Carelessness, a lack of security awareness, unclear data ownership and poor toolsets are root causes of insider breaches, says Tony Pepper, CEO of Egress, which recently surveyed CISOs and employees to trace the cause of insider breaches resulting from both intentional and unintentional loss.
Crowdsourced bug bounty programs help organizations identify severe vulnerabilities in their apps and infrastructure. But that gamification model has been evolving to supply not only penetration testing but also deep dives by single researchers, says Bugcrowd CSO David Baker.
A top cybersecurity imperative for organizations is to "take proactive mitigation before an event even occurs" by tracking attack trends and mitigating against emerging types of attacks, says Akamai's Jay Coley.
The threat landscape continues to evolve, says Chester Wisniewski of Sophos. "The more professional, the more skilled criminals out there are moving, seemingly, away from this 'spray and pray' mass exploitation approach and getting more targeted. It's what I call a blended threat."
In today's highly connected, cloud-based environment, application security is more critical than ever, says Jeff Williams, co-founder and CTO of Contrast Security, who explains why.
Organizations and their applications are under attack from automated bots and bad actors. And many of these attacks are undetectable by conventional security technologies. How can organizations detect and prevent this activity? Carl Gustas of Cequence Security shares insights.
Apple will introduce a feature in its new iOS 13 operating system later this year that allows the use of Apple credentials to log into other services. The feature is designed to reduce the amount of personal information that app developers obtain, a clear shot across the bow of Facebook and Google.
The right authentication controls at the right time for the right transactions - the adaptive authentication message is taking off, says OneSpan's Tim Bedard. And here are some quick wins organizations might focus on when starting down the path.
The latest edition of the ISMG Security Report analyzes the "blame game" in the wake of a ransomware attack against the city of Baltimore. Also featured: Discussions of cyberthreats in the financial services sector and open source security concerns.
Infosecurity Europe returns to London June 4-6, featuring more than 230 sessions over three days covering a range of topics, including application security, automation, data protection, risk management, incident response and threat analysis. Here's a preview of 11 hot sessions.
Private equity firm Insight Partners has announced it's acquiring threat intelligence specialist Recorded Future in a $780 million all-cash deal, capping a week of significant deal-making activity in the global information security vendor market. Find out what other deals were announced.
For attackers, "credential stuffing" - using stolen usernames and passwords to log into any site for which a user reused their credentials - is the gift that keeps on giving, says security researcher Troy Hunt. Here's how organizations can mitigate the threat.
The latest challenge to face CISOs: Finding the best way to keep their organization secure while at the same time navigating political edicts that may lack any technical detail or present solid facts or alternatives to suspect technology, says Jaya Baloo, CISO of KPN Telecom.
On the sixth stop of a multi-city tour, ISMG and Sonatype visited San Francisco for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses the relevance and value of this application security conversation.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.
