Technology has enabled a whole new wave of "accidental" insider threats - people who make a mistake or are taken advantage of by attackers. What role can technology now play in improving insider threat detection and response? Three CISOs share their insights.
Federal regulators say newly identified cybersecurity vulnerabilities dubbed "SweynTooth" could pose risks to certain internet of things devices, including wearable health gear and medical devices, as well as "smart home" products from vendors who use Bluetooth Low Energy, or BLE, wireless communication tech.
Three U.S. senators are demanding more answers from Catholic healthcare system Ascension and Google over "Project Nightingale," which is part of a controversial data-sharing and cloud migration initiative that has raised concerns about sharing patient information without explicit permission.
Just as consumers can look at a box of Twinkies and read a list of ingredients, so too should software makers provide users with a "bill of materials" explaining their composition, says Allan Friedman, director of cybersecurity initiatives at the U.S. National Telecommunications and Information Administration.
Software development over the past decade: The good news is that more organizations than ever have secure software development practices in place, says Chris Eng, chief research officer at Veracode. But the bad news is that many of the same flaws - including injection vulnerabilities - persist.
Andre Durand has spent decades in the cybersecurity sector and had identity in his sights when he founded Ping Identity in 2002. Nearly 20 years later, the industry is embracing the notion that cybersecurity begins with secure identity.
Australia reportedly took a sensitive military recruiting database offline for 10 days in February following concerns it may have been compromised. The Defense Department says there's no evidence data was stolen.
As organizations face having to demonstrate compliance with a broad range of regulations that have an IT and cybersecurity impact, the imperative is to adopt frameworks such as ISO 27001 and NIST 800-53, says David Ogbolumani, chief cybersecurity and privacy officer at IT Security Consultants.
Software development benefits from security checks being brought to bear early and often, but the blending of in-house and open source code has historically complicated that process, says Patrick Carey of Synopsys. Now, however, maturing toolsets and approaches are facilitating security checks, he says.
In response to White House warnings that 5G infrastructure equipment built by Huawei could be subverted by China to conduct espionage, Andy Purdy of Huawei Technologies USA says his company has pledged full transparency and urges competitors to follow suit.
As the RSA 2020 conference showcased "The Human Element," Palo Alto Networks' M.K. Palmore turned his attention to the passive insider threat - the one that intends no malicious harm, but whose actions can lead to costly breaches.
So far, there have been 92,000 reported cases of coronavirus globally, with 3,200 deaths. Global markets have been rocked, and major employers are revisiting their plans for staffing, travel and conferences. What do the numbers and trends mean? Pandemic expert Regina Phelps analyzes the latest developments.