With just a few months left until the EU's General Data Protection Regulation will be enforced, too many so-called "experts" are spreading fear and falsehoods about the regulation, says Brian Honan, a Dublin-based cybersecurity consultant, who clarifies misperceptions in an in-depth interview.

Organizations should take an "inside-out" approach to mitigating the insider threat, says Brandon Swafford of Forcepoint, who explains the components of that approach in an in-depth interview.

The latest ISMG Security Report focuses on the significant changes found in the latest version of the U.S. government's Framework for Improving Critical Infrastructure Cybersecurity, commonly known as the NIST cybersecurity framework. NIST seeks comments from stakeholders on the draft of version 1.1 of the framework by Jan. 19.

The latest ISMG Security Report features a special report on securing medical devices. Healthcare security leaders from the FDA, an academic medical center and a medical device manufacturer share their insights on the challenges involved.

The cloud gives organizations great new opportunities to deploy new systems and applications. It also creates a whole new level of cybersecurity exposure, says Gavin Millard of Tenable, offering tips to bridge that gap.

In an era where users are working simultaneously across mobile, social and cloud applications and platforms, organizations need to deploy identity and access management solutions that can scale and adapt quickly. IBM's Sean Brown describes the rise of Identity as a Service.

Denial of Service, web application layer attacks, credential abuse and IoT - these are the attack trends and vectors that will make headlines in 2018. Ryan Barnett of Akamai offers insight into how to prepare your defenses.

A report on the SEC targeting a Canadian company for fraud, alleging it cheated investors by exploiting a so-called Initial Coin Offering crowdsourcing funding system, leads the ISMG Security Report. Also, an NSA analyst pleads guilty in a case involving storing classified data on his home PC.

If you want to anticipate a prospective hacker's moves, then you'd better be able to think like one. That's the position of Terry Cutler, an ethical hacker who dedicates his time to testing organization's cybersecurity defenses - and their people.

With roughly six months to go before the GDPR enforcement deadline, Petter Nordwall and Anthony Merry of Sophos says it's time for organizations to assess whether "They need to panic a little, or they need to panic a lot."