The Target breach was the hot topic for many RSA 2014 attendees, but Gartner's Avivah Litan was already talking about the next Target - a UK retailer that may have suffered a similar hack, exposing payment card data.
Troy Leach of the PCI Security Standards Council says data security standards are not failing; they just aren't being applied continuously. And conformance with the Payment Card Industry Data Security Standard is just one piece of the puzzle.
Most organizations have yet to realize the cybersecurity benefits of big data analytics, says Russell Thomas of Zions Bank. He explains steps the pioneering bank is taking to revolutionize its big data operations.
RSA President Amit Yoran's focus is on refining RSA's vision, growth strategy and emerging technology. A key consideration in honing that strategy: the rise and pervasiveness of advanced threat actors.
In the four years that he led the National Strategy for Trusted Identities in Cyberspace, Jeremy Grant says he saw significant progress in the use of new forms of authentication - yet widespread acceptance remains years away.
As financial institutions update their defenses in light of new types attacks - from scams to network-penetrating cyber-attacks - they need to ensure they factor in all of the ways that their systems and employees might be targeted or manipulated.
The Trojan "Laziok" targets energy firms throughout the Middle East, India, the U.S. and the U.K., warn security researchers at Symantec. The malware attempts to exploit a Microsoft Office bug patched in 2012.
Application security is not keeping pace with evolving attacks, says Prasenjit Saha, a CEO at the consultancy Happiest Minds Technologies. One problem: lack of a standard, secure coding process in the application development life cycle.
Chinese officials have reportedly agreed to delay some banking-sector requirements aimed at foreign technology vendors, who were instructed to submit to rigorous audits and to add government-approved backdoors to their products.
Psychologically speaking, nothing beats the power of a well-timed deadline. And love it or hate it, Google's 90-day "Project Zero" deadline for fixing flaws - before they get publicly disclosed - has rewritten bug-patching rules.