Much more must be done to shore up the U.K.'s national infrastructure. "It's partly austerity, and it's partly what's happening in the global economy, but we've really seen an underinvestment, specifically in the critical national infrastructure," says LogRhythm's Ross Brewer.
Security experts warn that hackers could one day make use of machine learning and AI to make their attacks more effective. Thankfully, says Cybereason's Ross Rustici, that doesn't appear to have happened yet, although network-penetration attacks are getting more automated than ever.
Old technology never dies, but rather fades "very slowly" away, as evidenced by there being 21 million FTP servers still in use, says Rapid7's Tod Beardsley. Rapid7's scans of the internet have also revealed a worrying number of internet-exposed databases, memcached servers and poorly secured VoIP devices.
Many phishing campaigns are very targeted against specific types of users inside an organization, says Ironscale's Brendon Rod, who notes that "70 percent of attacks are targeting just 10 mailboxes or less and around 30 percent are just targeting one mailbox."
The EU's GDPR is already having an impact on how organizations approach data breach detection and remediation, leading many to rely more strongly on security orchestration and automation, says Allen Rogers of IBM Resilient.
Organizations are increasingly turning to devices and the cloud to foster better collaboration and access to essential data. But as they do so, "the number one blocker for enabling digital transformation is security," warns BlackBerry's Florian Bienvenu.
Organizations are increasingly tapping behavioral analytics to help incident responders "correlate data from multiple sources and save time in the response workflow" - in other words, to more quickly detect and mitigate breaches, says Nick Bilogorskiy at Juniper Networks.
Attackers continue to shift their tactics to help evade improvements in defenses, says Rick McElroy, security strategist for Carbon Black. Recent trends include fileless attacks, shifting from PowerShell to WMI, plus cryptojacking and credential harvesting.
To increase the effectiveness of security information and event management tools, while lowering the rate of false positives, organizations need to bring in more context about user behavior, says Derek Lin of Exabeam.
Michael Jones of Domain Tools says that studying domain ownership information gives organizations "contextual data around domains that may be attacking them," thus allowing them to better block attacks, avoid malicious sites and combat phishing campaigns.
We need to talk about ransomware, says James Lyne, global research adviser at Sophos: "It's not the big, sexy security topic that it once was, but there's some really interesting evolution in their tactics." Lyne rounds up the latest tactics and describes how machine learning is offering new defensive hope.
Recent failures of IT systems at some major airports and banks are a reminder that as an organization launches a digital transformation project, or seeks to move more of its processes to the cloud, those efforts won't necessarily proceed smoothly or securely, says Skybox Security's Justin Coker.
To stop malware, it helps to spot it as fast as possible and keep tabs on what it might be trying to do. "We all know that a well-funded, patient, creative attacker - there's no way to keep them out," says Lastline's Patrick Bedwell.
The latest challenge to face CISOs: Finding the best way to keep their organization secure while at the same time navigating political edicts that may lack any technical detail or present solid facts or alternatives to suspect technology, says Jaya Baloo, CISO of KPN Telecom.