ENISA Highlights AI Security Risks for Autonomous Cars

Data Breach Today

Automakers Should Employ Security-By-Design to Thwart Cyber Risks Autonomous vehicle manufacturers are advised to adopt security-by-design models to mitigate cybersecurity risks, as artificial intelligence is susceptible to evasion and poisoning attacks, says a new ENISA report

On Risk-Based Authentication

Schneier on Security

A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. I’ve blogged about risk-based authentication before.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Leadership: Risk Exposure Awareness

Data Breach Today

CEOs and CISOs on Assessing and Mitigating the New Risk Landscape It might be new, but are we ready to call this "normal?"

Risk 162

Executive Order Focuses on Supply Chain Risk Management

Data Breach Today

Biden Administration Effort Comes During Shortage of Semiconductors In light of the global shortage of semiconductors, President Joe Biden signed an executive order Wednesday requiring a federal review of supply chain risks for these chips.

Add User Tests to Your Agile Process: Reduce Risk in Shipping New Products

Agile has become the go-to methodology for companies that want to reduce the risk involved in shipping new products. But how do you prevent building items nobody wants? If you wait to get user feedback until after development, then you’ve waited too long.

Biometric Technology: Assessing the Risks

Data Breach Today

The growing use of biometric technology is raising concerns about privacy as well as identity theft and fraud, says attorney Paul Hales, who reviews recent legal and legislative developments

Risk 203

Synthetic ID Fraud: Risk Mitigation Strategies

Data Breach Today

Meridian Credit Union's Saif Nawaz on Using New Technologies As synthetic ID fraud in the financial services sector continues to rise next year, organizations must use new technologies to mitigate the risks, says Saif Nawaz of Meridian Credit Union in Canada

Risk 185

World Health Organization CISO on Supply Chain Risk

Data Breach Today

He understands supply chain risk, and he sees the SolarWinds hack as "resumption of a very old attack - in new packaging." He offers insights on mitigating this and other cybersecurity risks

Risk 171

PACS Flaws Put Data at Risk for 18 Months

Data Breach Today

California Medical Imaging Group Describes Data Exposure A California medical imaging group practice says vulnerabilities in its picture archiving and communications system left patient data at risk of unauthorized access for more than a year

Risk 164

National Security Risks of Late-Stage Capitalism

Schneier on Security

The company outsourced much of its software engineering to cheaper programmers overseas, even though that typically increases the risk of security vulnerabilities. In other words, the risk of a cyberattack can be transferred to the customers.

Risk 113

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

IoT Supply Chains: Where Risks Abound

Data Breach Today

ENISA Releases Guidance on Reducing IoT Supply Chain Risk IoT devices are like sausages: They're full of components of varying quality, and it's invariably disturbing to think about their origins.

IoT 162

OIG: VA Workers Hid ‘Big Data’ Project Privacy, Security Risks

Data Breach Today

Report on Canceled VA Project Offers Governance Lessons for Others The Department of Veterans Affairs’ watchdog agency alleges that two VA employees “concealed” and “mispresented” the cybersecurity and privacy risks of an ambitious "big data" project that would have analyzed 22 million veterans’ health records dating back two decades.

The Legal Risks of Security Research

Schneier on Security

Sunoo Park and Kendra Albert have published “ A Researcher’s Guide to Some Legal Risks of Security Research.” Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance.

Risk 87

Mitigating the Risks Posed by Synthetic IDs

Data Breach Today

A Fraud Manager Describes the Roles of Artificial Intelligence, Machine Learning Artificial intelligence and machine learning offer the best hope for addressing the risks posed by synthetic identities, says Justin Davis, fraud manager at Digital Federal Credit Union

Shift Left Security? Development Does Not Want to Own It.

Speaker: Shlomo Bielak, CTO, Benchmark Corp

Shifting security left to the earliest part of development is currently in the spotlight in the developer world. What teams are now discovering is, this approach results in misdirected ownership for developers and a frustrated security team. In the current climate, we cannot afford to let security implementations falter. It's time to manage your team's energies to maximize DevOps efficiency, all the while maintaining top security standards. Join Shlomo Bielak, and learn how to keep your DevSecOps team focused and connected without creating silos.

Sizing Up Synthetic DNA Hacking Risks

Data Breach Today

Study Describes How a Supply Chain Attack Might Work Could hackers inject malicious code that compromises the synthetic DNA supply chain and ultimately tricks bioengineers into inadvertently developing dangerous viruses or toxins?

Risk 193

COVID-19 Risks of Flying

Schneier on Security

This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying. I think that most of the risk is pre-flight, in the airport: crowds at the security checkpoints, gates, and so on. airtravel covid19 riskassessment risksI fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March.

Risk 85

The Risks Posed by Mobile Health Apps

Data Breach Today

What privacy and security issues are raised by patients using smartphone apps to access health records? Attorney Helen Oscislawski and security expert Jarrett Kolthoff offer an analysis

Risk 221

Third-Party Risk Management Essentials

Data Breach Today

Mark Sangster of eSentire Shares Lessons Learned Third-party vendor risk continues to pose a security challenge to organizations. Despite many having formal policies for managing third-party risk, almost half of organizations say they've suffered a data breach that traces to a third-party vendor, says Mark Sangster of eSentire

Risk 172

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Minimizing File Transfer Risk

Data Breach Today

Jeffrey Edwards of Progress Software on Ensuring Privacy File transfers are a significant factor in accidental insider risk. Jeffrey Edwards of Progress Software explains how secure file transfers can help ensure privacy and play a role in regulatory compliance

Risk 129

What's New in Updated Cyber Risk Assessment Guide?

Data Breach Today

Josh Magri of the Cyber Risk Institute Describes Enhancements to 'Cyber Profile' The Cyber Risk Institute this week is releasing a new version of its "Cyber Profile" risk assessment framework for the financial services industry that includes expanded information on third-party risk and cloud security.

Risk 156

Supply Chain Risk Management: Areas of Concern

Data Breach Today

Many healthcare organizations are failing to address shortcomings in security risk management for their supply chains, says former healthcare CIO David Finn, describing findings of a recent study assessing the state of cybersecurity in the sector

Risk 139

Managing Third-Party Risks: Technology's Role

Data Breach Today

Deloitte's Julian Colborne-Baber Offers Due Dilligence Insights for Financial Institutions Managing third-party risks must start with due diligence activities, and technology can play an important role, says Julian Colborne-Baber, forensic partner at Deloitte in the U.K.

Risk 139

The Risks Posed by Wireless Automotive Dongles

Data Breach Today

Researchers Find Widespread Vulnerabilities in These Diagnostic Devices New research has uncovered widespread vulnerabilities in wireless dongles that plug into a vehicle's OBD-II port.

Risk 201

DHS Warns of Data Theft Risk Posed by Chinese Technology

Data Breach Today

companies about data theft risks associated with the use of Chinese technology and digital services, citing a new law in China giving the government the right to access data Agency Says New Law in China Opens Door to Government Data Access The Department of Homeland Security is warning U.S.

Risk 171

Securing Remote Access With Risk-Based Authentication

Data Breach Today

Implementing an adaptive, risk-based authentication process for remote system access is proving effective as more staff members work from home during the COVID-19 pandemic, says Ant Allan, a vice president and analyst at Gartner

Risks of Password Managers

Schneier on Security

Stuart Schechter writes about the security risks of using a password manager. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud. In my way of thinking, that reduces the risks of a password manager considerably. passwordsafe passwords riskassessment risks

Understanding Your Risk Surface

Data Breach Today

How can they best understand and mitigate their risks? Kelly White of RiskRecon on How to Track What's Being Missed In the expanded, virtual enterprise, security leaders face the challenge of defending an ever more complicated attack surface. Kelly White of RiskRecon shares insights

Risk 140

Back to the Office: Managing the Risks

Data Breach Today

Former NSA CISO on Reassessing Security Infrastructure As organizations that shifted to a remote workforce consider allowing some workers to return to the office environment, CISOs must reassess their security infrastructures, says Chris Kubic of Fidelis Cybersecurity, who formerly was CISO at the National Security Agency.

Risk 195

Security Risks of Chatbots

Schneier on Security

Good essay on the security risks -- to democratic discourse -- of chatbots. lies nationalsecuritypolicy propaganda risks

Risk 78

How to Address Telehealth Cloud Security Risks

Data Breach Today

With the surge in telehealth use during the COVID-19 pandemic, healthcare organizations must be prepared to deal with cloud security and privacy risks, says Jim Angle of Trinity Health, who is the author of a recent report from the Cloud Security Alliance

Risk 148

Automating Security Risk Assessments for Better Protection

eSecurity Planet

Protecting your organization from IT security risks is an ongoing, fluid task. As a savvy tech leader, you are likely hyperfocused on performing security risk audits to keep your networks strong and protected. Components of Security Risk Assessments.

Risk 65

Managing Open Source Risks

Data Breach Today

But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks Chris Eng of CA Veracode on Best Practices Open source and third-party components help developers build and deploy applications faster.

Risk 137

Risk Management Shortfalls Lead to $400 Million Citibank Fine

Data Breach Today

Federal Reserve Requires Bank's Board to Take Action The Treasury Department's Office of the Comptroller of the Currency has hit Citibank with a $400 million fine for deficiencies in enterprisewide risk management, compliance risk management, data governance and internal controls.

Risk 162

OnDemand Webinar | Integrating Information Risk Management into Business Risk Management

Data Breach Today

Learn about trends in information security risk assessment that align with business risk. This webinar explores communication challenges around information security, the typical journey organizations are taking to bring information risk management into the broader umbrella of business risk management, and the advantages accruing to organizations as they mature their information risk management programs

Risk 120

Solving 3rd Party Cybersecurity Risk

Data Breach Today

Your organization's risk surface may be larger than you think. Your organization's risk surface is larger than you think. How can you get a handle on what risks exist, where they reside, and which ones are most important to resolve immediately

Risk 151

The State of Integrated Risk Management

Data Breach Today

ServiceNow's Vasant Balasubramanian on Digital Transformation Integrated risk management and compliance offerings are moving to the cloud in a significant way to keep pace with digital transformation, says Vasant Balasubramanian of ServiceNow

Telehealth App Breach Spotlights Privacy, Security Risks

Data Breach Today

Glitch Briefly Allowed Potential Access to Patient Consultation Recordings A software error that briefly allowed individuals to access other patients' telehealth appointment recordings serves as a reminder of the potential security and privacy risks involving telemedicine applications, especially as the use of the technology soars during the COVID-19 pandemic

Risk 148