Offensive security is transitioning from traditional penetration testing to a more continuous, technology-led approach, says Aaron Shilts, president and CEO at NetSPI. The security posture of organizations is constantly changing, making a point-in-time pen test less effective.
The enterprise adoption of AI-based large language models has created a new attack surface for adversaries to exploit, said Thomvest Ventures principal Ashish Kakran. A hacker who gains access to or tampers with the data that's been used to train the large language models could wreak a lot of havoc.
IT and OT security are more different than most realize. IT focuses on digital systems and data, and OT concerns itself with physical systems and their interconnectivity, said Dragos CEO Robert Lee. The stark differences between IT and OT security are laid bare around vulnerability patching.
A ransomware affiliate hacker known as "Bassterlord" has been involved with REvil, LockBit, Avaddon and Ransomware X. Jon DiMaggio, chief security strategist at Analyst1, convinced the hacker to talk about his hacking career in chats that might amount to the an exit interview.
Continued reliance on legacy VPNs hinders remote work performance and fails to provide users or organizations with zero trust security protection, said Netskope's Sanjay Beri. Companies often start by augmenting their VPNs to enable zero trust network access before moving to full replacement.
Bots have become an important tool for modern cybercrime. A bot is used somewhere in the attack cycle in more than three-quarters of security incidents. HUMAN Security co-founder and CEO Tamer Hassan called account takeover "the gateway drug to all other forms of fraud and abuse."
While the concept of zero trust has been around for years and has been adopted by the federal government, most small- and medium-sized businesses still don't know how to implement zero trust, said Chase Cunningham. But progress is being made - with a big focus on automation.
Cybersecurity professionals are stressed out, overworked, underpaid and working on short-staffed teams, said Candy Alexander, president of the ISSA International Board. She advised organizations to look for the right indicators of a good cybersecurity culture.
CrowdStrike has focused on bringing its extended detection and response technology to users with less expensive devices such as Chromebooks by adding support for Google's ChromeOS. The pact will give CrowdStrike clients greater visibility into the security posture and compliance of ChromeOS devices.
An international police operation last month seized Genesis, the largest market for stolen browser cookies, online fingerprints and other types of credentials used for account takeover. Cybersecurity expert John Fokker, whose team at Trellix assisted police, shares insights from the takedown.
A top challenge businesses face is the lack of knowledge about what digital assets they have, making it difficult to protect them, respond to attacks, and collect evidence. External threat intelligence and attack surface management are colliding as companies look to respond effectively to threats.
Artificial intelligence and machine learning are used extensively for detecting threats, but their use in other areas of security operations is less explored. One of the biggest opportunities for AI and ML in cyber is around investigating potential security incidents, said Forrester's Allie Mellen.
Business email compromise, end-user education, forensic archiving and recovery can be confounding to SMBs that lack the resources for a traditional secure email gateway. The rise of cloud-based email offerings means that SMBs can now get the same level of email protection without using a gateway.
The lack of a dedicated security operations center can make it difficult for small organizations to benefit from security tools. To streamline security, it's crucial to have a user-friendly interface and experience that is easy to comprehend and understand, said Malwarebytes CEO Marcin Kleczynski.
AI is a tool for augmenting humans rather than replacing them, and AI is far from surpassing human capabilities on a scalable level. Although AI can generate realistic images and believable text, it still has a long way to go in detecting anomalies, said Kyle Hanslovan, CEO of Huntress.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.