Despite the buzz about digital transformation, most enterprises remain overwhelmed by having to support and secure legacy technologies, says Mark Loveless of Duo Security. How can they simultaneously protect their legacy systems while securing their future?
How might blockchain improve digital identity proofing in the healthcare sector? The National Health Information Sharing and Analysis Center and security vendor Trusted Key are testing that out with a proof-of-concept application.
What matters most, right now, to the information security community? At RSA 2018, RSA's president said WannaCry was a wakeup call for vulnerability and risk management. Other experts see artificial intelligence, machine learning and secure coding as hot trends.
A dozen medication and supply management products from Becton Dickinson and Co. are vulnerable to flaws identified last year in the WPA2 protocol, putting the products at risk for so-called KRACK attacks, according to a federal alert. Such attacks can potentially lead to malware infections.
New PCI requirements that go into effect June 30 are pushing payment card acquirers, processors, gateways and service providers worldwide to implement more secure encryption protocols for transactions. But are they ready?
The attackers behind SamSam ransomware have been focusing not on infecting individuals' computers, but rather the systems of large organizations that they hope will pay for a "volume discount" - in one case, $46,000 - to decrypt all of their systems at once.
Following in Google's footsteps, Amazon has closed a technical loophole that helped some online services evade censorship filters, but which was also abused by cybercriminals. Collateral damage is already being felt by the likes of Signal, a popular, encrypted-messaging app blocked by some governments.
Hackers are going to breach a network, bypassing firewalls and other network defenses. So the focus must be on what happens next, says Mukesh Gupta of Illumio, who describes how micro-segmentation can help contain breaches.
Organizations that procure cybersecurity services are increasingly looking not just for private cloud-based approaches, but products that operate from public cloud environments, says Larry Hurtado, CEO of Digital Defense.
Monica Jain has a lot of experience in security operations centers, and she knows much of the tribal knowledge there is not automated or shared. That's why she co-founded LogicHub, a new intelligence automation platform.
Mark Jaffe is less concerned about how adversaries breach networks, but more concerned about how to secure their actual target - critical data. His startup company, Allure Security, intends to help secure that data.
Fitbit and Google say they are collaborating to accelerate innovation and "transform the future" of digital health and wearables, leveraging cloud computing. Some observers, however, say the partnership also raises privacy, security and patient safety questions.
Industrial control system environments are tough to hack, because each is unique, says Sergio Caltagirone of Dragos. But the recent emergency of Triton malware shows that attackers have been testing how to compromise some environments, which could have catastrophic results.
Banks and other financial services sector organizations need to pay more attention to their security infrastructure and defenses and apply application security safeguards to monitor all of their data - as well as individual files, says Terry Ray, CTO of Imperva.