When it comes to warding off phishing attacks, too many organizations are reliant on internal awareness campaigns. But a more proactive defense and controls are needed, says John "Lex" Robinson of PhishMe.
The latest edition of the ISMG Security Report leads with an analysis of a British parliamentary probe into the WannaCry ransomware attack on England's National Health Service. Also featured: a discussion of cyber threats posed by outdated industrial systems.
The United Kingdom might be greater than the sum of its parts. But when it came to the WannaCry outbreak, some parts of the United Kingdom did less great than others. Here's how the governments and health boards of Scotland, Northern Ireland and Wales are responding.
The National Health Service in England should have been able to block the "unsophisticated" WannaCry ransomware outbreak, U.K. government auditors have found. Security experts say the findings should be studied by senior executives across all industries to "learn from the mistakes of others."
Malware is widely available in an "as-a-service" model on the cybercriminal underground to anyone with criminal intent and a bit of money, says John Shier, senior security adviser at Sophos, who explains exactly how the model works in this in-depth interview.
The BadRabbit ransomware attack appears to have been designed for smokescreen, disruption or extortion purposes, if not all of the above. So who's gunning for Ukraine and how many organizations will be caught in the crossfire?
As organizations combat BadRabbit, the latest global ransomware campaign, healthcare entities in the U.S. should monitor the situation and take preventive measures to avoid becoming the next potential victim of any emerging malware, experts advise.
New ransomware called BadRabbit is directly targeting at least 200 organizations, primarily in Russia and Ukraine. The crypto-locking malware demands a ransom, payable in bitcoins, in exchange for a decryption key, and it appears to borrow code from NotPetya ransomware.
A lawn mower engine manufacturer's notification to federal regulators of a health data breach impacting thousands of its workers highlights the HIPAA compliance duties for businesses that are self-insured for healthcare.
Spammers wielding Locky ransomware have a new trick up their sleeves: the ability to infect PCs via malicious Microsoft Word documents that use the Dynamic Data Exchange application-linking feature built into Windows to push ransomware onto victims' systems.
A small Missouri clinic admits paying a ransom to unlock data after a ransomware attack in August encrypted patient data on a file server, as well as backups. The incident spotlights the dilemmas healthcare organizations can face after a ransomware attack if they're not well-prepared.
The clock is ticking on the General Data Protection Regulation (GDPR) coming into effect and while there isn't wide scale panic yet, lots of organizations are either in denial or just coming to grips with its implications. The difficulty with GDPR is that the regulation states the "WHAT" but pretty much is silent on...
A Belgian security researcher has discovered a "serious weakness" in the WPA2 security protocols used to encrypt many WiFi communications. Attackers can exploit the flaws to eavesdrop as well as potentially inject code such as malware or ransomware into WiFi-connected systems. Prepare for patches.
The Dark Overlord, a hacking group that hijacks data from businesses and holds it for ransom, is now threatening school districts. The apparent intent isn't to get ransoms from schools per se, but to create a fear campaign designed to scare big businesses into paying the group's ransoms.
The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? Jacob Olcott of BitSight discusses how to prepare for this new generation of cybersecurity regulations.