Identity verification and lack of WebAuthn implementation in legacy applications and smartphones are two of the biggest challenges associated with adopting FIDO authentication. Merck Germany's Andreas Pellenghar also says the current setup of jumping to a browser to log in is turning people off.
Asia-Pacific healthcare sector organizations struggle with many of the same cybersecurity challenges as clinics in other parts of the world, including ransomware threats and denial-of-service attacks, says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.
In the latest weekly update, ISMG editors discuss important cybersecurity and privacy issues, including cybersecurity innovation in today's market, how French police nabbed notorious Finnish hacker Zeekill and whether we are in a new form of cold war - specifically, an ongoing cyberwar.
Phishing is the number one way to compromise accounts, and Google's Christiaan Brand says passkeys have emerged as a great technical solution to the issue. He wants to ensure what FIDO Alliance has built benefits and is relevant to how Google wants to see passkeys implemented for its own accounts.
Banking Trojans, ransomware, fake finance apps programmed to steal data - the cybercriminal cartels have become more punitive in 2023, escalating destructive attacks on financial institutions. This is just one key finding of the annual Cyber Bank Heists report by Contrast Security's Tom Kellermann.
Improved credit card security has forced fraudsters to look for other channels, and check fraud is proving to be an easier route for them, says Michael Diamond of Mitek Systems. Even worse, new technologies are enabling fraudsters to develop even better counterfeit checks.
APIs represent the best and worst of times - "massive amounts of business value, but massive amounts of unmitigated risk," says Richard Bird, CSO, Traceable AI. In the past year, misconfigured or error-prone APIs resulted in high-profile breaches at Twitter and T-Mobile. He sees more on the horizon.
The aim of AI in EDR solutions is to streamline the process to ensure humans are able to consume and understand the data in order to respond well, says Serge Woon, worldwide tech sales leader and co-founder at ReaQta, part of IBM. In this roundtable preview, he explains why AI is so crucial to EDR.
Security practitioners are putting cognitive psychology and customer experience at the forefront of new product development in a push for usability, says Trusona's Kevin Goldman. Getting user experience designers familiar with products allows them to speak meaningfully with the security team.
Banks are losing hundreds of millions of dollars a year to check fraud - if not more, says David Maimon, professor of criminal justice and criminology at Georgia State University. The major hurdle facing banks is that they are not able to share information with each other about fraudulent checks.
Organizations today struggle with both new attack surface challenges such as cloud configuration and exposed buckets and long-standing ones around vulnerable ports and infrastructure. CEO George Kurtz says CrowdStrike's recent purchase of Reposify will help customers defend their priority assets.
Companies can be blinded by their inside-out view and often benefit from another set of eyes that see their business the same way an attacker would, says IBM's Mary O'Brien. IBM's acquisition of attack surface management firm Randori gives clients another view of areas that need to be remediated.
Cisco plans to debut a common design language across its network and security offerings so that products such as Cisco Meraki and Umbrella will no longer look or feel different from one another, says Jeetu Patel, executive vice president and general manager for security and collaboration at Cisco.
Varonis has dedicated most of its engineering resources to SaaS since the onset of COVID-19 to provide more automation to customers, says CEO Yaki Faitelson. The company has focused on delivering robust data protection to customers without them having to dedicate hardware or personnel to the task.
Proofpoint has focused on preventing cyberattacks, but customers have increasingly asked for help with blocking lateral movement from compromised identities, says CEO Ashan Willy. Acquiring Illusive in December will help Proofpoint block identity attack paths when a user is compromised.