Police in Germany say a 20-year-old student has confessed to stealing and leaking personal details from 1,000 German politicians, celebrities and journalists, allegedly after bragging about the crime. More advanced attackers rarely make so much noise.
The recent Black Hat Europe conference in London touched on topics ranging from combating "deep fake" videos and information security career challenges to hands-on lock-picking tutorials and the dearth of research proposals centered on deception technology.
The marketers would have us believe that machine learning and behavioral analytics are the keys to unlocking the future of healthcare information security. But Vikrant Arora, CISO of the Hospital for Special Surgery in New York, offers a more practical outlook.
Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers.
As attackers become more adept at evading "reactive" security controls and alert mechanisms, proactively analyzing the behaviors of people and systems is critical to detecting malicious activity, says Gartner's Kelly Kavanagh.
Artificial intelligence and machine learning will have a significant impact on lowering the cost of securing an organization because it will reduce the need for advanced skillsets, predicts Rapid7's Richard Moseley.
An ongoing security operations center challenge is trying to get the right data to the right person at the right time. The problem is compounded by there being "too much data and not finding the right people to deal with the data," says Mischa Peters of IntSights. What can help?
Numerous technology firms now offer facial biometrics recognition search tools for big data sets. But information security expert Alan Woodward warns that these big data sets must be "considered and regulated very heavily" or else we'll be "living in 1984 without knowing it."
A computer security researcher has discovered a vast marketing database containing 340 million records on U.S. consumers. The database is the latest in a long line of databases to have been left exposed to the internet without authentication, thus putting people's personal data at risk.
CISOs increasingly are summoned to present to their Boards of Directors. But too often these presentations fail to frame the right topics with the right metrics, says Jacob Olcott of BitSight. He offers advice for maximizing the opportunity in front of the Board.
As big-data analytics matures, it will play a bigger role, but security information and event management software, or SIEMs, will also remain essential, contends Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham.