Complexity has made it tough for organizations to be secure and efficient, which is driving many customers to look at vendor consolidation, said Palo Alto Networks President BJ Jenkins. Organizations that deploy a lot of point solutions are stuck finding a way to make all the products work together.
Thoma Bravo has agreed to spend $12 billion on three high-profile identity acquisitions to help with the transition from on-premises licenses to cloud-based subscriptions. Vendors in the space must expand their customer success organization and shift incentives for the salesforce, said Chip Virnig.
Organizations looking to adopt zero trust architectures are increasing pursuing service mesh rather than microsegmentation due to new innovations, said Ballistic Ventures General Partner Barmak Meftah. Microsegmentation excels at limiting the attack surface but comes with major overhead expense.
White House cybersecurity priorities: The Biden administration continues to have a "relentless focus" on improving critical infrastructure security, disrupting ransomware and combating the illicit use of cryptocurrency, said Deputy National Security Adviser Anne Neuberger.
The lack of proper monitoring and logging can make it difficult for companies to effectively address breaches. Many companies do not have logs turned on or do not properly configure them to track and record what is necessary. Without logs, the response to a breach can be significantly slower.
As ransomware actors get innovative and attacks keep growing at a brisk pace, threat intelligence and incident response plans are now more vital for businesses. But responding calmly in all that chaos is equally important and should be done the right way, said Palo Alto Networks' Wendi Whitmore.
Mass exploitation campaigns are the latest of many criminal innovations in 2023. Based on tracing ransom payments, they weren't very profitable. But ransomware actors do love their zero-days, said Allan Liska, principal intelligence analyst at Recorded Future.
The cybersecurity industry needs to be increasingly agile, said Hugh Thompson, program committee chairman of RSA Conference. Attackers are constantly changing tactics. Security leaders also need to change and keep up with the technologies accessible to a large group of people, he said.
Offensive security is transitioning from traditional penetration testing to a more continuous, technology-led approach, says Aaron Shilts, president and CEO at NetSPI. The security posture of organizations is constantly changing, making a point-in-time pen test less effective.
The enterprise adoption of AI-based large language models has created a new attack surface for adversaries to exploit, said Thomvest Ventures principal Ashish Kakran. A hacker who gains access to or tampers with the data that's been used to train the large language models could wreak a lot of havoc.
IT and OT security are more different than most realize. IT focuses on digital systems and data, and OT concerns itself with physical systems and their interconnectivity, said Dragos CEO Robert Lee. The stark differences between IT and OT security are laid bare around vulnerability patching.
A ransomware affiliate hacker known as "Bassterlord" has been involved with REvil, LockBit, Avaddon and Ransomware X. Jon DiMaggio, chief security strategist at Analyst1, convinced the hacker to talk about his hacking career in chats that might amount to the an exit interview.
Continued reliance on legacy VPNs hinders remote work performance and fails to provide users or organizations with zero trust security protection, said Netskope's Sanjay Beri. Companies often start by augmenting their VPNs to enable zero trust network access before moving to full replacement.
Bots have become an important tool for modern cybercrime. A bot is used somewhere in the attack cycle in more than three-quarters of security incidents. HUMAN Security co-founder and CEO Tamer Hassan called account takeover "the gateway drug to all other forms of fraud and abuse."
While the concept of zero trust has been around for years and has been adopted by the federal government, most small- and medium-sized businesses still don't know how to implement zero trust, said Chase Cunningham. But progress is being made - with a big focus on automation.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.