The zero trust model has been around for a decade, and the ideas around it have evolved as applications have left the enterprise perimeter, says Lisa Lorenzin of Zscaler. With mobile apps and cloud computing, enterprises are facing challenges creating secure, trusted access paths.
The latest edition of the ISMG Security Report analyzes the "blame game" in the wake of a ransomware attack against the city of Baltimore. Also featured: Discussions of cyberthreats in the financial services sector and open source security concerns.
On the sixth stop of a multi-city tour, ISMG and Sonatype visited San Francisco for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses the relevance and value of this application security conversation.
ISMG and Fortinet hosted a roundtable dinner in Nashville, TN on May 15 focused on "Securing the Digital Enterprise". Challenges in gaining internal buy in for security initiatives and the problems of M&A activity were discussed, and Sonia Arista, National Healthcare Lead of Fortinet provided her insight on the event...
The latest edition of the ISMG Security Report assesses the legacy of WannaCry ransomware two years on. Also featured: the evolving role of healthcare CISOs; threat mitigation recommendations based on the 2019 Verizon Data Breach Investigations Report.
C-level executives are 12 times more likely to be the target of social incidents and nine times more likely to be the target of social breaches. This is among the key findings of the latest Verizon's Data Breach Investigations Report. Author John Grim shares insight.
The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices.
The latest edition of the ISMG Security Report digs into the WhatsApp flaw that paved the way for spyware installation. Also: Microsoft patches old operating systems and a 'virtual CISO' sizes up security challenges.
Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
The way many organizations have handled digital onboarding is fraught with risk - including fraud. But Husayn Kassai, CEO of Onfido, envisions a new future that includes a healthy amount of friction and greater security.
Traditionally, enterprises have built networks and then added security elements. But in what he describes as "the third generation of security," Fortinet's John Maddison promotes a model of security-driven networking. Hear how this can improve an organization's security posture.
The latest edition of the ISMG Security Report analyzes the FBI takedown of DeepDotWeb, a dark net portal. Also featured are discussions on healthcare app security and the repercussions of poor coding security.
Typically, organizations see automated or manual attacks - one type or the other. But increasingly cyberattackers are striking with blended attacks, and the growth and impact of these strikes is concerning. Dan Schiappa of Sophos discusses how to improve detection and defense.
The latest edition of the ISMG Security Report describes a discussion among "Five Eyes" intelligence agencies at the recent CyberUK conference. Plus, an update on a Huawei 'backdoor' allegation and new research on managing third-party risk.
How far does an organization's risk surface extend, and who are the custodians of all that data? A new research report aims to answer those questions. In a joint interview, Kelly White, of RiskRecon and Wade Baker of the Cyentia Institute offer an analysis.