"It's a tough conversation, telling [clients] they've spent a lot of money on defense-in-depth that isn't working," says FireEye CEO David DeWalt. "If they don't change, they're risking their company."
Poor post-breach communication can cause as much damage to a company's reputation as the cyber-incident itself, says Al Pascual, a senior analyst at Javelin Strategy & Research, who will speak at ISMG's Fraud Summit Dallas.
Troy Leach of the PCI Security Standards Council says log monitoring is an effective data breach detection tool that, unfortunately, not enough merchants put to use. He explains how upcoming PCI guidance could help with implementation.
The secure national exchange of patients' health information for use in treatment will make progress once "we simplify what we say when we're explaining privacy to people," says Lucia Savage, new chief privacy officer of ONC.
Although compliance with new FDA guidance recommending that medical device makers bake cybersecurity into the design of their products is voluntary, the guidelines likely will become de facto standards, says privacy attorney Ellen Giblin. Find out why.
Emerging Web-enabled health technologies, ranging from the upcoming Apple Watch to a Google "pill" that could potentially detect cancer in patients' bodies, pose troubling new privacy risks, says privacy advocate Deborah Peel, M.D.
Many issuers of chip-based credit cards will likely allow U.S. consumers to complete transactions with a signature, not a PIN, which will limit the fraud protections offered by EMV cards, says Citizen Financial Group's Tim Webb.
As numerous attacks have demonstrated, two-factor authentication systems are not foolproof, says Ryan Lackey, a principal in the security practice at CloudFlare, who offers insights on how today's authentication systems must evolve.
In addition to adopting the right IT security standards to mitigate advance persistent threats, organizations need to pick the right people to carry out those standards, says Jon Long, a featured speaker at ISMG's Global APT Defense Summit on Oct. 22.
More healthcare entities might consider implementing NIST's cybersecurity framework if healthcare-specific guidance on putting the framework to use was available, says Lee Kim of the Healthcare Information and Management Systems Society.
While the security of the HealthCare.gov website has improved, and the next open enrollment for Obamacare will go more smoothly, there's still plenty of work to be done, says Curt Kwak, former CIO of the Washington state health insurance exchange.
"Cybercrime as a service" and the globalization of attacks are two of the trends noted by cyber-intelligence firm Group-IB in its third annual High-Tech Crime Report. Group-IB's Alexander Tushkanov explains the lessons that can be learned.