The information security field has done a poor job of attracting and retaining women, contends Jo Stewart-Rattray, international director of ISACA, who emphasizes the need for mentoring as well as salary equity.
With organizations increasingly moving to the cloud, more security professionals are needed to help secure those environments as well as manage incident response. Cloud forensics expert Neha Thethi outlines must-have skills, qualifications and certifications.
The commoditization of attack infrastructure and services in the cyber-criminal underground, and the low cost and ease of launching targeted attacks, are growing concerns that require new defense strategies, says Trend Micro's Raimund Genes.
In addition to having a dedicated individual or team responsible for privacy matters, organizations must ensure their information security and IT staffs are knowledgeable about data privacy issues, says Trevor Hughes, CEO of the International Association of Privacy Professionals.
The attacks have evolved, breaches have multiplied, and serious security gaps have been exposed. But what most concerns FireEye President Kevin Mandia? The rise of nation-states as leading threat actors.
President Obama characterizes hacks of American businesses by Chinese hackers as an "act of aggression" against the United States and promises his administration will take action against the Chinese if they don't stop.
Drawn by the potential for low risk and high reward, criminals worldwide are increasingly pursuing online crime instead of conventional forms of property crime, such as burglary and robbery, warns cybersecurity expert Alan Woodward.
FBI Special Agent Charles Gunther says collaboration with FinCEN, international law enforcement and U.S. banks has helped the FBI recover millions of funds stolen from customers via emerging wire fraud schemes.
More hackers are exploiting remote-access and network vulnerabilities, rather than installing malware to invade networks and exfiltrate data, says Dell SecureWorks' researcher Phil Burdette. That's why conventional breach-detection tools aren't catching the intrusions.
Cybersecurity adviser Patricia Titus, a former CISO, says too many women are leaving the information security field for jobs with less pressure and more work schedule flexibility. So she urges organizations to offer more incentives to attract and retain women in the field.
Underground cybercrime forums continue to evolve, offering services ranging from cybercrime toolkits and money laundering to bulletproof hosting and a service that reviews exfiltrated data for corporate secrets, says cybersecurity analyst Tom Kellermann of Trend Micro.
CISOs who want to keep more cyber-attacks from succeeding should focus on decreasing the half-life of vulnerabilities, which refers to the amount of time it takes half of all systems affected by a vulnerability to get patched. That's the advice from Qualys' Wolfgang Kandek.