An Idaho federal court dismissed the U.S. Federal Trade Commission's lawsuit against data analytics vendor Kochava in a bid by the agency to permanently stop the company from selling geolocation data collected from mobile devices. The agency can file an amended complaint within 30 days.
Organizations must extend identity protection beyond employees to safeguard contractors, supply chain partners, software bots and intelligent devices, said SailPoint CEO Mark McClain. Businesses struggle to keep up with what applications or data non-employee or non-human identities need access to.
Network segmentation and microsegmentation are ways to contain cyberattacks and prevent lateral spreading. Within the cloud, network segmentation ties into zero trust. Yet the diversity of information systems with different levels of criticality poses a challenge to implementing zero trust.
2023 is the year of exposure, said Cyentia Institute's Wade Baker. Exposure dominated Cyentia research this year, and many breaches were linked to mistakes in vulnerability management and poorly managed identities. Organizations are struggling with prioritizing hardware and software vulnerabilities.
Complexity has made it tough for organizations to be secure and efficient, which is driving many customers to look at vendor consolidation, said Palo Alto Networks President BJ Jenkins. Organizations that deploy a lot of point solutions are stuck finding a way to make all the products work together.
Thoma Bravo has agreed to spend $12 billion on three high-profile identity acquisitions to help with the transition from on-premises licenses to cloud-based subscriptions. Vendors in the space must expand their customer success organization and shift incentives for the salesforce, said Chip Virnig.
Organizations looking to adopt zero trust architectures are increasing pursuing service mesh rather than microsegmentation due to new innovations, said Ballistic Ventures General Partner Barmak Meftah. Microsegmentation excels at limiting the attack surface but comes with major overhead expense.
The tally of individuals whose sensitive information was compromised by the exploitation of a zero-day vulnerability in Fortra's GoAnyWhere secure file transfer software is growing by millions as more entities report heath data breaches to regulators.
Offensive security is transitioning from traditional penetration testing to a more continuous, technology-led approach, says Aaron Shilts, president and CEO at NetSPI. The security posture of organizations is constantly changing, making a point-in-time pen test less effective.
IT and OT security are more different than most realize. IT focuses on digital systems and data, and OT concerns itself with physical systems and their interconnectivity, said Dragos CEO Robert Lee. The stark differences between IT and OT security are laid bare around vulnerability patching.
Continued reliance on legacy VPNs hinders remote work performance and fails to provide users or organizations with zero trust security protection, said Netskope's Sanjay Beri. Companies often start by augmenting their VPNs to enable zero trust network access before moving to full replacement.
While the concept of zero trust has been around for years and has been adopted by the federal government, most small- and medium-sized businesses still don't know how to implement zero trust, said Chase Cunningham. But progress is being made - with a big focus on automation.
Cybersecurity professionals are stressed out, overworked, underpaid and working on short-staffed teams, said Candy Alexander, president of the ISSA International Board. She advised organizations to look for the right indicators of a good cybersecurity culture.
The University of Iowa Health Care is facing a proposed class action lawsuit from a patient who alleges that online tracking tools embedded into the medical center's websites secretly transmitted sensitive personal and health information to Facebook.
The U.S. Federal Trade Commission is seeking tougher sanctions for Facebook after determining that several gaps exist in the company's compliance with a 2020 consent decree mandating privacy improvements. The company will have 30 days to respond and could challenge tougher privacy rules in court.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.