Bad news for anyone who might have hoped that the data breach problem was getting better. "Anecdotally, it just feels like we're seeing a massive increase recently," says Troy Hunt, the creator of the free "Have I Been Pwned?" breach-notification service. Unfortunately, he says, the problem is likely to worsen.
Bug bounty myths: All such programs must be public, run nonstop, pay cash to bug-spotters and allow anyone to join. But HackerOne's Laurie Mercer says such programs often run as private, invitation-only and time-limited endeavors, sometimes offering only swag or public recognition.
Organizations that want to ensure they have a solid cybersecurity strategy must ensure they rigorously pursue best practices, monitor their infrastructure, eliminate vulnerabilities as well as prepare for the worst, says Andrew Gogarty of Secon Cyber.
With cybersecurity becoming ever more difficult to monitor and manage, and product and data overload triggering cyber fatigue among cybersecurity professionals, organizations must embrace more autonomous approaches, says Censornet's Richard Walters.
Organizations are increasingly relying on threat intelligence to help them better identify malicious behavior before it hits the network - or users encounter it - including using domain name system analysis to track emerging campaigns, says Corin Imai of DomainTools
A group of 22 state attorneys general, mainly from Democratic-leaning states, are demanding Congress offer local officials more support - including grants and equipment standards - to improve election infrastructure security in the run-up to the 2020 presidential contest.
The parent company of American Medical Collection Agency has filed for bankruptcy in the wake of a data breach affecting millions of patients. The filing provides an inside look at the "cascade of events" and financial havoc wreaked by a security incident.
With Facebook now officially preparing to launch its own cryptocurrency, Libra, in 2020, the social media giant is facing a privacy and security backlash both in the U.S. and Europe. Lawmakers and regulators are raising concerns about the offering based on the company's poor history of protecting user data.
Why does everyone keep mislabeling machine learning - a proven technique for helping organizations to improve their security posture - as artificial intelligence? "I'm so tired of the AI buzzword bingo," says John Matthews, CIO of ExtraHop Networks.
Defending organizations against attackers is more challenging than ever. "The complexity and sophistication of the threats has increased," says Cisco's Mark Weir. "What we're seeing a lot of at the moment as well is intellectual property theft."
Visibility, or a lack thereof, continues to challenge organizations as they attempt to protect their businesses by knowing which systems, applications and data they have, says AlgoSec's Jeffrey Starr. He discusses how centralized visibility, control and automation can help.