As ransomware threats continue to grow in 2022, cyber insurance companies have clearly stated that they do not want to talk about the "cyber" part of insurance, says Sri Lanka-based Sujit Christy, group CISO at John Keells Holdings PLC.
Eva Velasquez, CEO of the Identity Theft Resource Center, shares six predictions for 2022 that show a shift from identity theft to identity fraud as cybercriminals continue to refine who they target, what information they steal and what they do with it.
Lisa Young prepares security teams to protect and defend their organizations from cybercriminals by seeing the things that others miss and asking the questions that others are too afraid to ask. She discusses how critical thinking improves cybersecurity.
"Email security doesn't get the attention it deserves" because "phishing is not going away and is not getting any less," says Jess Burn, a senior analyst at Forrester. She shares best practices for phishing prevention.
How do you identify a BIN - Bank Identity Number - attack, let alone stop it? Ernie Moran, senior vice president of risk at Brightwell Payments, shares his experience of how he managed a BIN attack on his firm.
In the latest weekly update, four ISMG editors discuss the state of cyber insurance today and why its future is uncertain; applying a security-by-design reliability model to analyze vulnerabilities; and how Russia takes down members of the REvil ransomware group as cyber aggressions in Ukraine rise.
Although flaws in Apache Log4j software that need remediating remain widespread in organizations, "some of them are aware of the issue, some of them aren't aware of the issue, and likely this issue is going to be persisting with us for many, many years," says Jeff Macko, an offensive security expert at Kroll.
When Marcel Lehner was hired to be the CISO of MM Group in Vienna, his mandate was clear: to better embed information security management and governance throughout the manufacturer's organization. To do that, he ran a "hearts and minds" campaign to communicate his vision and strategy and boost uptake.
To fight threats, security practitioners need to develop a proactive, offensive risk quantification strategy to establish cyber resilience, says Shaik J. Ahmed, vice president of risk, governance and information security at Mashreq Bank.
"We came up with a structured, documented approach to respond to mitigating the Log4j vulnerability using the EDR scanning tools along with a code validation, containerization, and sandboxing of our applications and networks," says Ian Keller, security director at Ericsson.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
Kerissa Varma, managing executive for cybersecurity at Vodacom, a South African-based mobile communications company, says simulation is the key to a good incident response plan. She discusses her cybersecurity priorities for 2022.
The increasingly connected home is a vulnerable part of the extended enterprise, especially as the line blurs between personal life and work, says Forrester principal analyst Heidi Shey. She encourages organizations to adopt a two-pronged approach to protecting the "work from home" workforce.
With increasing data breaches and ransomware attacks, Nilesh Roy says his top priority is implementing a passwordless environment and securing Spocto's data using its artificial intelligence engine, which processes large amounts of personal financial information without any human intervention.
The Apache Log4j vulnerability capped the end of a long year for CISOs and incident responders. Security leaders Pooja Shimpi and Deepayan Chanda discuss how they have tackled Log4j - and significant lessons learned about incident response and information sharing.