Latest

►

3rd Party Risk Management

ISMG Editors' Panel: Are Our Systems Too Complex to Secure?

Anna Delaney  •  October 15, 2021

In this update, four editors discuss key cybersecurity issues, including addressing the complexity of security, the rising number of victims targeted by double extortion ransomware and the Information Commissioner's Office's recent consultation on creating an international data transfer agreement.

Account Takeover Fraud

Teenage Cybercrime: Giving Young Hackers A Second Chance

Anna Delaney  •  October 15, 2021

The latest edition of the ISMG Security Report features an analysis of attempts made by European law enforcement to encourage young cybercriminals to channel their skills in more ethical ways. Also featured: Fraud detection and response; inspiring behavioral change.

3rd Party Risk Management

To Repel Supply Chain Attacks, Better Incentives Needed

Mathew J. Schwartz  •  October 14, 2021

The breach of text message routing giant Syniverse revealed yet another supply chain attack involving a key supplier, exacerbated by outdated communications protocols desperately in need of a security revamp and better incentives for improvement, says mobile telephony security expert Karsten Nohl.

3rd Party Risk Management

US Convenes Global Ransomware Summit Without Russia

Dan Gunderman  •  October 13, 2021

The White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations. This gathering aims to elevate both law enforcement collaboration and diplomatic efforts. Noticeably absent from the summit: Russia.

Cybercrime

CISA to Access Agencies' Endpoints, Help Enhance Security

Dan Gunderman  •  October 12, 2021

In an effort to bolster endpoint protection within the U.S. government, the White House is ordering federal agencies to allow CISA to access existing deployments. It is also setting timelines for improving the protection of workstations, mobile phones and servers.

COVID-19

UK Cybersecurity Agency Releases New BYOD Guidance

Mihir Bagwe  •  October 12, 2021

The UK's NCSC has published an updated guidance for employees using their personal devices for work. The agency offers technical controls for different types of bring-your-own-device, or BYOD, deployments. And a Bitdefender report stresses the need for good cyber hygiene when using BYOD.

Cybercrime

Ransomware: No Decline in Victims Posted to Data Leak Sites

Mathew J. Schwartz  •  October 12, 2021

One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators' dedicated data leak sites, as part of their so-called double extortion tactics. Unfortunately, the number of victims doesn't appear to be declining.

CISO Trainings

Analyzing the Results of the 2021 Cybersecurity Complexity Study, EU & UK

Information Security Media Group  •  October 8, 2021

In this exclusive interview, Martin Cook, Senior Solutions Engineer with ReliaQuest, discusses how to reduce complexity, increase visibility and tap into new resources to enhance your own abilities to detect, investigate and respond to attacks.

►

Application Security

ISMG Editors’ Panel: First Fatality Linked to Ransomware?

Anna Delaney  •  October 8, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of product security, the impact of ransomware on healthcare sector entities during the pandemic and thinking about cybersecurity awareness creatively.

3rd Party Risk Management

Finding New Ways to Disrupt Ransomware Operations

Anna Delaney  •  October 8, 2021

The latest edition of the ISMG Security Report features an analysis of the arrest of two suspects tied to a major ransomware group in Ukraine. Also featured: Introducing "The Ransomware Files" and defining the next-gen CISO.

Cybercrime

HHS Warns Healthcare Sector About LockBit 2.0 Threats

Marianne Kolbasuk McGee  •  October 7, 2021

Federal regulators are warning healthcare and public health sector organizations of potential attacks by the ransomware group LockBit 2.0 and its affiliates. The group claimed credit for the August attack on consultancy firm Accenture. What preventative steps should healthcare sector entities take?

Breach Notification

New Bill Would Require Ransom Disclosure Within 48 Hours

Dan Gunderman  •  October 7, 2021

U.S. lawmakers have introduced legislation that would require the reporting of ransom payments within 48 hours of the transaction. The bill would also require DHS to create a voluntary website to log ransom payments and task the department with studying ransomware and cryptocurrencies.