Leading the latest edition of the ISMG Security Report: CipherTrace CEO Dave Jevans discusses recent research on cryptocurrency money laundering and whether regulation is possible. Plus, California passes a new privacy law.
Patch management problem: Organizations must identify and fix all new vulnerabilities in their software and hardware as quickly as possible. Unfortunately, on average, attackers keep exploiting flaws faster than they're being patched, says Tenable's Gavin Millard.
With endpoint security, the fundamental concept was always to detect and prevent. Mature security strategies today are increasingly looking at response and remediation as well to complete the cycle, says Shrenik Bhayani of Kaspersky Lab.
To have any hope of keeping up "with the exponential rise in variants in malware," organizations must reduce their attack surface, in part by using technology designed to learn what attacks look like and respond as quickly as possible, says Cylance's Anton Grashion.
Companies are sending notification emails about a data breach at Typeform, a software-as-a-service platform for distributing and managing surveys, questionnaires and competitions. The breach is so far known to affect Travelodge, Fortnum & Mason, Monzo bank and the Tasmanian Electoral Commission.
Businesses undertaking digital transformation - typically involving a push to the cloud, amongst other initiatives - must put security first if they want their project to achieve optimum success, says Fortinet's Patrick Grillo.
The difficulty in hiring new information security personnel and need to combat the ever-rising number of threats is driving many organizations to seek increased incident response automation, and in many cases to get it by working with managed security service providers, says AlienVault's Mike LaPeters.
As organizations move more data into the cloud, too many are treating security as an afterthought, says Outpost24's Bob Egner. Instead, as part of an agile development program, he recommends making penetration testing a constant, and using solid DevSecOps to maintain optimal cloud data security.
Much more must be done to shore up the U.K.'s national infrastructure. "It's partly austerity, and it's partly what's happening in the global economy, but we've really seen an underinvestment, specifically in the critical national infrastructure," says LogRhythm's Ross Brewer.
Security experts warn that hackers could one day make use of machine learning and AI to make their attacks more effective. Thankfully, says Cybereason's Ross Rustici, that doesn't appear to have happened yet, although network-penetration attacks are getting more automated than ever.
Old technology never dies, but rather fades "very slowly" away, as evidenced by there being 21 million FTP servers still in use, says Rapid7's Tod Beardsley. Rapid7's scans of the internet have also revealed a worrying number of internet-exposed databases, memcached servers and poorly secured VoIP devices.
What are hot cybersecurity topics in Scotland? The "International Conference on Big Data in Cyber Security" in Edinburgh focused on everything from securing the internet of things the rise of CEO fraud to the origins of "cyber" and how to conduct digital forensic investigations on cloud servers.
An Equifax software engineer has settled an insider trading charge with the U.S. Securities and Exchange Commission after he allegedly earned $77,000 after he made a securities transaction based on his suspicion that the credit bureau had suffered a data breach.