In this update, four editors discuss key cybersecurity issues, including addressing the complexity of security, the rising number of victims targeted by double extortion ransomware and the Information Commissioner's Office's recent consultation on creating an international data transfer agreement.
With deep national security implications, the cyber risks associated with the Defense Industrial Base (DIB) are perhaps the most urgent. Threat actors have realized that targeting vulnerable companies across the defense supply chain can be not only a profitable enterprise but also an alternate method to accessing...
Recent years have seen
firms in electricity generation and distribution, oil, and gas facing increasingly sophisticated
cybersecurity attacks. And the stakes in the energy sector are significantly high.
In May 2021, a cyber attack hit Colonial Pipeline1, and though the attack targeted the company’s
Rant of the day: Are we getting hacked because we now work remotely in the new normal? No, we're being hacked because we're not managing our risks and being lazy - and because the CISO is not being heard.
The digital transformation occurring in healthcare has brought with it a wave of new information security and privacy considerations for hospitals and health systems and the technology companies that serve the industry. With third-party breaches at an all-time high, healthcare providers continue to increase their...
You can't decrease the motivation of ransomware attackers. But you can curb their success by bolstering your own enterprise's approach to access, credentials and privileges. Morey Haber and James Maude of BeyondTrust share insights on ransomware defense.
CISA must update its plans to improve the security - both physical and cyber - within the nation's critical infrastructure, according to a report that specifically looked at issues related to the country's dams and levees. Attacks targeting critical infrastructure have raised the issue.
This convenient handbook for the Functional Safety Standard EN 50128:2011 - “Railway
applications - Communication, signaling and processing systems - Software for
railway control and protection systems" - is all you'll need to get "on board" with this standard.
Currently the systems included under EN 50128...
The top three tactics attackers have been using to break into corporate and government networks are brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails, says security firm Kaspersky in a roundup of its 2020 incident response investigations.
By using the right software development tools, you are able to ensure secure, reliable, and standards-compliant automotive software. Changing standards and best practices along with new and emerging technologies can make selecting the right software development tools a daunting task.
Download this whitepaper to...
The Ragnar Locker ransomware operation has been threatening to dump victims' stolen data if they contact police, private investigators or professional negotiators before paying a ransom. But as one expert notes: "Perhaps the criminals watched too many TV shows, because this isn’t how the real world works."
The most sought-after type of victim for ransomware-wielding attackers is a large, U.S.-based business with at least $100 million in revenue, not operating in the healthcare or education sector, with remote access available via remote desktop protocol or VPN credentials, threat intelligence firm Kela reports.
Ransomware is the result of a criminal blending technology's wonders: networking and encryption. It's a modern-day implementation of extortion, a crime as old as time. The Atlantic Council contends lessons from fighting past extortion schemes, such as plane hijackings, could help fight ransomware.
Because a relatively small number of individuals provide the vast majority of services and infrastructure that power cybercrime, they remain top targets for arrest - or at least disruption - by law enforcement authorities, says cybercrime expert Alan Woodward. But of course, geopolitics sometimes gets in the way.
The Biden administration unveiled a package of supply chain and critical infrastructure security initiatives following a meeting at the White House with tech executives and others. Companies such as Google and Microsoft also promised billions in spending on cybersecurity over the next several years.