Microsegmentation is a fundamental approach to achieving a mature zero-trust-guided strategy. But before tackling the complex job of microsegmenting infrastructure, IT teams must understand the business context and criticality of the data, said Robert LaMagna-Reiter, CISO at Hudl.
What if the world had access to memory-safe hardware for both IT and operational technology environments that could outright block many types of vulnerabilities from being exploited as well as make code safer to run on legacy systems? Enter the U.K.'s Digital Security by Design initiative.
The many kinds of OT and IoT gear that are not regulated medical devices but are critical to run hospitals and other care facilities present a variety of cybersecurity and patient safety concerns, said Dr. Benoit Desjardins, professor of radiology at the University of Pennsylvania Medicine.
Credentials, akin to the keys of our online presence, unlock access to sensitive systems. However, when these keys fall into the wrong hands, cyber attackers gain effortless entry, often exploiting lateral pathways to reach valuable assets.
The problem: Recent statistics, as of March 2024, indicate that a...
Credentials serve as the keys to our online existence but once they are compromised cyber attackers gain frictionless entry into sensitive systems and can often move laterally to find your crown jewels.
The problem: As of March 2024, 86% of breaches now involve credential compromise.
The solution :This...
Facebook's attempt to navigate European privacy regulations by giving users a fee-based opt-out from behavioral advertising triggered backlash from more than a dozen European politicians who accused the social media giant of treating human rights as a commodity.
In the latest weekly update, Grant Schneider of Venable LLP joined three ISMG editors to discuss the future of U.S. federal cybersecurity and privacy legislation, AI integration and recent CISA developments - all set against a backdrop of political complexities.
Healthcare organizations and makers of medical devices need to think about how to safeguard their critical medical gear against future cyberthreats, including the looming dangers posed by quantum computing, said Mike Nelson, global vice president of digital trust at security firm DigiCert.
Researchers at security firm Salt Security have uncovered multiple vulnerabilities in third-party plug-ins used in ChatGPT, including a zero-click account takeover flaw that was triggered when users attempted to install the plug-in using their ChatGPT accounts.
Advanced attackers increasingly feel the need for speed, lowering the time they spend lurking after they infiltrate networks before exfiltrating data and crypto-locking systems, experts warn in a review of top hacking strategies seen in 2023. Cue challenges for defenders.
The U.S. Securities and Exchange Commission (SEC) now mandates public companies to disclose major cybersecurity incidents and outline their cybersecurity risk management annually, starting December 2023. This aims to standardize disclosures, offering investors more consistent information.
Key regulation elements...
The U.S. healthcare sector needs to closely watch government regulatory and legislative developments involving artificial intelligence, including the European Union AI Act, said Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.
It's critical for hospitals and other firms to not only prepare for how they will respond to a cyberattack but also to consider the regional impact if a neighboring provider of services needed in the community is disrupted by a serious cyber incident, said Margie Zuk of Mitre.
Healthcare sector organizations need to focus their attention on meeting the "voluntary" essential and enhanced cybersecurity performance goals set out by federal regulators before they become potential mandates, said Kate Pierce, virtual information security officer at Fortified Heath Security.
Experts told ISMG a final version of the Cybersecurity and Infrastructure Security Agency's self-attestation form for federal software providers takes bold steps to ensure new technologies are made with "secure by design" principles but lacks critical components that should come in future versions.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.