As they develop mitigation strategies, organizations must keep in mind that all cyber-attacks, ranging from DDoS to phishing, ultimately aim to compromise data - and they virtually all are advanced and persistent.
An organization's security is only as strong as that of its partners, says Mandiant Director Charles Carmakal, who offers insight on common attack trends emerging from recent data breach investigations.
Attacks aimed at mobile devices are progressing much more rapidly than any attacks ever waged against PCs. Organizations are in danger if they don't pay attention, says anti-phishing expert Dave Jevans.
Breach statistics for 2012 show DDoS attacks dramatically increased in all sectors, says Verizon's Dave Ostertag. "If your organization, company or agency has a presence on the Internet, you're a potential victim now."
As the Payment Card Industry Security Standards Council prepares to update the PCI Data Security Standard, malware attacks aimed at payments networks are garnering attention from fraud professionals, says the council's Jeremy King.
Providers of technologies employees acquire through unconventional channels that could bypass their employers' supply-chain controls are known as "shadow suppliers." Here's why you should care about them.
New focus for anti-fraud pros: Cloud computing providers whose employees may steal or harm customer data they host. Experts from Carnegie Mellon University's CERT Insider Threat Center offer prevention tips.
Insider threat case study: Dawn Cappelli tells how three individuals quit their jobs at a law firm, then used a free cloud service to sabotage files containing proprietary client information from their ex-employer.