Representatives from 36 countries and the EU agree that combatting ransomware requires international collaboration but legal systems need to catch up.
The cost is too high and the risk too low to offer CISOs directors-and-officers insurance at many companies. Protective governance policies might make more sense.
Western intelligence and national security leaders emphasise the importance of collaborating to better prepare and respond to cyber security threats.
The CSRB report predicts the Log4J risk will continue for years and offers best practices for mitigating the threat.
Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. "There is no going back to normal."
NotPetya vastly broadened the scope of damage that malware attacks could do and forced CISOs and security researchers to rethink their approach.
The re-emergence of REvil and anticipated convergence with business email compromise actors are among reasons why ransomware gangs are still dangerous.
Attendees urged to improve asset management, use SBOMs, and collaborate with government cyber security agencies to better ensure software integrity.
Modern agriculture depends on internet-connected machinery that is centrally controlled and collects and analyzes massive amounts of data, making it an inviting target for threat actors.
Sandworm succeeded in planting a new version of the Industroyer malware to disrupt ICS infrastructure but was thwarted from doing serious damage.
Crowdstrike says Ember Bear is likely responsible for the wiper attack against Ukrainian networks and that future Russian cyber attacks might target the West.
Bounties as high as $10 million dollars make hunting cryptocurrency vulnerabilities lucrative for those with the proper skillsets.
Greater complexity among systems gives attackers more opportunity for widespread, global damage, say government and industry experts.
Research reveals that countries such as Belarus, India, and Columbia are responsible for significant cyber attacks.
Researchers explain how they identified -- or failed to identify -- the threat actors behind three high-profile incidents and why attribution is so difficult.