Deception technology, adversary intelligence and early detection can help counter spoofing and phishing attacks, says Sal Stolfo, the founder and CTO of Allure Security.
This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.
Deception technology is attractive in that it offers - in theory - low false positives and critical clues to attackers' methodologies. But the benefits depend on its ability to fool attackers and whether organizations can spare the time to fine-tune it.
Deception technology is becoming more sophisticated, enabling organizations to battle against emerging threats, says Alissa Knight, senior analyst at Aite Group, a research and advisory company.
The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies.
With attackers continuing to hammer weaknesses in software, organizations must prioritize application security more than ever, says Ian Ashworth of Synopsys. Thankfully, developers and middle management - bolstered by agile methodologies and DevOps - are increasingly leading the charge.
It's becoming increasing important to detect adversaries that have bypassed your security controls and moved laterally in your environment, says Carolyn Crandall of Attivo Networks, who describes the role deception can play.
The recent Black Hat Europe conference in London touched on topics ranging from combating "deep fake" videos and information security career challenges to hands-on lock-picking tutorials and the dearth of research proposals centered on deception technology.
A security breach is always a sensitive topic - but especially so during a merger or acquisition. Ofer Israeli, CEO of Illusive Networks, discusses how deception technology can help prevent disruption by a cyberattack during M&A activity.
Beset by increasingly aggressive threat actors, many security leaders have decided their best defense is a stronger offense. John Wilson of Agari offers insights into the active defense movement - including the ethical and legal concerns associated with it.
Would access to better information pertaining to encryption help Congress pass good crypto-related laws? That's the impetus behind a "Digital Security Commission" and a related report being hawked by some lawmakers.
A new report suggests that a Chinese cyber espionage APT attack group is behind a string of targeted ransomware infections that have slammed U.S. firms. Dig into the details, however, and the report is nothing but speculation, two security experts caution.
The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
Developing a culture of responsibility could go a long way in helping business, not-for-profits and governments secure their organizations' information resources.
Outrageous Facebook behavior by a contractor at a California hospital offers an eye-opening reminder about the need for a zero-tolerance policy when it comes to privacy violations.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.