Leading the latest edition of the ISMG Security Report: Microsoft's Joram Borenstein highlights his top three areas of focus for 2019. Plus, Randy Vanderhoof of the US Payments Forum on securing card transactions in the coming year.
With the Cosmos bank attack still fresh in memory, some security experts are urging the Reserve Bank of India to take immediate steps to upgrade the security capabilities of banks. For example, they want banks to do away with user-based one-time passwords delivered via text messages.
The latest version of the NIST Cybersecurity Framework - Version 1.1 - includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology.
In an interview, Rohas Nagpal, a chief architect at Primechain Technologies, describes how blockchain can be used for authentication and pinpoints areas where blockchain is not the ideal technology. He'll be a featured speaker at ISMG's Security Summit in Mumbai Thursday.
A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over. The exposed database, which wasn't protected by a password, contained 26 million text messages, many of which were two-step verification codes and account-reset links.
As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight? Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative.
Identity and access management is not about compliance anymore - It's really about security, says Gartner's Felix Gaehtgens. With cloud, virtualization, DevOps and other IT trends, IAM has evolved from being a one-off project to an ongoing initiative.
Attention admins: If you use libSSH - one of the open-source flavors of Secure Shell, or SSH - patch now. The advice follows the disclosure of a vulnerability that one expert, Paul Ducklin of Sophos, terms "comically bad."
Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers.
The issue of access management and vulnerable software applications has come back to haunt the Unique Identification Authority of India which manages the Aadhaar database containing biometrics and personal information of over 1 billion Indians.
Security technology innovations entering the market are getting attached as features to an infrastructure that is fundamentally broken and an enforcement model that cannot operate in real time, says Matthew Moynahan, CEO at Forcepoint.
Intelligence adaptive authentication represents the latest advance in authentication and risk analysis - with a dose of machine learning - to help organizations authenticate users and battle fraud in real time, says OneSpan's Will LaSala.
Security thought leaders have long called for organizations to shift from a conventional "peacetime" view of cybersecurity to more of a "wartime" mindset. Aetna CSO Jim Routh now says it's time for enterprises to shift from conventional to unconventional security controls.
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.