In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.
A surprising improvement in loss ratios for cyber insurance providers in 2021 means the rapid rise in premiums might at last subside later this year. The loss ratio declined for the first time since 2018 despite the frequency and severity of claims filed for cyberattacks increasing again in 2021.
In the coming weeks, U.S. President Joe Biden will announce a new executive order to prevent and detect identity theft involving public benefits. Jeremy Grant, coordinator of the Better Identity Coalition, discusses the challenges ahead for the government in combating criminal and identity fraud.
On this week's "Sound Off," we ask John Kindervag, the founder of Zero Trust, for his reaction to the recently released Office of Management and Budget federal strategy to move the U.S. government toward a mature Zero Trust architecture.
Four ISMG editors discuss: how too many organizations fail to implement basic cybersecurity defenses - such as MFA; a proposed lawsuit against health insurer Excellus that calls for an improvement to its data security program; and strategies for securing open-source and other software components.
OMB on Wednesday released a federal strategy to move the U.S. government toward mature zero trust architectures. White House officials say the new strategy - with a focus on MFA, asset inventories, traffic encryption, and more - is a key step in delivering on Biden's May 2021 executive order.
Multi-factor authentication is defined as two out of the three categories of knowledge, possession, and inherence
factors. For example, a password plus SMS OTP would be a combination of knowledge and possession; a
password with biometric would be a combination of knowledge and inherence.
However, there’s also a...
Risk can be a confusing topic, summarized in heatmaps with low, medium, and high as the most accurate indicators.
While valuable to GRC pros, it’s only a small piece of the puzzle. And, more importantly, it’s decidedly not speaking the same language as the rest of the organization.
Risk professionals can now...
The latest edition of the ISMG Security Report features insight from U.S. Sen. Angus King on why the federal government needs to declare a clear response to cybercriminals in order to deter them. Also featured: Ransomware affiliates gain power and promoting diversity of thought in cybersecurity.
Ransomware incidents are becoming a major cause of health data breaches affecting millions of individuals that have been reported so far in 2021, according to the latest additions to the federal tally. What else is topping the list?
The White House is preparing executive branch agencies to adopt "zero trust" network architectures by 2024, with CISA and the OMB overseeing the creation of technology road maps that departments must follow. This is a major component of President Biden's cybersecurity executive order.
The most sought-after type of victim for ransomware-wielding attackers is a large, U.S.-based business with at least $100 million in revenue, not operating in the healthcare or education sector, with remote access available via remote desktop protocol or VPN credentials, threat intelligence firm Kela reports.
The threat of ransomware and other credential theft attacks has only grown over the last year. According to the Verizon Data Breach Incident Report, credential theft accounted for 89% of web application breaches, and phishing attacks increased by 44% across 2020. The recent attack against the Colonial Pipeline company...
Security specialists are offering preliminary feedback on Microsoft's sneak peek at the new security measures to be included in the Windows 11 operating system, which is slated for release in December.