Recent failures of IT systems at some major airports and banks are a reminder that as an organization launches a digital transformation project, or seeks to move more of its processes to the cloud, those efforts won't necessarily proceed smoothly or securely, says Skybox Security's Justin Coker.
To stop malware, it helps to spot it as fast as possible and keep tabs on what it might be trying to do. "We all know that a well-funded, patient, creative attacker - there's no way to keep them out," says Lastline's Patrick Bedwell.
Explosive growth in network scale and complexity demands a next generation Public Key Infrastructure (PKI) management platform. Ted Shorter of CSS says security leaders must prepare now to take full advantage of next-gen PKI solutions.
Symantec says it has uncovered a cyber espionage campaign that targets telecommunications operators in Southeast Asia - as well as a defense contractor and satellite communications operator - and warns that the hacking group, dubbed Thrip, may be laying the groundwork for more destructive attacks.
The latest challenge to face CISOs: Finding the best way to keep their organization secure while at the same time navigating political edicts that may lack any technical detail or present solid facts or alternatives to suspect technology, says Jaya Baloo, CISO of KPN Telecom.
For attackers, "credential stuffing" - using stolen usernames and passwords to log into any site for which a user reused their credentials - is the gift that keeps on giving, says security researcher Troy Hunt. Here's how organizations can mitigate the threat.
In the past 12 months, there's been a blistering series of high-impact attacks that increasingly blur the lines "between statecraft and criminal organizations," says CrowdStrike's Zeki Turedi. How much of this blurring is intentional?
Email attacks continue to bite businesses, with organizations reporting not only a steady stream of ransomware, but also increasingly targeted social engineering attacks and account takeovers for cloud service users, says Barracuda's Hatem Naguib.
As the prevalence and scale of data breaches continues to increase - with attacks such as WannaCry and NotPetya having compromised entire business sectors - organizations must focus much more on preventing attacks, says Check Point's Gad Naveh.
Government regulation is key to minimizing the misuse of cryptocurrencies for cybercrime, says Brett Johnson, a former cybercriminal who now consults on crime prevention. But regulating cryptocurrencies is no easy task, he acknowledges. Johnson will keynote ISMG's Fraud and Breach Prevention Summit in Chicago.
About three dozen major health data breaches have been added to the federal tally in recent weeks, including a mix of hacking and unauthorized access/disclosure incidents. Here's an analysis of the latest statistics and the reasons behind the trends.
The U.S. Department of Justice has charged a former CIA officer, 29-year-old Joshua A. Schulte, with providing 8,000 documents that describe the agency's offensive malware tools and practices to WikiLeaks, which published them in 2017 as the "Vault 7" archive.
Human resources software developer PageUp says it doesn't appear that personal data exposed in a malware attack was actually removed from its systems. But it has also found authentication error logs that recorded incorrect login attempts from before 2007.