Latest

►

General Data Protection Regulation (GDPR)

GDPR: Where Do We Go From Here?

Mathew J. Schwartz  •  June 25, 2019

Even though the EU's General Data Protection Regulation has been in effect for more than a year, it's no privacy panacea, says (TL)2 Security founder Thom Langford. While GDPR has reframed the global privacy discussion, room for improvement remains, he explains in this interview.

►

Application Security

Reinventing Application Security

Nick Holland  •  June 25, 2019

Bob Egner of Outpost24 discusses the challenges involved in improving application security and whether DevSecOps is a "silver bullet."

Governance

Risk and Resilience: Finding the Right Balance

Mathew J. Schwartz  •  June 25, 2019

Finding the right balance between risk and resilience is a challenge for every cybersecurity project - especially in the aerospace, space and defense sectors - and that's why such efforts must be driven by CISOs and CIOs, says Leonardo's Nik Beecher.

Cybercrime

Alleged AlphaBay Moderator Faces Racketeering Charge

Scott Ferguson  •  June 24, 2019

An alleged moderator of the AlphaBay underground marketplace has been indicted for facilitating sales on the darknet site before law enforcement shut it down.

►

Cybercrime

Hacked With Words: Email Attack Sophistication Surges

Mathew J. Schwartz  •  June 21, 2019

The early days of email attacks - so much noise in the form of malware, spam and links - have given way to attacks that often rely on little more than words, and email gateways often struggle to arrest social engineering ploys, says Michael Flouton of Barracuda Networks.

►

Fraud Management & Cybercrime

Life Beyond Blocking: Adopting Behavior-Based Cybersecurity

Mathew J. Schwartz  •  June 21, 2019

Many cybersecurity tools are designed to block or allow specific activities based on prescribed rules, but with insider breaches continuing, enterprise protection also requires real-time reaction to actual user behavior, says Carl Leonard of Forcepoint.

►

Privileged Access Management

Privileged Attack Vectors: Key Defenses

Mathew J. Schwartz  •  June 21, 2019

Attackers crave insider-level access to IT infrastructure and regularly target insiders - and especially administrators- to steal their credentials, says BeyondTrust's Karl Lankford, who advises organizations to ensure they manage, monitor and audit all privileged access.

►

Identity & Access Management

Mitigating Insider Threats With IAM

Nick Holland  •  June 21, 2019

Provisioning and deprovisioning employee credentials is a critical component of mitigating insider threats, says Andrew Clarke of One Identity, who discusses the importance of identity and access management.

►

Governance

The Role of DNS in Cybersecurity

Nick Holland  •  June 21, 2019

DNS is cybersecurity's best-kept secret for eliminating threats, says Stuart Reed of Nominet, who explains the value of analyzing traffic.

►

Training & Security Leadership

Filling the Cybersecurity Skills Gap

Nick Holland  •  June 21, 2019

Gamification can play an important role in addressing the cybersecurity skills shortage, says Giovanni Vigna of Lastline.

Artificial Intelligence & Machine Learning

Facebook's Cryptocurrency Plan Scrutinized

Nick Holland  •  June 21, 2019

The latest edition of the ISMG Security Report analyzes the security and privacy implications of Facebook's new digital currency - Libra. Also featured: Discussions on the rise of machine learning and IT and OT collaboration on cybersecurity.

►

Cybercrime

Troy Hunt: Why Data Breaches Persist

Mathew J. Schwartz  •  June 20, 2019

Bad news for anyone who might have hoped that the data breach problem was getting better. "Anecdotally, it just feels like we're seeing a massive increase recently," says Troy Hunt, the creator of the free "Have I Been Pwned?" breach-notification service. Unfortunately, he says, the problem is likely to worsen.