Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

Best Practices

 

DEEP TECH NEWS: Sophos X-Ops advances threat intelligence sharing to the next level

By Byron V. Acohido

Threat intelligence sharing has come a long way since Valentine’s Day 2015.

Related: How ‘Internet Access Brokers’ fuel ransomware

I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies.

Obama’s clarion call led to the passage of the Cybersecurity Information Sharing Act, the creation of Information Sharing and Analysis Organizations (ISAOs) and the jump-starting of several private-sector sharing consortiums.

Material progress in threat intel sharing, indeed, has been made. Yet, there remains much leeway for improvements. I had the chance to discuss this with Christopher Budd, director of Sophos X-Ops, the company’s cross-operational task force of security defenders.

Budd explained how Sophos X-Ops is designed to dismantle security silos internally, while also facilitating

GUEST ESSAY: How to mitigate the latest, greatest phishing variant — spoofed QR codes

By Allen Lieberman

QR code phishing attacks started landing in inboxes around the world about six months ago.

Related: ‘BEC’ bilking on the rise

These attacks prompt the target to scan a QR code and trick them into downloading malware or sharing sensitive information.

In June, we started seeing these types of attacks amongst our customer base. Since June, there has been a fourfold increase in the search volume around keywords associated with these types of attacks.

Within the last week we have identified 655,0000 QR codes for our customers, of which 1,000 contained suspicious text and 8,000 came from a domain with a low rank (a freemail or a new email address, which are both flags for malicious senders). This is a true reflection of the attack landscape.

Scans slip through

These attacks are so successful because many traditional email security tools focus only on text-scanning, allowing image-based attacks to slip through. When attacks reach the inbox, users have a natural reaction to “scan the code,” assuming it’s legitimate.

When they do, many users don’t have any apprehensions around scanning QR codes because the assumption is

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

By Neil Taurins

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority.

Related: SMBs too often pay ransom

Small businesses, including nonprofit organizations, are not immune to cyberattacks. The average cost of a cybersecurity breach was $4.45 million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks in 2020, according to the Small Business Association.

Nonprofits are equally at risk, and often lack cybersecurity measures. According to Board Effect, 80% of nonprofits do not have a cybersecurity plan in place.

Given the risk involved, small businesses and nonprofits must consider prioritizing cybersecurity policies and practices to stay protected, retain customers, and remain successful. Financial information is one of the most frequently targeted areas, so it’s crucial

RSAC Videocast: As network perimeters shift and ecosystems blend, the role of MSSPs solidifies

By Byron V. Acohido

Deepening interoperability of AI-infused systems – in our buildings, transportation grids, communications systems and medical equipment — portend amazing breakthroughs for humankind.

Related: The coming of optical infrastructure

But first businesses must come to grips with the quickening convergence of their internal and external computing resources. And that’s no small task.

I had the chance to discuss this with Shinichi Yokohama, NTT Global CISO and John Petrie, Counselor to the NTT Global CISO, at RSA Conference 2023. It was a rare opportunity to get the perspective of senior executives responsible for protecting a Fortune 100 global enterprise.

We discussed how the boundaries between in-company and out-of-company IT infrastructure have become increasingly blurred making network security more challenging than ever. For a full drill, please view the accompanying videocast. Here are a few takeaways:

A converged ecosystem

Cloud migration and rapid software development were both on a rising curve when Covid 19 hit and the global economy suddenly shut down in 2020. As companies adjusted in the post pandemic operating environment, Internet-centric services rose to the fore.

This accelerated the convergence of on-premises and cloud-hosted IT infrastructure. Today, data storage and processing power are prominently

STEPS FORWARD: Can ‘CNAPP’ solutions truly unify cloud, on-premises best cybersecurity practices?

By Byron V. Acohido

A fledgling security category referred to as Cloud-Native Application Protection Platforms (CNAPP) is starting to reshape the cybersecurity landscape.

Related: Computing workloads return on-prem

CNAPP solutions assemble a varied mix of security tools and best practices and focuses them on intensively monitoring and managing cloud-native software, from development to deployment.

Companies are finding that CNAPP solutions can materially improve the security postures of both cloud-native and on-premises IT resources by unifying security and compliance capabilities. However, to achieve this higher-level payoff, CISOs and CIOs must first bury the hatchet and truly collaborate – a bonus return.

In a ringing endorsement, Microsoft recently unveiled its CNAPP offering, Microsoft Defender for Cloud; this is sure to put CNAPP on a rising adoption curve with many of the software giant’s enterprise customers, globally. Meanwhile, Cisco on May 24 completed its acquisition of Lightspin, boosting its CNAPP capabilities, and Palo Alto Networks has continued to steadily sharpen its CNAPP chops, most recently with the acquisition of Cider Security.

At RSA Conference 2023, I counted at least 35 other vendors aligning their core services to CNAPP, in one way or another;

GUEST ESSAY: Taking a fresh approach to privileged access management — to curtail abuse

By Ravi Srivatsav

To be productive in an interconnected work environment, employees need immediate access to numerous platforms, both on- and off-premises.

Related: Why SMBs need to do PAM well

Keeping track of user activity and effecting proper on- and off-boarding are becoming more and more difficult, even as unauthorized access via unused, expired, or otherwise compromised access credentials has become the number one cybersecurity threat vector.

Some nine out of ten cyberattacks are estimated to begin with a threat actor gaining unauthorized access to a computer system via poorly managed access credentials.

The sophistication of cyberattacks is perpetrated through unused, old, expired, and otherwise mismanaged access credentials are increasing by the minute, at the same time as it’s becoming challenging to respond to these attacks in an organized and timely manner.

Context needed

Organizations that are used to workflow-based access systems or ticket-based systems, i.e. traditional Privileged Access Management (PAM,) must now make a big cultural shift. PAM enables granular access and monitors, detects, and alerts instances of unauthorized access through policy guardrails.

However, while PAM and other legacy access management systems do alert to unauthorized access, these warnings lack a clear picture of the user’s intent and the context behind the alert.

News Alert: ThriveDX’s Cyber Academy for Enterprise meets talent shortage, promotes inclusion

Miami, Fla. – June 20, 2023 –  ThriveDX, the leader in cybersecurity and digital skills training, today announced the official launch of its new Cyber Academy for Enterprise. This innovative solution, part of the company’s Human Factor Security suite, empowers organizations to reskill and upskill employees for cybersecurity positions while also attracting diverse external candidates, simultaneously addressing the growing talent and diversity gaps in the cyber industry.

Cyber Academy for Enterprise is more than a cybersecurity training program – it’s a complete solution that enables businesses and government agencies to cultivate their internal talents while simultaneously attracting diverse external candidates for cybersecurity positions.

Designed for an end-to-end cybersecurity learning journey, the program offers pre-training screening, intensive training, and post-training matching to facilitate an efficient talent acquisition and development process.

“The cybersecurity talent shortage and lack of diversity, is one of the biggest challenges of human resources and cybersecurity leaders. Effective reskilling of employees demands considerable investment, and recruiting diverse talent requires a comprehensive understanding of