In the wake of a May cyber-attack against the IT infrastructure of Germany's lower house of parliament, or Bundestag, investigators say they have been unable to eradicate all traces of the Trojan infections, and that up to 20,000 PCs might need to be replaced.
EdgeWave's Mike Walls, a former bomber pilot who led Navy red teams, says penetration testing is useful in analyzing bits and bytes but not the readiness of operations under attack from cyberspace. Red teams, he says, can analyze the impact on operations.
Wary of intrusions, data compromise and theft, organizations increasingly are deploying privileged access management solutions. Idan Shoham of Hitachi ID Systems offers the essential do's and don'ts.
Encrypted browsing - using HTTPS - helps secure online communications, and Apple says developers must now employ the protocol by default. Likewise, the White House says that by 2017, all federal websites must adopt HTTPS-only policies.
Too few security systems interoperate, which makes it difficult for organizations to block or detect data breaches. But Cisco has an interoperability plan to improve the state of cybersecurity defenses, Chief Security Architect Martin Roesch says.
By 2018, Javelin predicts that new account fraud and account takeover will eclipse present worries about POS attacks and retail breaches. Why breached PII should be our biggest worry.
Kaspersky Lab has discovered a new, advanced persistent threat - inside its own networks. Dubbed Duqu 2.0, the malware has ties to Stuxnet, and was used to target Iranian nuclear negotiations, researchers say.
Gartner's Claudio Neiva says there is only so much an intrusion detection and prevention system can do, so organizations need to take additional steps to safeguard critical data and systems.
For Symantec, the investigation into the Duqu 2 began May 29, when Kaspersky Lab shared samples of the espionage malware - which is based on Flame and Stuxnet - and asked the security researchers to help verify its findings.
Fighting fraud requires a well-rounded, defense-in-depth strategy that makes good use of appropriate threat intelligence, says Chris Richter of Level 3 Communications.
The Syrian Electronic Army claims credit for defacing the U.S. Army's public-facing website with propaganda. Following the June 8 hack, the Army took the website offline, pending related fixes.
Two years after the leaks that showed the U.S. National Security Agency spied on America's European allies, the U.S. and Europe still need to rebuild trust so they can collaborate on defending against cyber-attacks, says Carsten Casper of Gartner.
"Show me your dashboard." That's a request security expert Gavin Millard regularly makes to CISOs to demonstrate how today's too-complex dashboards highlight the challenge of gathering and distilling essential security metrics.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.