As organizations move more data into the cloud, too many are treating security as an afterthought, says Outpost24's Bob Egner. Instead, as part of an agile development program, he recommends making penetration testing a constant, and using solid DevSecOps to maintain optimal cloud data security.
Much more must be done to shore up the U.K.'s national infrastructure. "It's partly austerity, and it's partly what's happening in the global economy, but we've really seen an underinvestment, specifically in the critical national infrastructure," says LogRhythm's Ross Brewer.
Security experts warn that hackers could one day make use of machine learning and AI to make their attacks more effective. Thankfully, says Cybereason's Ross Rustici, that doesn't appear to have happened yet, although network-penetration attacks are getting more automated than ever.
Old technology never dies, but rather fades "very slowly" away, as evidenced by there being 21 million FTP servers still in use, says Rapid7's Tod Beardsley. Rapid7's scans of the internet have also revealed a worrying number of internet-exposed databases, memcached servers and poorly secured VoIP devices.
What are hot cybersecurity topics in Scotland? The "International Conference on Big Data in Cyber Security" in Edinburgh focused on everything from securing the internet of things the rise of CEO fraud to the origins of "cyber" and how to conduct digital forensic investigations on cloud servers.
An Equifax software engineer has settled an insider trading charge with the U.S. Securities and Exchange Commission after he allegedly earned $77,000 after he made a securities transaction based on his suspicion that the credit bureau had suffered a data breach.
Helping victims know their passwords have been exposed in a data breach is half the battle in the fight to improve password security. To help, Mozilla and 1Password are integrating into their products a feature from the popular "Have I Been Pwned" breach notification service.
Leading the latest edition of the ISMG Security Report: A preview of next week's Fraud and Breach Summit in Chicago, which will feature keynoter Brett Johnson, a former cybercriminal who now advises organizations on fighting crime.
Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it.
Government regulation is key to minimizing the misuse of cryptocurrencies for cybercrime, says Brett Johnson, a former cybercriminal who now consults on crime prevention. But regulating cryptocurrencies is no easy task, he acknowledges. Johnson will keynote ISMG's Fraud and Breach Prevention Summit in Chicago.
Human resources software developer PageUp says it doesn't appear that personal data exposed in a malware attack was actually removed from its systems. But it has also found authentication error logs that recorded incorrect login attempts from before 2007.
As organizations detect more breaches, incident responders are increasingly overloaded, says Darktrace's Dave Palmer, who recommends organizations adopt strategies for "surgically interrupting the bad" while maintaining normal business processes and productivity.