Organizations across sectors have come to understand the inherent security risks posed by third-party vendors. But too many approach vendor risk management with a manual process, says Daniel de Juan of Rsam.

Ari Schwartz, former special assistant to the president and senior director for cybersecurity in the Obama administration, sizes up what cybersecurity actions the Trump administration could take.

Card-not-present fraud skyrocketed in 2016, jumping 40 percent from 2015, according to new research, says Al Pacqual of Javelin Strategy & Research, who analyzes the reasons why.

Organizations are increasingly turning to user behavioral analytics to help more quickly detect new attacks - emanating from inside or outside the enterprise - as well as mitigate those threats, says CA's Mark McGovern.

Major healthcare breaches involving hackers accessing patient information soared in 2016. But now more cybercriminals are shifting their attention to ransomware attacks because of the glut of stolen health information hitting the black market, says Dan Berger of CynergisTek.

As more IoT devices are compromised to wage large-scale attacks, related litigation and regulatory scrutiny will grow, which means device manufacturers - and users - could be held more accountable, says Richard Henderson, global security strategist at Absolute.

Increasing regulatory oversight is overwhelming smaller banks and credit unions, pushing them to continue to focus more on compliance than overall cybersecurity and resilience, says Sean Feeney, CEO of Defense Storm.

Staying current in threat detection is key, which is why more security companies need to embrace a more open way of thinking when it comes to solutions integration, says Christopher Kruegel, CEO of Lastline.

A pending federal regulation - called for under the HITECH Act - that would allow regulators to share with breach victims money collected in HIPAA violation cases eventually could have implications for class-action breach lawsuits, says privacy attorney Adam Greene.

Because most malware is spread via phishing, experts at Webroot are focusing their attention on stopping phishing attacks before they have a chance to infect a system with malicious code, says David Dufour, the company's senior director of engineering and cybersecurity.