Cybersecurity professionals are stressed out, overworked, underpaid and working on short-staffed teams, said Candy Alexander, president of the ISSA International Board. She advised organizations to look for the right indicators of a good cybersecurity culture.
The University of Iowa Health Care is facing a proposed class action lawsuit from a patient who alleges that online tracking tools embedded into the medical center's websites secretly transmitted sensitive personal and health information to Facebook.
The U.S. Federal Trade Commission is seeking tougher sanctions for Facebook after determining that several gaps exist in the company's compliance with a 2020 consent decree mandating privacy improvements. The company will have 30 days to respond and could challenge tougher privacy rules in court.
The final steps in mortgage closing involve much paperwork in the presence of attorneys, title companies and loan officers. While technology is available to simplify a complex and error-prone process, resilience and trust actually make e-closing a trustworthy experience for consumers.
Critical infrastructure attacks during 2022 focused primarily on Eastern Europe and Ukraine given fears of reprisal from attacking the U.S., said Optiv CEO Kevin Lynch. The amount of OT security investment needed to defend against adversaries is bigger than what many organizations can handle today.
CISOs have gone from complaining that they don't get enough time and attention from the board of directors to presenting to the board every quarter, said Zscaler CEO Jay Chaudhry. Conversations with CIOs or boards tend to focus on what architectural changes can be made to reduce business risk.
Small and midsize businesses need proactive measures to ensure security just as much as any large organization. But challenges abound for SMBs as they struggle with a smaller staff and budget constraints, making them more vulnerable to cyberattacks, said SonicWall President and CEO Bob VanKirk.
The definition of insider threat seems to have evolved since the hybrid workforce became the norm. More organizations are now talking about the "compromised insider." Randall Trzeciak of Software Engineering Institute said that in the last three years, insider threats have changed to insider risks.
Divakar Prayaga, A.P. Moller - Maersk's director for security engineering, discusses the evolution of a CISO's role from a tech to a business partner, how it affects a firm's cybersecurity posture and how to get the best return on security technology investments amid challenging economic conditions.
As COVID-19 made remote work more prevalent, managing identity through both network and remote capabilities became a challenge for organizations. Zero trust is a big initiative for the Center for Internet Security, but applying zero trust principles to its infrastructure has not been easy.
Pre-RSA social media gaming predicted it. Many predicted they would loath it. And it happened: Discussions at this year's RSA conference again and again came back to generative artificial intelligence - but with a twist. Even some of the skeptics professed their conversion to the temple of AI.
Organizations often face challenges when they aim to build sustainable security programs at scale. Anna Westelius, director of security engineering with Netflix, discussed the company's big infrastructure projects that give it more leverage over time than investing in manual processes.
With new legal, contractual and cybersecurity requirements, the regulatory landscape is constantly changing on both local and national fronts. As a result, compliance can become increasingly difficult, leaving organizations with a certain amount of risk, said James Shreve, partner, Thompson Coburn.
Identity and access management technology has been around for decades, but identity-related breaches happen every day. The problem is not the underlying system. It’s whether organizations can take advantage of the wealth of data within their systems, says Radiant Logic's Wade Ellery.