Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: ‘Identity Management Day’ highlights the importance of securing digital IDs

By Jerome Becquart

The second Tuesday of April has been christened “Identity Management Day” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses.

Related: The role of facial recognition

Today, indeed, is a good a time as any to raise awareness about cyber exposures that can result from casually or improperly managing and securing digital identities. Here are five tips for securely managing identities across the new, hybrid work environment:

•Think granularly. The first mistake a lot of organizations make when planning their identity management strategy is not considering every identity on their network. Sure, a lot think about their users and what types of credentials they’ll need for their various systems. But what about the numerous machines on a company’s network, like mobile devices, servers, applications, and IoT devices?

Machines are dramatically increasing, and require a solution that will identify these identities, authenticate them, and then secure their interactions across the network.  IT leaders need to consider PKI-based solutions for managing their machine identities, so their IT teams can issue certificates to their machines, track what is on their network, and encrypt the communication between the devices. This will prevent falsified entities from entering the network and putting data at risk.

•Verify email. In the face of phishing threats, many companies focus their investments on anti-malware software or new technology to prevent threats from getting through. Unfortunately, some of these emails will inevitably slip through the cracks.

GUEST ESSAY: The missing puzzle piece in DevSecOps — seamless source code protection

By Rui Ribeiro

We live in a time where technology is advancing rapidly, and digital acceleration is propelling development teams to create web applications at an increasingly faster rhythm. The DevOps workflow has been accompanying the market shift and becoming more efficient every day – but despite those efforts, there was still something being overlooked: application security.

Related: ‘Fileless’ attacks on the rise

The awareness that the typical approach to DevOps was downplaying the role of security led to an evolution of this workflow, which today has come to be known as DevSecOps. This new mindset puts application security at the foundation of DevOps, rather than it being an afterthought.

In the ideal DevSecOps implementation, security controls are fully integrated into the continuous integration (CI) and continuous delivery (CD) pipelines and development teams possess the necessary skills to handle and automate several security processes.

Plain sight gaps

As companies grew into the concept of DevSecOps, they typically focused on technologies like SAST or DAST to provide an extra layer of security at the earlier development stages. These technologies help check the source code for vulnerabilities that could be exploited by attackers in a production environment. However, finding and fixing those vulnerabilities is still not enough to guarantee end-to-end protection of the source code – there is still one key missing piece.

GUEST ESSAY: Remote workforce exposures exacerbate cybersecurity challenges in 2021

By Nick Campbell

The start of 2021 brings forth a cyber security crossroads. Many people are in the process of shifting back into office operations while balancing the potential risks and benefits of remote work.

Related: Breaches spike during pandemic

For some malicious hackers and IT experts, this could represent an opening. From the known compromise vectors to the most recent threats, hackers are constantly on the lookout for new strategies to bypass IT notice, out maneuver defense setups, and take advantage of new weaknesses.

Targeting remote workers

One of the most concerning cybersecurity trends this year is closely connected to 2020. Many IT experts are warning that it won’t be long before hackers compromise several unprotected home networks simultaneously to manufacture a forceful and large-scale breach of vital services and systems.

Many employees don’t have a wide range of security protections. They’ll most likely use broadband connections for their work and for personal reasons. This increases the corporate attack surface to dangerous levels.

To minimize the chances of attack, enterprises need to double down on IAM with devices that can effectively monitor user activities, corporate connective behaviors, and resource requests in a bid to streamline sign-in. Additional authentication is also needed in case potential complications are indicated.

Ransomware and fileless malware breaches will rapidly continue to destabilize businesses in 2021. These kinds of attacks are configured to evade most detection control measures and compromise critical systems by taking advantage of the approved software and platform tools found within the corporate network.

GUEST ESSAY: ‘Cybersecurity specialist’ tops list of work-from-home IT jobs that need filling

By Scott Orr

Even before the COVID-19 pandemic turned many office workers into work-from-home (WFH) experts, the trend toward working without having to commute was clear.

Related: Mock attacks help SMBs harden defenses

As internet bandwidth has become more available, with homes having access to gigabit download speeds, a whole new world of career paths has opened for those who want to control their work hours and conditions. Maybe you want better pay, to be home near your kids or you just like the idea of avoiding the daily drive to an office. Whatever the reason, you can likely find work online.

One of the hottest fields right now on the WFH radar is the information technology (IT) sector. But you’ll first need to learn the specifics to get to work. Fortunately, there are online classes you can take to get that knowledge – and best of all, you can take them for free.  Let’s look at what’s available and how you might jumpstart a new career.

Most IT jobs require you to have some sort of experience before you can start charging enough to make them viable as full-time employment. And some are more like a side hustle or temp job.

Having said that, here are some examples of IT careers you can learn online through free courses:

Security specialist

The more we do online, the more criminals want to take advantage of us. That makes fighting cybercrime a definite growth industry. A wide range of companies, in just about every field, are adding computer security specialists. In fact, these jobs are expected to increase a whopping 31% by 2029. This job involves planning and implementing security measures for large and small companies that rely on computer networks. You will need to develop the ability to anticipate techniques used in future cyberattacks so they can be prevented.

GUEST ESSAY: How and why ‘pen testing’ will continue to play a key role in cybersecurity

By Dakota Staples

When we look at society today, we can see that we are moving further and further ahead with technology. Numerous advancements are being made at an extremely fast pace with no sign of slowing down. In fact, there is evidence that technology grows exponentially fast. Since we are quickly putting out large technologies, security risks always come with this.

Related: Integrating ‘pen tests’ into firewalls

Even large companies are not immune to this. Microsoft has had several security vulnerabilities including Zero Logon. Penetration tests are one way of mitigating the security risks that arise and make sure that we are not endangering users, their data, and the trust they inherently place in technology.

Penetration tests can be defined as the testing of a system to find security flaws in it. There are three main types of penetrations-black box, grey box, and white box which infosec institute defines. Each have various different goals and tasks.

Pen test types

Black box testing is taking the stance of an outside hacker who has prior or inside knowledge of the system. This type of test determines what is exploitable from outside the system and if the attacker is able to gain access to the system being tested.

Grey box testing is the next level of knowledge of a system. They would have access to the internal mechanisms of a system and maybe some privileges. This allows for testing of internal structures while still simulating an outsider threat who obtained internal access.

GUEST ESSAY: Everyone should grasp these facts about cyber threats that plague digital commerce

By Ashley Lukehart

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Related: Companies must bear a broad security burden.

As a business owner, you must be aware of the implications of different types of malware on your company’s bottom line, and what steps you can take to protect your company from future attacks.

This article will walk you through the various types of malware, how to identify and prevent a malware attack, and how to mitigate the risks.

What is Malware  

Malware, a combination of the terms ‘malicious’ and ‘software,’ includes all malicious programs that intend to exploit computer devices or entire network infrastructures to extract victim’s data, disrupt business operations, or simply, cause chaos.

There’s no definitive method or technique that defines malware; any program that harms the computer or system owners and benefits the perpetrators is malware.

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

By Ellen Sabin

Cybersecurity training has steadily gained traction in corporate settings over the past decade, and rightfully so.

In response to continuing waves of data breaches and network disruptions, companies have made a concerted effort and poured substantial resources into promoting data security awareness among employees, suppliers and clients. Safeguarding data in workplace settings gets plenty of attention.

Related: Mock attack help schools prepare for hackers

However, the sudden and drastic shift to work-from-home and schooling-from-home settings has changed the ball game. The line between personal and professional use of digital tools and services, which was blurry even before the global pandemic, has now been obliterated by Covid-19.

Moving forward, companies can no longer afford to focus awareness training on just employees, partners and clients. It has become strategically important for them to promote best security practices in home settings, including the training of children.

Bringing smart habits into homes and minds is good for kids, good for parents, and, it turns out, good for businesses, too.

We’re all connected

Consider that kids are constantly connected on the internet with online games, streaming devices, virtual schooling, and zoom play dates. Adults increasingly are working from home, and usually on networks they share with their children. Mistakes online by one family member can lead to compromises in a household’s network, placing computers, personal data, and perhaps even work-related content at risk.

Cyber criminals have increased attacks as they see these opportunities. Companies must take this into account and consider extending employee training to also promote security and privacy habits among all family