Boards of directors that figure out how to leverage cybersecurity as a strategic asset will give their organizations a strong competitive advantage, says Lance Hayden of Berkeley Research Group. "Security needs to be part of what the organization uses to competitively differentiate itself."
In the coming months, the Department of Homeland Security will implement a new cyberthreat information sharing law designed to help prevent breaches. But will the Cybersecurity Act of 2015 really make a difference?
The hack of the Office of Personnel Management, revealed in June, represented a turning point. As a result of the cyberattack, breaches became a concern of a wide sphere of government employees and citizens.
Improving breach detection and defenses involves much more than buying the latest technology, warns security expert Haroon Meer. "We keep moving on as we try to solve new, shiny problems, which we then half solve, but we still haven't completely solved problems that we knew about 20 years ago."
NIST is soliciting comments from stakeholders on whether its cybersecurity framework is helping organizations secure their information systems. Those observations could result in an update of the framework, NIST's Adam Sedgewick explains in this interview.
Understanding the promise of user behavior analytics is one thing. Deploying them to detect and respond to threats is quite another. Bert Rankin of Fortscale offers tips on practical application of the latest UBA solutions.
Too many recent high-profile breaches resulted from attackers using legitimate user credentials to infiltrate critical systems. Fortscale's Bert Rankin tells how user behavior analytics help organizations catch attackers after the breach.
Conflicting cybersecurity guidance from banking regulators and a federal agency is making it more difficult for CISOs to set priorities, says Chris Feeney, president of BITS, the technology and policy division of the Financial Services Roundtable.
The rising profile and increasingly complex nature of cyberattacks was a major development in 2015. What are the key threats for security practitioners to be wary of in the year ahead? FireEye CTO APAC Bryce Boland shares insights.
Giving the fired Sanders aide the benefit of the doubt that he wasn't trying to steal Clinton campaign secrets to benefit the Vermont senator's quest for the White House, was Josh Uretsky justified in accessing the rival's data to conduct his own investigation?
Jeremy King of the PCI Security Standards Council explains why it has extended its compliance deadline for encryption updates aimed at phasing out SSL and TLS 1.0. But he stresses that merchants, processors and acquirers should not wait to make upgrades.
In terms of malware, 2015 will go down as the year that ransomware got big, and the organized criminals behind it got bolder. IBM's Limor Kessem discusses what to expect from advanced malware variants in 2016.