There's good news and bad news about the current state of cybersecurity, according to Richard A. Clarke and Robert K. Knake, two former federal advisers who have written a new book. Learn about their concerns that cyberattacks could escalate into prolonged conflicts.

Enumerating medical devices, identifying where the security risks lie and then implementing a multilayered defense plan to mitigate risks should be top priorities for healthcare organizations, says thought leader John Halamka, M.D., executive director for technology exploration at Beth Israel Lahey Health.

When it comes to supply chain risk, many organizations overlook how dependent they are on those critical relationships, says Matt Kraning of Expanse. As a result, they are minimizing serious security vulnerabilities. Kraning offers insights on re-thinking that dynamic.

Incidents involving supply chain vendors pose increasingly significant risks to health data, says Rick McElroy of Carbon Black, who addresses "island hopping" and other emerging threats.

The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies.

The success of security operations centers will depend on how well they blend key technologies - including detection, user behavior analytics and orchestration, says Haiyan Song of Splunk, who offers strategic insights.

The relationship between American Medical Collection Agency and its laboratory clients affected by the company's data breach will be closely examined as breach-related lawsuits progress, says attorney Paul Hales, a HIPAA specialist, who explains why.

In the wake of digital transformation, there remain some organizations that - for security reasons - resist the temptation to move to the cloud. What are their objections? Zscaler's Bil Harmer addresses these, as well as the critical questions security leaders should ask of cloud service providers.

Cyber adversaries are resilient and move quickly, so it'st critical that organizations share threat intelligence in an automated way, says Shawn Henry of CrowdStrike Services. But that sharing has been hampered by a lack of understanding of why it's important and how organizations can benefit, he says.

With attackers continuing to hammer weaknesses in software, organizations must prioritize application security more than ever, says Ian Ashworth of Synopsys. Thankfully, developers and middle management - bolstered by agile methodologies and DevOps - are increasingly leading the charge.