Newer technologies, such as machine learning, can help mitigate the risk of ever more sophisticated email-based attacks, including phishing, says Dena Bauckman of Zix Corp.
In light of emerging cyberthreats, including ransomware, organizations must change how they assess their cyber insurance options, says Ken Suh of Beazley.
Deception technology, adversary intelligence and early detection can help counter spoofing and phishing attacks, says Sal Stolfo, the founder and CTO of Allure Security.
With new threats targeting the nation's critical infrastructure, partnerships among government and private-sector security professionals are more critical than ever, says Brian Harrell of the new U.S. Cybersecurity and Infrastructure Security Agency.
F. Ward Holloway of Forescout Technologies sorts through what he sees as common misconceptions about the "zero trust" approach to security, including the assumption that it can prove to be too costly and complex to implement.
Today's machine-speed attacks require an autonomous machine-speed response to mitigate the risk, says David Masson of Darktrace, who offers strategic insights.
Healthcare organizations must actively manage their in-house medical internet of things to ensure that they can provide high levels of patient care while minimizing the inevitable risks posed by internet-connected medical devices, says Fortified Health Security's Dan Dodson.
The payment card industry needs to do more to tackle the rising problem of fraud, says information security expert William H. Murray, pointing to the new Apple Card - which lacks the card number printed on it - as an example of how the industry must evolve. But numerous cultural challenges remain, he says.
When crafting an identity and access management strategy, organizations need to balance the need for improved security with giving employees the freedom they need to do their jobs, says John Bennett of LastPass by LogMeIn.
Third-party vendor risk continues to pose a security challenge to organizations. Despite many having formal policies for managing third-party risk, almost half of organizations say they've suffered a data breach that traces to a third-party vendor, says Mark Sangster of eSentire.
More organizations are applying a highly automated "zero trust" model to ensure that they only give the right amount of privilege to the right user for the right amount of time, says Markku Rossi, CTO of SSH Communications Security.
The decline of the network perimeter as the cornerstone of enterprise cybersecurity means that CIOs and CISOs are increasingly focusing on identity to ensure that only the right people connect to systems, says Okta's Clare Cunniffe.
Significant security events have many techniques in common, says Chris Hallenbeck of Tanium, who describes why security hygiene improvement, especially patch management, is so essential.
Organizations need to create a "defensible" cybersecurity program that has a mandate and executive endorsement, says Gartner's Tom Scholtz. I. Here are some points to keep in mind when drafting a program.
Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords. The exploits come despite both vendors having released patches several months ago - Pulse Secure in April, Fortinet in May.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.