Latest

►

3rd Party Risk Management

Help Available for Tackling Legacy Medical Device Security

Marianne Kolbasuk McGee  •  May 25, 2023

Healthcare providers are struggling with protecting legacy medical devices against a rising tide of cyberthreats. New Health Sector Coordinating Council guidance can help, said Jessica Wilkerson of the Food and Drug Administration and Mike Powers of Intermountain Health.

Fraud Management & Cybercrime

Phishing Vendor Sells IP Addresses to Duck Anomaly Detection

Prajeet Nair  •  May 19, 2023

A large-scale phishing-as-a-service operation is shifting tactics to allow attackers to avoid anomaly detection by using localized IP addresses, warns Microsoft. The U.S. Secret Service has reported that BEC incidents cost global enterprises more than $43 billion in losses over a five-year span.

►

Blockchain & Cryptocurrency

ISMG Editors: The Plot Thickens for Capita in Breach Fallout

Anna Delaney  •  May 19, 2023

In the latest weekly update, four ISMG editors discuss the mounting fallout from the March hack of Capita and accompanying data breach, the comprehensive crypto regulation adopted by the EU, and Crosspoint Capital's agreement to purchase Absolute Software for $657 million.

HIPAA/HITECH

Feds Hit Vendor With $350K Settlement in FTP Server Breach

Marianne Kolbasuk McGee  •  May 16, 2023

Federal regulators fined a practice management software and services vendor $350,000 in the aftermath of an investigation into a 2018 HIPAA breach that involved a file transfer protocol server mishap. The company said the incident was the result of "a singular human error."

►

Multi-factor & Risk-based Authentication

Profiles in Leadership: JT Jacoby

Michael Novinson  •  May 10, 2023

The International Rescue Committee has identified new processes and ways to safeguard information in the midst of rapid digital transformation, according to CISO JT Jacoby. The IRC went from having multi-factor authentication deployed on just 1,500 devices in November to more than 10,000 today.

►

Video

Profiles in Leadership: Vlad Brodsky

Michael Novinson  •  May 10, 2023

OTC Markets Group in recent years has gone from having almost sector-specific cybersecurity regulations to highly robust ones, said CISO Vlad Brodsky. Since 2016, the New York-based financial market has been subject to stringent policies and procedures to ensure OTC's cybersecurity and resiliency.

►

Standards, Regulations & Compliance

Ron Gula's Cybersecurity Mission: 'Data Care,' Inclusivity

Mathew J. Schwartz  •  May 7, 2023

Ron Gula practices what he preaches. The cybersecurity industry veteran who formerly led a market-leading vendor now works as an investor and philanthropist and focuses on expanding inclusivity - most recently via a $1 million grant to nonprofits that promote neurodivergent opportunities in cyber.

►

Artificial Intelligence & Machine Learning

Using Generative AI Tools to More Effectively Clean Up Data

Michael Novinson  •  May 7, 2023

Artificial intelligence can solve really old problems around data wrangling and data protection that are essential to many security investigations, said Norwest Ventures' Rama Sekhar. The VC firm is looking at emerging companies that use large language models to automatically clean up data.

►

Artificial Intelligence & Machine Learning

AI: Grappling With Trust, Risk and Security Management

Tom Field  •  May 4, 2023

AI Trust Risk and Security Management - AI TRiSM - is a new Gartner research category, and distinguished analyst Avivah Litan is assigned to it. She discussed today's AI attack surface, including attacks that use AI as well as attacks against it and trends to watch in the second half of 2023.

►

Fraud Management & Cybercrime

2023 Is the Year of Exposure Management

Anna Delaney  •  May 4, 2023

2023 is the year of exposure, said Cyentia Institute's Wade Baker. Exposure dominated Cyentia research this year, and many breaches were linked to mistakes in vulnerability management and poorly managed identities. Organizations are struggling with prioritizing hardware and software vulnerabilities.

►

Cybersecurity Spending

How Cybersecurity Startups Can Weather the Economic Storm

Michael Novinson  •  May 4, 2023

Companies have taken a hatchet to their "innovation budget" amid economic headwinds, making it difficult for startups to hit their sales projections, said Momentum Cyber's Dino Boukouris. Long sales cycles for early-stage startups have resulted in them burning through cash faster than anticipated.

►

Standards, Regulations & Compliance

Inside President Biden's 'Relentless' Cybersecurity Focus

Tom Field  •  May 4, 2023

White House cybersecurity priorities: The Biden administration continues to have a "relentless focus" on improving critical infrastructure security, disrupting ransomware and combating the illicit use of cryptocurrency, said Deputy National Security Adviser Anne Neuberger.