokker, McAfee's head of cyber investigations.

Awareness & Training

Beyond Phishing: The New Face of Cybersecurity Awareness

Tom Field • March 21, 2019

As CEO of Terranova Security, an awareness training provider, Lise Lapointe sees an evolution of education programs that used to be merely phishing simulation tests. What are the most effective forms of training?

Endpoint Security

North Carolina County Suffers Repeat Ransomware Infections

Scott Ferguson • March 21, 2019

Attackers have hit North Carolina's Orange County with ransomware for the third time in six years. Government officials say IT teams have been working overtime to restore systems, and that no data has been lost.