The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.
An internal CIA report from 2017 - just released in heavily redacted form - found that the agency's failure to secure its own systems facilitated the massive "Vault 7" data breach that enabled classified information, including details of 35 CIA hacking tools, to be leaked to WikiLeaks.
A former administrative employee of a medical marijuana clinic and several other clinics was recently sentenced to serve time in federal prison after pleading guilty to identity theft and wire fraud. The case illustrates the potential risks posed by employees inappropriately using personal devices.
A former IT administrator for an Atlanta-based building products distribution company has been sentenced to 18 months in federal prison after he sabotaged the firm by changing router passwords and damaging a critical command server. Overall, Charles E. Taylor caused more than $800,000 in damages.
Even in the best of economic circumstances, enterprises face risks of insiders stealing data or selling access to systems. But Joseph Blankenship of Forrester says the possibility of layoffs due to the COVID-19 pandemic puts enterprises at more risk of insider threats.
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?
With the massive shift to telework as a result of the COVID-19 pandemic, shadow IT is becoming a more critical security issue around the world. Security experts offer tips on mitigating the risks involved.
The latest edition of the ISMG Security Report offers a discussion of the potential insider threats posed by the remote workforce during the COVID-19 crisis. Also featured: An update on payment fraud shifts and the long-term outlook for the cybersecurity market.
A global health crisis. A remote workforce. Economic uncertainty. These are key ingredients to fuel the insider threat. Randy Trzeciak of the CERT Insider Threat Center at Carnegie Mellon University offers tips for monitoring risky behavior and creating positive incentives to reduce risk.
The SEC has settled charges against two traders who were accused of profiting from the hacking of an SEC EDGAR system server in 2016. The Ukrainian man who allegedly hacked the system by bypassing its authentication control remains at large.
Careless and malicious insiders, overly complex IT infrastructure and having an excess of privileged users continue to pose serious risks to the integrity of corporate cybersecurity practices, says Timothy Brown of SolarWinds.
Wall Street has been hit by the twin threats of the new coronavirus as well as oil prices plummeting, with the Dow dropping 2,000 points on Monday for its worst day in 12 years. Amidst fears that a recession could tank the global economy, some experts still see upsides for the cybersecurity sector.
The latest edition of the ISMG Security Report discusses the developing definition of "Insider Risk." Plus, Former DHS Secretary Michael Chertoff on U.S. 5G rollout plans; Cloud Security Alliance on containers and microservices.
Technology has enabled a whole new wave of "accidental" insider threats - people who make a mistake or are taken advantage of by attackers. What role can technology now play in improving insider threat detection and response? Three CISOs share their insights.
As the RSA 2020 conference showcased "The Human Element," Palo Alto Networks' M.K. Palmore turned his attention to the passive insider threat - the one that intends no malicious harm, but whose actions can lead to costly breaches.