The soaring costs of recovering from a security incident or data breach is driving interest in cyber insurance. While cyber insurance is typically viewed as a product mainly for large organizations seeking coverage and protection against state-sponsored attackers, criminals, and politically motivated hackers, it is also valuable to small and midsized companies and independent contractors….

The charges stem from alleged fraud and internal control failures related to known cybersecurity weaknesses that took place between the company’s October 2018 initial public offering (IPO) and its December 2020 revelation of a sophisticated cyberattack dubbed “SUNBURST.” The software supply chain cyberattack involved Russia-linked threat actors breaching SolarWinds systems in 2019, or possibly even…

Nearly three-quarters (73%) of cybersecurity industry leaders have experienced burnout in the last 12 months — and who can blame them? The shift to remote and hybrid work models has increased organizations’ reliance on cloud services, limiting security teams’ visibility into employee network and endpoint environments. But reduced visibility places company data at greater risk…

Rail remains one of the most popular modes of transportation. In a typical year, US freight railroads move around 1.6 billion tons across nearly 140,000 miles of track. US citizens traveled more than 12.5 billion kilometers by rail in 2021. Thousands of railways — from national and regional networks to intra-city light rails — have…

When Russia launched its all-out war against Ukraine in February 2022, many cybersecurity watchers feared ransomware groups would serve as a proxy force. But Moscow doesn’t appear to have deputized cybercrime-driven crypto-locking malware brigades. So said participants in a panel held Friday by the Institute for Security and Technology on the ransomware implications of the…

For at least a decade now, career-minded security leaders have well understood the importance of effective communication with the board and CEO. CISOs know they must gain the buy-in of these decision makers to successfully instill a security-minded culture at their organization — not to mention to greenlight enough funds for an effective cybersecurity budget….

As more organizations shift to cloud-native application development to support new business features and digital transformation initiatives, software supply chain issues have become more visible. Because cloud-native development relies so heavily on open source software, organizations have to start thinking about the components that go into these applications. To build these cloud-native applications, developers have…

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity and privacy issues, including why being a CISO is like being the first family doctor in a small village, why you can’t trust ransomware gangs such as LockBit, and why cloud security vendor Netskope took on $401 million in debt…

What’s the term for when a ransomware group blames a geopolitically awkward attack it appears to have carried out on someone – anyone – else, just not them? Let’s call it getting “Colonial Pipelined,” after the DarkSide group’s disastrous hit on that oil pipeline system led the crime group to kill its brand. Is the…