A new survey shows that with little money to spend on tools aimed at insider threats, most organizations have to limp along by jerry-rigging existing, and unsuitable, cybersecurity tools to do the job.
The government says it did not know about the OpenSSL vulnerability before it was publicly disclosed. But if it had known, it might not have told us, says White House Cybersecurity Coordinator Michael Daniel.
New guidelines on improving encryption tools in the wake of the Heartbleed bug offer a range of options for improving encryption, but bigger changes loom down the road.
Having a single credential that can be authenticated by a trusted authority and accepted by multiple users can reduce the attack surface by maintaining personally identifiable information at a single point.
Despite all of the fervor and money that's being directed at government cybersecurity, a more immediately effective remedy might be to tighten up on information handling processes and procedures and general data hygiene.
Open source software is not inherently more risky than proprietary, but you should be involved if you use it. “If it’s open source and it’s not secure, it’s partly your fault.”
With forecasts of more frequent, sophisticated and targeted attacks, government's best bet might be to limit the damage rather than trying to prevent the threats completely.