Business email compromises have been at the center of a number of procurement fraud scams, says Allan Stojanovic, a security architect and analyst at the University of Toronto, who describes the fraud and why it's so difficult to thwart.
Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks.
CISOs and CIOs must ensure their organizations plan for worst-case scenarios, conducting frequent "dry runs" of disaster recovery plans, says Tonguc Yaman, CIO of SOMOS, a New York Community Care Network, who formerly served as deputy CIO of Bellevue Hospital.
The threat landscape is changing as the industrial internet of things radically broadens the attack surface for critical infrastructure, says Kenneth Carnes, CISO for the New York Power Authority, who discusses how to address the shift.
To transparently identify legitimate users in digital channels, organizations need strong digital identity risk assessment capabilities that examine each user's digital patterns and can more accurately detect potential bad actors, says IBM's Matt Konwiser.
All organizations should ensure that they are using the most appropriate tools, technologies, practices and procedures to safeguard their information against today's top threats, says Check Point's Avi Rembaum.
Intelligence adaptive authentication represents the latest advance in authentication and risk analysis - with a dose of machine learning - to help organizations authenticate users and battle fraud in real time, says OneSpan's Will LaSala.
Enterprise incident response teams tend to lack a diversity of skills and attention to education and testing, says Anne Marie Zettlemoyer, a security strategist who sits on the board of SSH Communications Security. She offers advice on how to make these teams more aligned and effective.