SAN FRANCISCO (AP) — A conference of Internet security experts is not for the faint of heart.
Hallway chatter and keynote speeches are peppered with scary stories of increasingly sophisticated hackers siphoning off valuable personal and corporate data.
In the words of one expert, the bad guys are outmaneuvering those responsible for keeping the wired world safe.
This despite repeated vows from CEOs and government officials to tighten security after high-profile breaches at Sony Pictures, health insurer Anthem, and retailers Target and Home Depot.
The recent wave of corporate data breaches and cyberattacks provided plenty of fodder for a weeklong cybersecurity conference in San Francisco.
Some 28,000 threat analysts, security vendors and corporate IT administrators gathered this week to talk about malicious software, phishing and other attacks that can steal money or secrets from companies and consumers.
Growing concern over cyberthreats has been good for business, driving up revenue and stock prices for many security firms.
But researchers say the dangers are real: Last year saw a record number of commercial data breaches and "denial-of-service" attacks, aimed at shutting down websites by flooding them with bogus traffic.
Here are some highlights from this year's RSA Conference, named for its chief sponsor, the RSA security division of tech company EMC Inc.
Many data breaches are the result of human error, especially people falling for bogus phishing emails, text messages or websites that appear to come from acquaintances or trusted companies.
Phishing attacks are a favored tactic of hackers working for foreign governments and criminal groups because they trick their targets into handing over passwords or clicking on links that install malicious programs.
Verizon researchers estimate one in five phishing emails were read by their targets and one in 10 persuaded someone to open an attached file. Security firm Proofpoint says middle managers are increasingly being targeted with emails containing seemingly "official" attachments such as fax or voicemail alerts.
"It only takes one person to click" on a link or attachment and put the employer's entire network at risk, said Verizon senior analyst Marc Spitler.
As for hackers, "they don't need a high rate of clicking because they can just churn out the emails."
As more home appliances are connected to the Internet, experts warn they are vulnerable to hackers intending mischief or worse. While such hacking incidents have been rare, researchers warn that manufacturers aren't considering security in connected devices.
In separate reports, experts at security firms Veracode and Laconicly said they found vulnerabilities in home systems that control lights, thermostats and garage door openers from a smartphone or other device.
While some systems use encryption and other safeguards, the tests found others were vulnerable to hackers eavesdropping on data signals and learning residents' habits, such as what time they leave the house and when they come home.
Hackers are sharing information about software vulnerabilities in a variety of industries, faster than many companies install patches to repair them, several researchers said. Cyberattackers are also increasingly using programs that can scout a computer network and change behavior depending on what defenses they encounter.
Even novice hackers can get their hands on tools to carry out sophisticated attacks. "Writing malware is not the hard part anymore. You can buy it" from other hackers online, said Ryan Olson, intelligence director at Palo Alto Networks.
One common refrain at the conference: Companies must get better at detecting and containing computer breaches once they occur, because old methods of prevention aren't working. The breaches of 2014 showed "that we're losing this contest," RSA President Amit Yoran said in a keynote speech. "The adversaries are outmaneuvering this industry."