Who watches the penetration-testing testers? Questions are circulating over how some organizations train their employees for the CREST pen-testing certification after some leaked internal documents appeared to contain material from past tests.
The SANS Institute, which is known for its cybersecurity training courses, is now planning to turn its own data breach into a teachable moment for its membership.
One day, you may drive your Tesla Cybertruck on Cyber Monday to your cybersecurity job, backed by a cyber insurance policy as you safeguard cyberspace against the threat of cyberwar. Or cyber whatever, since we've obviously entered the era of "maximum cyber." But what does cyber even mean?
How many different shades of bizarre is the data breach notification issued by software vendor Blackbaud? Over the course of three paragraphs, Blackbaud normalizes hacking, congratulates its amazing cybersecurity team, and says it cares so much for its customers that it paid a ransom to attackers.
The speed at which IoT is enabling innovation is far outpacing the ability of the security custodians to implement appropriate controls before these devices hit the market. That creates a classic target-rich environment for the bad guys - one that will require vigorous defense and oversight.
Paul Connelly has been CSO at HCA Healthcare for more than 18 years. But no year has been more trying than this one. What has he learned from the COVID-19 experience and the challenge of accelerating digital transformation amid a pandemic?
Security awareness and compliance training is an essential component of mitigating risks for the remote workforce in the financial services sector, says Theo Zafirakos of Terranova Security, who outlines key steps.
What are the biggest leadership lessons from the COVID-19 pandemic? And what will CEOs and CISOs look back on and say, "Why did we ever do things that way?" Those questions were posed to a panel of cybersecurity leaders, and here are their candid answers.
Britain's U-turn on Huawei, announcing that it will now ban the manufacturer's gear from its 5G networks, highlights this as yet unresolved problem: Years of underinvestment and policy failures have left Britain and its allies with no inexpensive, trusted alternative.
Connected devices for consumers don't come with service-level agreements agreements. The travails of Petnet, the maker of an automatic, cloud-enabled pet feeder that has now gone offline offer a tale of caution that points to the need for stronger consumer protection for cloud-enabled devices.
U.S. prosecutors this week unsealed an indictment against the alleged hacker "Fxmsp" after his identity was revealed in a cybersecurity firm's report. That sequence of events has raised questions about information sharing and highlighted law enforcement's reliance on private cybersecurity researchers.
This webinar will provide leaders inside and outside of contact centers with actionable recommendations and proven strategies to keep your organization and its' teams moving forward in our rapidly changing world.
Greg van der Gaast, head of information security at the University of Salford in the United Kingdom, has strong opinions on why some security investments aren't reaping maximum benefits. "We are addressing problems too far downstream," he says.
Many ransomware gangs hell-bent on seeing a criminal payday have now added data exfiltration to their shakedown arsenal. Gangs' extortion play: Pay us, or we'll dump stolen data. One massive takeaway is that increasingly, ransomware outbreaks also are data breaches, thus triggering breach notification rules.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.