U.K. businesses shy from involving police in cyber incident response for fear of regulatory consequences, lawmakers sitting on Parliament's Joint Committee on National Security Strategy heard. Allowing businesses to anonymously disclose incidents would result in more data, suggested a witness.
In the next three years, CISOs face daunting challenges, including rapidly changing threat vectors, new APT attacks and the implementation of new defensive solutions, says Anuprita Daga, chief information security officer and chief data protection officer at Yes Bank.
The United Kingdom is the newest front in the long-fought conflict over end-to-end encryption, as a slew of civil society groups urge the prime minister not to back legislation empowering regulators to force online intermediaries into providing decrypted messages.
What does the latest version of India's data protection bill mean for CISOs, and what impact does it have on security practitioners? Khushbu Jain, advocate, of the Supreme Court of India, shares some of the fine print in the draft legislation and discusses some changes that CISOs may need to make.
Software life cycle management has always been part of the development team, but organizations are now looking to extend the process beyond the development team to manage the entire supply chain, says Nahas Mohammed, regional sales director at GitHub India.
DevSecOps is about security enablement at every stage within the organization - the people, process and technology. To begin the DevSecOps journey, organizations should enable and empower technology teams to think about secure design first, says GitHub's Hatim Matiwala.
Microsoft says vulnerabilities in outdated web servers are likely responsible for a cyberattack last month against Indian energy giant Tata Power. Attackers targeted Boa servers, which were discontinued in 2005, to potentially compromise Tata and other critical infrastructure organizations around the world.
Bad actors, both external and internal, can steal and manipulate data during file transfer, as most firms don't have end-to-end encryption in place. Raghunandan Kaushik, regional sales director for India and SAARC at Fortra, discusses security blind spots and best practices to address these gaps.
The nefarious LockBit 3.0 cybercriminal group is claiming responsibility for the ransomware attack that halted municipal services and shut down employee email accounts in Westmount, Quebec, giving the city a deadline of Dec. 4 to make an undisclosed ransom payment.
An Australian nonprofit children's charity warned about 80,000 donors of the compromise of their credit card and personal information resulting from a recent hacking incident. The Smith Family says the hacker failed to steal any charity funds but did manage to access donor data.
Why is credential stuffing hard to solve? Are weak passwords the only reason behind credential stuffing attacks? Experts Sanjay Singh, head of DevSecOps at Games24x7, and Navaneethan M., CISO at Groww, explain how geo-based authentication, user behavior analytics and monitoring can detect breaches.
As the banking sector undergoes digital transformation, the future of banking requires both securing transactions and building cyber resiliency through consistent cyber drills and creating a private network for secure financial transaction, says professor D. Janakiram, director of IDRBT.
Some organizations struggle with deciding whether to add an XDR framework to the existing threat detection and response layer, but a good analysis engine can simplify the process of processing data from multiple sources, according to SentinelOne's Vats Srivatsan and Diwakar Dayal.
A well-orchestrated strategy for responding to ransomware or malware intrusion requires the right mindset and an approach that covers the entire kill chain process. Nitin Varma, managing director of CrowdStrike for India and SAARC, discusses how to respond and restore after being attacked.
Much groundwork needs to be laid to launch 5G services. The government and telecom groups must work with an ecosystem of partners from academia, research and development, standards bodies and telecom equipment and handset manufacturers, and all must tackle network and equipment security issues.