The likelihood of encountering a sophisticated cyberattack is much higher than ever before - especially with the leak of government-grade hack tools in the public domain, says Dan Larson of CrowdStrike, who discusses the latest threat research.
Too many organizations believe in the fallacy that firewalls are keeping the bad guys out, when in reality, bad actors likely are already within their environments, says Bill Mann at Centrify, who calls for a "zero trust" approach.
Insider threats aren't going away, but the introduction of machine learning and AI are proving to be powerful tools in the fight, says Randy Trzeciak of Carnegie Mellon University's CERT.
Plenty has been said about threats to internet of things devices - and rightfully so. But what about operational technology that often has been neglected by security controls? Mark Nunnikhoven of Trend Micro weighs in on OT risks.
Managing the key management lifecycle for multiple encryption capabilities across platforms and infrastructures is emerging as a challenge for enterprises, says Peter Galvin of Thales eSecurity.
Rather than focusing solely on preventing breaches, organizations must also embrace detection and response, says Tim Roddy of Fidelis Cybersecurity, who offers strategic insights.
Although many financial institutions are growing their security and fraud budgets, their losses to fraud are still increasing, says John Gunn of Vasco. Real-time detection capabilities are key to preventing fraud and reversing this trend, he says.
Artificial intelligence can help the security community tackle the skills shortage and is also essential to fighting the volume and sophistication of cyberattacks, says Gary Weiss of OpenText.
Visibility in the cloud includes understanding all aspects of critical applications and comparing this data in real time with historical data, says Sharon Besser of GuardiCore. This enables implementation of an effective and efficient security policy, he says.
One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
What can be done to address the shortage of personnel to fill the ever-expanding roster of cybersecurity jobs - from entry-level positions through the CISO role? (ISC)2's John McCumber describes organizational and governmental efforts to lower barriers to entry and build tomorrow's workforce.
Attackers rarely bother with technical sophistication when easy social engineering schemes, such as "hacking" a victim's social network and using it against them, can give them what they want, says Markus Jakobsson, chief scientist at the cybersecurity firm Agari.
To combat credential stuffing and other types of rising attacks, organizations need data - and lots of it - to feed machine learning and artificial intelligence algorithms to better detect these types of high volume attacks, says Shape Security's Dan Woods.
