Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

Searching for: LW roundtable

 

LW ROUNDTABLE: Will the U.S. Senate keep citizens safe, vote to force China to divest TikTok?

By Byron V. Acohido

Congressional bi-partisanship these day seems nigh impossible.

Related: Rising tensions spell need for tighter cybersecurity

Yet by a resounding vote of 352-65, the U.S. House of Representatives recently passed a bill that would ban TikTok unless its China-based owner, ByteDance Ltd., relinquishes its stake.

President Biden has said he will sign the bill into law, so its fate is now in the hands of the U.S. Senate.

I fervently hope the U.S. Senate does not torpedo this long overdue proactive step to protect its citizens and start shoring up America’s global stature.

Weaponizing social media

How did we get here? A big part of the problem is a poorly informed general populace. Mainstream news media gravitates to chasing the political antics of the moment. This tends to diffuse sober analysis of the countless examples of Russia, in particular, weaponizing social media to spread falsehoods, interfere in elections, target infrastructure and even radicalize youth.

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

By Byron V. Acohido

Here’s the final installment of leading technologists sharing their observations about cybersecurity developments in the year that’s coming to a close — and the year to come.

Related: LW year-end roundtable part 1 and part 2

Last Watchdog posed two questions:

•What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization?

•What should I be most concerned about – and focus on – in 2024?

Their guidance:

Snehal Antani, CEO, Horizon3.ai

Many speculated that the ransomware attack on a Toyota supply chain player in Kojima, Japan was in retaliation for Japan’s aid to Ukraine. Nearly $400 million was lost as 28 Toyota production lines shut down.

The cyber threat landscape is evolving rapidly. Generative AI is expected to supercharge the velocity and precision of attacks. Our defensive strategies must evolve. Our success will hinge on deploying AI in a way that not only matches, but anticipates and outmaneuvers, the threat actors’ evolving tactics.

Rebecca Krauthamer, Co-founder and CPO, QuSecure

As new standards for quantum-resilient cryptography come into effect, many government agencies will move toward quantum-readiness. Cryptographic inventories need finalizing and quantum safe encryption needs to be adopted for sensitive communications and data. Consumers will begin to see their favorite applications touting “quantum-secure encryption.”

CISOs will have to get quantum resilient encryption on their

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

By Byron V. Acohido

Here’s part two of Last Watchdog’s year-end tête-à-tête with top cybersecurity experts. Part three to follow on Friday.

Related: LW year-end roundtable part 1 and part 3

Last Watchdog asked two questions:

•What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization?

•What should I be most concerned about – and focus on – in 2024?

Their guidance:

Brandon Colley, Principal Security Consultant, Trimarc Security

Some 10-year-old vulnerabilities are still wildly prevalent. “Kerberoasting” and “Golden Ticket” attacks were both introduced in 2014 and yet enterprises continue to have hundreds of accounts configured with unconstrained delegation.

In 2024 we’ll see more of the same. As we shift to hybrid workloads, identity is becoming more complex. Instead of arguing about MFA strength, VPN vendor, or nation-state treat actors, let’s finish our conversation about using dedicated administrator accounts and unique passwords.

Or Shoshani, CEO and founder, Stream Security 

As 2023 ends, we’re already seeing businesses adopting technology to diagnose and detect threats to their cloud infrastructure before they occur. In the coming year, we also expect to see organizations work to close the disconnect between their DevOps and security teams.

By empowering these teams to work more cohesively, companies will have an easier time ensuring that applications and data are protected from security threats and vulnerabilities. DevOps and security teams must work together

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

By Byron V. Acohido

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up, just as they have, year-to-year, for the past 20 years.

Related: LW year-end roundtable part 2 and part 3

With that in mind, Last Watchdog invited the cybersecurity experts we’ve worked with this past year for their perspectives on  two questions that all company leaders should have top of mind:

•What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization?

•What should I be most concerned about – and focus on – in 2024?

The comments we received were uniformly insightful and helpful. Here is part one of three groupings. Parts two and three

ROUNDTABLE: CISA’s prominent role sharing threat intel could get choked off this weekend

By Byron V. Acohido

Once again, politicians are playing political football, threatening a fourth partial government shutdown in a decade.

Related: Biden’s cybersecurity strategy

As this political theater runs its course one of the many things at risk is national security, particularly on the cyber warfare front.

Given the divergent paths of the U.S. Senate and the U.S. House of representatives, federal agencies could see funding largely choked off on Sunday, resulting in the furloughing of hundreds of thousands of federal workers.

A wide range of federal government services, once more, would slow to a crawl —  everything from economic data releases to nutrition benefits for poor children. And the Cybersecurity and Infrastructure Security Agency (CISA) may be forced to send home some 80 percent of its workforce, drastically shrinking its capabilities as a catalyst for public-private sharing of fresh

ROUNDTABLE: What happened in privacy and cybersecurity in 2021 — and what’s coming in 2022

By Byron V. Acohido

In 2021, we endured the fallout of a seemingly endless parade of privacy controversies and milestone cyber attacks.

Related: The dire need to security-proof APIs

The Solar Winds hack demonstrated supply chain exposures; the attempted poisoning of a Tampa suburb’s water supply highlighted public utilities at risk; and the Colonial Winds ransomware attack signaled cyber extortionist rings continuing to run rampant.

On the privacy front, California beefed up its consumer data privacy regulations even as Facebook and Apple publicly feuded over how each of these tech giants abuse of consumer privacy and loosey handle sensitive data.

Meanwhile, President Biden issued a cybersecurity executive order finally putting the federal government’s regulatory stamp on foundational cyber hygiene practices many organizations should have already been doing, yet continue to gift short shrift.

Last Watchdog sought commentary from technology thought leaders about lessons learned in 2021– and any guidance they might have to offer heading into 2022.

ROUNDTABLE: Cybersecurity experts reflect on 2021, foresee intensifying challenges in 2022

By Byron V. Acohido

Privacy and cybersecurity challenges and controversies reverberated through all aspect of business, government and culture in the year coming to a close.

Related: Thumbs up for Biden’s cybersecurity exec order

Last Watchdog sought commentary from technology thought leaders about lessons learned in 2021– and guidance heading into 2022. More than two dozen experts participated. Here the first of two articles highlighting what they had to say. Comments edited for clarity and length. The second roundtable column will be published on Dec. 27th.

Paul Ayers, CEO, Noetic Cyber

In 2021, large supply chain attacks successfully exploited critical vulnerabilities.  Patching is hard and prioritization is key. By mapping cyber relationships to business context, security teams can focus on a smaller number of critical assets and vulnerabilities.

The cyber industry swings back and forth between prevention and response. A renewed focus on preventative approaches, like security posture management, cyber hygiene and cyber asset management shows organizations are trying to anticipate these problems. Forward thinking security teams working to unlock siloed telemetry and generate a wider cybersecurity view of the organization.

Dr. Darren Williams, CEO, BlackFog

We’re seeing ransomware gangs morph into savvy businesses, with one going so far as to create a fake company to recruit talent. In 2022, we’ll see this trend continue to pick up steam, with greater coordination between gangs, double extortion evolving to triple extortion, and short selling schemes skyrocketing.

Additionally, we will see a shift in threat actors coming from Southeast Asia and Africa. As cyber criminals look to find cheaper labor and technical expertise, we’ll see activity pick up in these regions in 2022 and beyond.