Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Best Practices

 

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

By Balraj Dhillon

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience.

Related: Hackers relentlessly target healthcare providers

However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, store and track health data, creating numerous exposure vulnerabilities.

There are many reasons for the vulnerable state of healthcare data. One significant factor is the merger and acquisition renaissancethat the healthcare industry is undergoing, which according to a new report from Moody’s Investors Service is expected to continue.

Healthcare organizations pursue merger and acquisitions for many reasons, including improving the ability to meet patient consumerization requirements, providing more

MY TAKE: For better or worse, machine-to-machine code connections now form much of the castle wall

By Byron V. Acohido

Managing permissions is proving to be a huge security blind spot for many companies.

Related: President Biden’s cybersecurity order sets the stage

What’s happening is that businesses are scaling up their adoption of multi-cloud and hybrid-cloud infrastructures. And in doing so, they’re embracing agile software deployments, which requires authentication and access privileges to be dispensed, on the fly, for each human-to-machine and machine-to-machine coding connection.

This frenetic activity brings us cool new digital services, alright. But the flip side is that companies have conceded to a dramatic expansion of their cloud attack surface – and left it wide open to threat actors.

“The explosion in the number of human and non-human identities in the public cloud has become a security risk that businesses simply can’t ignore,” observes Eric Kedrosky, CISO at Sonrai Security.

I’ve had a couple of deep discussions with Kedrosky about this. Based in New York City, Sonrai is a leading innovator in a nascent security discipline, referred to as Cloud Infrastructure Entitlement Management (CIEM,)

SHARED INTEL: Automating PKI certificate management alleviates outages caused by boom

By Byron V. Acohido

Our Public Key Infrastructure is booming but also under a strain that manual certificate management workflows are not keeping up with.

Related: A primer on advanced digital signatures

PKI and digital certificates were pivotal in the formation of the commercial Internet, maturing in parallel with ecommerce. With digital transformation leading to a boom in the use of digital certificates, our bedrock authentication and encryption framework is at an inflection point, where the demand and adoption of automation is set to rapidly accelerate to keep up with technology requirements.

As business networks shift into the era of cloud computing and agile software, the volume of digital certificates has swelled dramatically. This scaling up of PKI has put companies in a mad scramble.

Large enterprises now typically must manage 50,000 or more PKI certificates, placing a huge burden on manual processes. This, in turn, has triggered a surge in certificate outages: some two-thirds of 400 enterprises participating in a recent survey reported certificates expiring unexpectedly – with 25 percent experiencing five to six such outages in a recent six month period.

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

By Ofer Israeli

When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home.

Related: T-Mobile breach reflects rising mobile device attacks

For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going.

Not familiar with Grand Theft Auto? Let’s try Super Mario Bros. then. As Mario makes his way through eight increasingly difficult worlds, each of them is protected by a castle. As Mario reaches the end of each castle, he can defeat Bowser.

This is not unlike the mindset of modern cyber attackers – they’re wreaking havoc and becoming pros at finding ways to get away with it.Living-off-the-land (LotL) attacks are providing a way for adversaries to stay under cover. Attackers use tools and features that are already available in the systems they’re targeting so they look like legitimate users — until they steal your crown jewels.

But you can fight back. There are several methods of active defense that companies can utilize to safeguard their networks, and it’s time for CISOs to start picking. To date, the main goal in mind has been to prevent attackers from breaching your defenses and making their way into the castle, but the reality is this approach is flawed.

Attackers will get in, it’s only a matter of time. Traditional network security solutions, such as firewalls, are not effective at detecting and stopping lateral attack movement – and that’s where the real damage is done. Many forms of access control and endpoint protection, such as EDR, are nothing more than a checkpoint that provides unfettered access once defeated – like Mario raising a flag after beating a level.

To take the analogy further, only after defeating Bowser does Mario … more

GUEST ESSAY: What everyone can — and should — do to mark Cybersecurity Awareness Month

By April Miller

With new technological advancements comes a need for heightened security measures. Plenty of criminals are searching for vulnerabilities in networks, so it shouldn’t come as a surprise that cybersecurity issues have become more prevalent.

Related: President Biden issues cybersecurity executive order

For the past 17 years, October has been designated as National Cybersecurity Awareness Month (NCSAM) to focus much needed attention on cybersecurity.

Here’s how NCSAM came to be and how to get involved, as well as tips to increase your security efforts.

NCSAM launched in 2004, at a time where technology was nowhere near where it is today. We still relied on flip phones, and broadband internet was becoming more accessible for people worldwide.

The National Cybersecurity Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) came together to help Americans feel safer and more secure while online. The start of NSCAM may have resulted from multiple Chinese cyberattacks, later called Titan Rain, on the U.S. government.

GUEST ESSAY: What it will take to train the next generation of cybersecurity analysts

By Gary S. Mullen

It is no secret that there is, and has been for some time, a shortage of trained cyber security professionals in corporate IT Security teams.  The Wharton School of the University of Pennsylvania observed that “nowhere is the workforce-skills gap more pronounced than in cybersecurity.”

Related: Deploying ‘human’ sensors’

According to data gathered by CyberSeek under a Commerce Department grant, there are currently nearly 465,000 unfilled cyber jobs across the US alone.  This shortage is significantly impacting corporate America, and it is particularly dire across federal, state and local governments.

The cyber security talent crunch has been a growing issue for many years now.  According to the 2019/2020 Official Annual Cyber Security Jobs Report sponsored by the Herjavec Group, the number of open cyber security positions has grown 350 percent from 2013 to 2021.  Cybersecurity Ventures predicts that there will be 3.5 million unfilled cyber security jobs globally by 2021.

Unfortunately, getting the hands-on experience needed to become a cyber security analyst is out of reach of many today.  In 95% of the hiring decisions being made for open positions, employers are looking for that hands on experience.

According to MIT Technology Review, fewer than one in four candidates applying for cyber security positions are qualified.

SHARED INTEL: Reviving ‘observability’ as a means to deeply monitor complex modern networks

By Byron V. Acohido

An array of promising security trends is in motion.

New frameworks, like SASE, CWPP and CSPM, seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks.

Related: 5 Top SIEM myths

And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.

Now comes another security initiative worth noting. A broad push is underway to retool an old-school software monitoring technique, called observability, and bring it to bear on modern business networks. I had the chance to sit down with George Gerchow, chief security officer at Sumo Logic, to get into the weeds on this.

Based in Redwood City, Calif., Sumo Logic supplies advanced cloud monitoring services and is in the thick of this drive to adapt classic observability to the convoluted needs of company networks, today and going forward. For a drill down on this lively discussion, please give the accompanying podcast a listen. Here are the main takeaways: