Since Friday afternoon, Mark Loman of Sophos has been immersed in studying the scope and impact of the ransomware attack spread through Kaseya VSA's remote management platform. And he's learned enough about it to say without reservation: This the largest ransomware attack he's seen.

This edition of the ISMG Security Report features a discussion about why the head of Britain's National Cyber Security Center says the No. 1 cyber risk is not nation-state attackers but ransomware-wielding criminals. Also featured: Western Digital IoT flaws; an FBI agent tracks cybersecurity trends.

Roger Lang, who has experience in SaaS and fintech and has invested in various cybersecurity companies, says that education is the key to making real progress on cybersecurity issues.

This edition of the ISMG Security Report features an analysis of CISA's finding that agencies could have prevented follow-on attacks after the SolarWinds supply chain attack by properly configuring firewalls. Also featured: Congressman discusses deterring nation-state attacks; insider threat mitigation tips.

Advanced persistent threat actors will continue to "up their game," including taking advantage of the COVID-19 pandemic even as its impact diminishes, says Kelvin Coleman, executive director of the National Cyber Security Alliance.

When medical device makers provide a software bill of materials for components contained in their products, it's critical to make that voluminous security information actionable for healthcare customers, says Rob Suárez, CISO at medical device maker Becton Dickinson and Co.

Tal Kollender of Gytpol suggests a digital response comparable to the vaccine rollout in the physical world is needed to battle against the ransomware epidemic.

The number of data breach notifications jumped 140% in 2020 from the previous year, with a surge in attacks against less-regulated industries, according to Kroll's 2021 Data Breach Outlook. Brian Lapidus and Heather Williams of Kroll analyze the report's findings.

When seeking cyber insurance or other types of insurance policies that provide organizations with coverage for certain data security incidents, it's critical to carefully consider the "war exclusions" contained in those policies, says insurance attorney Peter Halprin.

The latest edition of the ISMG Security Report features an analysis of the Avaddon ransomware gang's retirement and the crackdown on the Clop ransomware gang in Ukraine. Also featured: Bitcoin as ally in the ransomware battle; strengthening U.S. cybersecurity defenses.