GDPR is in effect, and in one year, regulators will start to assess penalties against enterprises not in conformance with the regulation. How prepared are entities? Will it take a high-profile penalty to get the world's attention? Michael Hack of Ipswitch weighs in.
Cybercriminals and nation-state threat actors are beginning to act alike - and that's bad news for cybersecurity leaders and their enterprises, says Eward Driehuis of SecureLink. Here are the trends to track.
It's easy to draw a direct link between high-profile breaches and the compromise of user credentials. But it requires a phased approach to actually improve privileged access management, says Barak Feldman of CyberArk.
Outdated policies, lax regulatory oversight and bureaucracy have stunted more advanced cybersecurity investments at some organizations that provide the nation's critical infrastructure, says Brian Harrell, the former director of critical infrastructure protection at the North American Electric Reliability Corp.
Today's cybersecurity industry is far too focused on keeping bad guys out, says Chris Pierson of Viewpost. Organizations need to pay more attention to keeping data inside the enterprise, he says, describing how to make the shift to a focus on limiting exfiltration.
Businesses are suffering from an influx of too much security technology packaged into too many solutions offered by too many vendors, says former RSA Chairman Art Coviello, who claims the proliferation of products isn't helping improve cybersecurity.
Cyber-intelligence expert Tom Kellermann sees a growing hostility in cyberspace, and he fears a new wave of advanced threats aimed not just at committing crimes, but at breaching critical infrastructure. Who are the top threat actors, and what are their key targets?
Cybersecurity incidents have evolved considerably since the TJX and Heartland breaches of 2007-08. And so has the discipline of incident response, says former prosecutor Kim Peretti, now a partner at the law firm Alston & Bird. She defines incident response 2.0.
Mobile payments are more secure than online and card payments, says David Lott, a payments risk expert with the Retail Payments Risk Forum at the Federal Reserve Bank of Atlanta. But how customers use their mobile devices can dramatically affect transactional security.
CISOs are increasingly being asked by management and boards to predict what the cost of a breach or cyber incident might be. But most still need to develop good predictive metrics, says Benjamin Dean, president of Iconoclast Tech.
In his world travels, Steve Durbin of the Information Security Forum sees the global cybersecurity industry coming of age. But he also sees the steady maturation of cybercriminals and their schemes. How can organizations best counter the changing threat landscape?
As an assistant U.S. attorney in northern Georgia, Nathan Kitchens has seen scores of cybercrime cases - especially ransomware attacks and business email compromises. And he has two words of advice to potential victims: Be prepared.
As fraudsters continue to improve their email spoofing with better socially engineered schemes, business email compromise attacks will become more successful, says Denyette DePierro of the American Bankers Association, who discusses how banks can help customers avoid becoming victimized.