Insufficient vetting of vendors, funding for security, compromised passwords, malware, length of discovery, breach determination, third parties, encryption, security tools, security awareness, email messages, unauthorized use, security awareness training, penetration testing, hacking, breaching, 2015, ethical hacking, pen-testing, IT security.

2015: Five Simple Steps to Protect Corporate Data

Mr. Bejtlich and some other Washington types are pushing for more hacker prosecutions and more transparency about how the government will respond to attacks like the major breach at Sony.“Make their lives more difficult,” he says.

“That doesn’t mean we need to roll over and say, ‘Bad things are going to happen,’ ” he says. “We need to decrease the number of bad things happening.”