India's Telecom Commission to Be Guardian of Data

Geetha Nandikotkur • November 12, 2018

Rather than creating a new commission to take the lead role on data security, the government of India is giving the Telecom Commission that role and renaming it the Digital Communications Commission, making it a primary custodian of citizens' data.

Anti-Malware

Radisson Suffers Global Loyalty Program Data Breach

Latest

Cyberwarfare / Nation-state attacks

Chinese Cyber Threat: NSA Confirms Attacks Have Escalated

Mathew J. Schwartz • November 12, 2018

With cyber espionage attacks from China escalating over the past year, the NSA's Rob Joyce says the U.S. government is responding in multiple ways via a process of "defending forward" and "continuous engagement" that includes dumping foreign APT hackers' malware toolkits online for all to see.

Governance

CISO Job Mandate: Be a 'Jack or Jill' of All Trades

Mathew J. Schwartz • November 12, 2018

The days of effective CISOs being pure-play technologists are long gone. Instead, CISO Paul Swarbrick says the role demands someone who is expert "in people, and management and risk," and who is skilled at bringing to bear the right experts for every strategic challenge they identify.

Endpoint Security

Priority: Frictionless Transactions Over Fraud Prevention

Mathew J. Schwartz • November 9, 2018

As the pace of technology innovation continues to quicken - including the ability to make payments via everything from Alexa to Facebook Messenger - risk-based security is imperative to maintain a frictionless customer experience, says Tim Ayling of Kaspersky Lab.

Blockchain & Cryptocurrency

Cracking Down on Criminals' Use of Encrypted Communications

Nick Holland • November 9, 2018

An analysis of a crackdown on criminals' use of encrypted communications leads the latest edition of the ISMG Security Report. Also: a preview of ISMG's Healthcare Security and Legal & Compliance summits, including expert insights on vendor risk management.

Cyberwarfare / Nation-state attacks

Election Hacking Probe Gets New Boss After Sessions Quits

Jeremy Kirk • November 8, 2018

U.S. Attorney General Jeff Sessions resigned on Thursday at the request of President Donald Trump. While long expected, the move raises questions about the fate of an ongoing investigation into Russia's election hacking.

General Data Protection Regulation (GDPR)

How Cyber Insurance Is Changing in the GDPR Era

Mathew J. Schwartz • November 7, 2018

Although the EU's General Data Protection Regulation only went into full effect on May 25, its mandatory privacy breach notifications are already having an effect on the cyber insurance marketplace, says Thomas Clayton of Zurich Insurance.

Data Breach

HSBC Bank Alerts US Customers to Data Breach

Mathew J. Schwartz • November 7, 2018

HSBC Bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it's detected no signs of fraud following the "unauthorized entry." Security experts say the heist has all the hallmarks of a credential-stuffing attack campaign.

Business Continuity Management / Disaster Recovery

How to Future-Proof the Critical National Infrastructure

Mathew J. Schwartz • November 7, 2018

The challenge when designing technology for critical national infrastructure sectors is that it must be securable today and remain resilient to cyberattacks for decades to come, says cybersecurity Professor Prashant Pillai.

Cybersecurity

Smart Cities Challenge: Real-Time Risk Management

Mathew J. Schwartz • November 7, 2018

Many of the devices that go into so-called smart cities and buildings are not built to be secure, making it difficult for security operations centers to manage risk, warns Sarb Sembhi, CTO and CISO of Virtually Informed, who describes what needs to change.

Application Security

Symantec Buys Javelin Networks and Appthority

Mathew J. Schwartz • November 6, 2018

Symantec has announced not one but two acquisitions of private cybersecurity firms: Javelin Networks and Appthority. Meanwhile, a private equity firm announced that it will acquire application security testing firm Veracode from Broadcom for $950 million in cash.

Breach Response

Georgia Patches Voter Website, But Hacking Accusation Stands

Jeremy Kirk • November 6, 2018

Georgia quietly fixed two flaws in its voter registration website that could have exposed personal information. How the secretary of state's office discovered the flaws and reacted suggests it may have erred when making a sensational accusation against the Democrats on the eve of the U.S. midterm elections.

Blockchain & Cryptocurrency

Blockchain: The Good, the Bad and the Legal

Mathew J. Schwartz • November 6, 2018

As organizations investigate public and private blockchains to secure transactions and facilitate peer-to-peer transactions, they must ensure they know who's responsible, what the system is doing, what the cybersecurity and legal risks are and who's managing it, says attorney John Salmon.