Australia's large online medical booking platform, HealthEngine, has become embroiled in a privacy controversy after it reportedly passed personal medical details to a personal injury law firm. HealthEngine maintains it obtained users' consent, but the revelation appears to have caught many by surprise.
Europe's General Data Protection Regulation is reshaping the way organizations handle data. That's going to have an impact on the sharing of threat intelligence. But the Anti-Phishing Working Group hopes the law will provide legal clarity that will make more organizations comfortable with sharing threat data.
The EU's GDPR is already having an impact on how organizations approach data breach detection and remediation, leading many to rely more strongly on security orchestration and automation, says Allen Rogers of IBM Resilient.
Organizations are increasingly turning to devices and the cloud to foster better collaboration and access to essential data. But as they do so, "the number one blocker for enabling digital transformation is security," warns BlackBerry's Florian Bienvenu.
Organizations are increasingly tapping behavioral analytics to help incident responders "correlate data from multiple sources and save time in the response workflow" - in other words, to more quickly detect and mitigate breaches, says Nick Bilogorskiy at Juniper Networks.
Attackers continue to shift their tactics to help evade improvements in defenses, says Rick McElroy, security strategist for Carbon Black. Recent trends include fileless attacks, shifting from PowerShell to WMI, plus cryptojacking and credential harvesting.
To increase the effectiveness of security information and event management tools, while lowering the rate of false positives, organizations need to bring in more context about user behavior, says Derek Lin of Exabeam.
Michael Jones of Domain Tools says that studying domain ownership information gives organizations "contextual data around domains that may be attacking them," thus allowing them to better block attacks, avoid malicious sites and combat phishing campaigns.
Three key challenges facing security practitioners worldwide are visibility, metrics and orchestration, says Vishal Salvi, CISO for India's tech powerhouse Infosys. The threat landscape, rather than compliance, is driving security decisions, he says.
Many organizations are looking for pre-defined logic for effectively consuming threat intelligence across information silos, rather than collecting intel and then having to define the logic to make it actionable themselves, says Greg Singh of Skybox Security.
Electric car manufacturer Tesla has sued a former employee for sabotage, alleging that he "unlawfully hacked the company's confidential and trade secret information" and gave it to third parties while leaving a trail designed to implicate other employees. The ex-employee, however, claims he's a whistleblower.