RSA Conference 2023 Compendium: 160+ Interviews and More

Information Security Media Group • May 24, 2023

As the largest media company at RSA Conference 2023, ISMG conducted more than 160 individual interviews with CEOs, CISOs, government leaders, investors, researchers and attorneys. This compendium covers every facet of cybersecurity, from the latest technology solutions to emerging trends.

►

Leadership & Executive Communication

How to Better Educate 'Citizen Data Scientists' on AI and ML

Latest

Card Not Present Fraud

Invoice and CEO Scams Dominate Fraud Impacting Businesses

Mathew J. Schwartz • May 29, 2023

Losses to fraud reported by Britain's financial services sector exceeded $1.5 billion in 2022, declining by 8% from 2021, says trade association UK Finance. About 40% of losses tied to authorized push payment fraud, in which victims get tricked into transferring funds to attackers.

Audit

Sports Warehouse Fined $300,000 Over Payment Card Data Theft

Mathew J. Schwartz • May 29, 2023

Online sports retailer Sports Warehouse has agreed overhaul its security program and pay a $300,000 fine to New York State after hackers stole 20 years' worth of payment card data and customer information the company was storing in plaintext on its e-commerce server.

Managed Detection & Response (MDR)

Expel, CrowdStrike, Red Canary Dominate MDR Forrester Wave

Michael Novinson • May 26, 2023

Expel, CrowdStrike and Red Canary held steady atop Forrester's MDR rankings, while Secureworks and Binary Defense tumbled from the leaders category. Providers have turned their attention from maximizing their efficacy at detecting ransomware to finding faster and better ways to respond to attacks.

Cyberwarfare / Nation-State Attacks

ISMG Editors: How Ukraine's Cyber Defenders Prepped for War

Anna Delaney • May 26, 2023

In the latest weekly update, ISMG editors discuss top takeaways from Ukraine's cyber defense success, how a European regulator suspended Facebook data transfers to the United States, and the state of the EU General Data Protection Regulation on its five-year anniversary.

Governance & Risk Management

AHA Tells HHS to 'Amend or Suspend' Web Tracking Guidance

Marianne Kolbasuk McGee • May 25, 2023

The American Hospital Association is urging federal regulators to back off from recent guidance that treats patient IP addresses as protected health information, saying that the new rules would "reduce public access to credible health information" and create hardships for doctors and hospitals.

Fraud Management & Cybercrime

OAuth Flaw Exposed Social Media Logins to Account Takeover

Prajeet Nair • May 25, 2023

A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.

General Data Protection Regulation (GDPR)

5 Years of GDPR: Criticism Outweighs Positive Impact

Akshaya Asokan , Anna Delaney • May 25, 2023

Five years after the effective date of the General Data Protection Regulation, the European Union privacy law - hailed as a way to protect the privacy of citizens in an increasingly digital world - continues to be marred by criticism over its lack of effectiveness and uneven implementation.

Leadership & Executive Communication

Profiles in Leadership: Michael D'Ambrosio

Michael Novinson • May 24, 2023

Organizations lack visibility into their network and assets to fully understand their threat and risk exposure, said Liberty Strategic Capital's Michael D'Ambrosio. The trend of accessing corporate networks from remote locations has made it tough for businesses to know what's on their network.

Cybercrime

State-Aligned Actors Targeting SMBs Globally

Prajeet Nair • May 24, 2023

State-aligned hackers are increasingly targeting small and medium-sized businesses worldwide, as SMBs are more likely to be under-protected against cybersecurity threats such as phishing campaigns, according to a new report by cybersecurity firm Proofpoint.

Next-Generation Technologies & Secure Development

CyberArk CEO Touts New Browser That Secures Privileged Users

Michael Novinson • May 24, 2023

CyberArk's new Secure Browser prevents adversaries from harvesting the credentials of privileged users who are accessing sensitive web applications. CEO Matt Cohen said this solution will help thwart attackers who are hijacking sessions on consumer-grade browsers through the use of cookies.

General Data Protection Regulation (GDPR)

EU Committee Probes TikTok, UK's Updated GDPR

Akshaya Asokan • May 23, 2023

European Union lawmakers have criticized the British government's updated privacy bill over concerns that it fails to adequately protect European citizens' fundamental rights. Lawmakers also heard from the Irish data authority on the status of its pending TikTok inquiry.

Cryptocurrency Fraud

Sharp Decline in Crypto Hacks in Q1 2023 Unlikely to Last

Rashmi Ramesh • May 23, 2023

Law enforcement and regulatory action over the past year in the United States most likely dissuaded hackers from stealing cryptocurrency, making the amount stolen in the first quarter of the year the lowest compared to each of the four quarters in 2022, TRM Labs said.