Securing the public cloud is not as challenging as it used to be, but too many organizations are still taking the wrong approach, says Microsoft's Jonathan Trull. Understanding the shared responsibility model for security is critical, he says.
Security silos persist because stakeholders within the enterprise security ecosystem are focused on their own key performance indicators, says Abdallah Zabian of DXC Technology, who suggests a more holistic approach is needed.
The EU's General Data Protection Regulation has significantly raised privacy awareness worldwide in the brief time that it's been in force, says Rob Hinson of OneTrust. Organizations are revamping both internal and external privacy programs to meet the minimum global standard, he says.
Social media platforms have emerged as the world's most popular forms of communication. They also have become popular platforms for committing fraud. David Pollino of Bank of the West outlines what institutions should do to secure their social media presence.
Recognizing that social media create fertile grounds for fraud, the American Bankers Association now shares advice for how institutions can use these channels in ways that are compliant, smart and risk-savvy. The ABA's Denyette DePierro offers some tips.
The fundamentals of governance, risk and compliance are sorely lacking in too many organizations that are striving to improve cybersecurity, says Malcolm Palmore, an assistant special agent at the FBI.
When it comes to the internet of things, balancing the need to protect privacy against the need for technological innovation, such as to improve healthcare, is proving challenging, says attorney Jean Marie Pechette.
Randy Trzeciak, director of the CERT Insider Threat Center at CMU, says he's frequently asked: "Haven't we solved the insider threat problem?" Far from it, he responds. In fact, he's helping many organizations start insider threat defense programs. He'll be a speaker at ISMG's New York Security Summit.