The human element is a fundamental component of some of the newest cyberattacks that Sophos has been tracking, says the firm's principal research scientist, Chet Wisniewski, who advises organizations to adapt their security and protection plans accordingly.
Technology has enabled a whole new wave of "accidental" insider threats - people who make a mistake or are taken advantage of by attackers. What role can technology now play in improving insider threat detection and response? Three CISOs share their insights.
Federal regulators say newly identified cybersecurity vulnerabilities dubbed "SweynTooth" could pose risks to certain internet of things devices, including wearable health gear and medical devices, as well as "smart home" products from vendors who use Bluetooth Low Energy, or BLE, wireless communication tech.
Three U.S. senators are demanding more answers from Catholic healthcare system Ascension and Google over "Project Nightingale," which is part of a controversial data-sharing and cloud migration initiative that has raised concerns about sharing patient information without explicit permission.
Just as consumers can look at a box of Twinkies and read a list of ingredients, so too should software makers provide users with a "bill of materials" explaining their composition, says Allan Friedman, director of cybersecurity initiatives at the U.S. National Telecommunications and Information Administration.
Software development over the past decade: The good news is that more organizations than ever have secure software development practices in place, says Chris Eng, chief research officer at Veracode. But the bad news is that many of the same flaws - including injection vulnerabilities - persist.
While the cost of sequencing the human genome continues to decrease, the imperative to secure this most personal of personally identifiable information does not, says Brian Castagna, CISO of Seven Bridges. He shares best practices for all organizations that store sensitive information in the cloud.
Andre Durand has spent decades in the cybersecurity sector and had identity in his sights when he founded Ping Identity in 2002. Nearly 20 years later, the industry is embracing the notion that cybersecurity begins with secure identity.
As organizations face having to demonstrate compliance with a broad range of regulations that have an IT and cybersecurity impact, the imperative is to adopt frameworks such as ISO 27001 and NIST 800-53, says David Ogbolumani, chief cybersecurity and privacy officer at IT Security Consultants.
Software development benefits from security checks being brought to bear early and often, but the blending of in-house and open source code has historically complicated that process, says Patrick Carey of Synopsys. Now, however, maturing toolsets and approaches are facilitating security checks, he says.
In response to White House warnings that 5G infrastructure equipment built by Huawei could be subverted by China to conduct espionage, Andy Purdy of Huawei Technologies USA says his company has pledged full transparency and urges competitors to follow suit.
As the RSA 2020 conference showcased "The Human Element," Palo Alto Networks' M.K. Palmore turned his attention to the passive insider threat - the one that intends no malicious harm, but whose actions can lead to costly breaches.