In the latest weekly update, four editors at ISMG discuss highlights from recent ISMG events, the winners and losers in Forrester's first-ever network analysis and visibility rankings, and the ongoing tech trade war between the U.S. and China and its impact on the global supply chain.
Service providers typically lack the skills and large security teams needed to thwart complex and high-volume cyberattacks on their own, said A10 Networks CEO Dhrupad Trivedi. MSPs telecom and cloud providers struggle to assess the scale of cyber incidents and to detect and remediate them.
A growing number of security teams are looking to consolidate tools to simplify operations, said Gartner analyst Dionisio Zumerle. "When you have the complexity, it's very hard to identify misconfigurations between the different overlapping tools, and it's also hard to identify security gaps."
CISO Ian Thornton-Trump said he is opportunistic about using chatbots but warns that the technology needs oversight and testing to ensure "the responses that it's giving are accurate and the information it's able to access is also pertinent to the questions that are commonly asked."
A Tennessee medical clinic and surgical center is notifying more than half a million patients and employees that their personal information may have been stolen by cybercriminals in an April cyberattack that disrupted healthcare services for several days.
Russia has relied on blunt-force cyberattacks in Ukraine to inflict maximum damage rather than turning to new techniques. In many cases, Ukrainian defenders are flying blind because Russian wiper malware is designed to evade most security controls, said Mandiant CEO Kevin Mandia.
Cyber crooks are performing server hijacking or proxyjacking to make money from the sale of their victims' compromised bandwidth on proxy networks, a new report by security firm Akamai finds. "The attacker doesn't just steal resources but also leverages the victim's unused bandwidth," it says.
Financial services organizations face unique cloud security challenges, due to special regulatory, data security and privacy considerations that don't necessarily apply to other industries. Security and payments experts with overlapping skill sets unpack the challenges and how to deal with them.
Startup Lumu edged out larger incumbents Extra Hop, Arista Networks and Trend Micro for the top spot in Forrester's first-ever network analysis and visibility rankings. The percolating of federal zero trust mandates into the civilian world prompted Forrester's evaluation of providers in the market.
Federal regulators are once again reminding healthcare entities and their vendors of the importance of using strong multifactor authentication to help fend off hacks and other compromises, but they also warn about avoiding common mistakes with MFA.
"Exposure management has become top of mind for most CISOs" due to three factors: the uncertain geopolitical landscape, the proliferation of the cloud and an increased focus on regulations and compliance, according to Sarah Ashburn, Chief Revenue Officer at Censys.
Attackers targeting the supply chain are "quite predictable in their movements; they want to persist their access, so they're looking for credentials," said Mackenzie Jackson, developer advocate at GitGuardian, who recommends deploying honeytokens to track the predictability of criminals' actions.
With the growth of generative AI services, organizations want better control of the data going in and coming out of AI. Talon CEO Ofer Ben-Noon discussed how his firm has built a DLP compliance model around generative AI services that blocks healthcare information or SWIFT data shared with ChatGPT.
Big banks want social media firms to take accountability for scams that occur on their payment platforms, but that doesn’t mean reimbursing victims. Banks need to take the lead in making victims whole quickly. And big tech and telcos need to kick the scammers out of their platforms.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.