A selection of the top articles and videos from the last week on SecuritySenses.com. Don't forget to check back regularly for daily updates from around the globe.
If you like SecurityBuzz, why not forward it to some friends or share the online version?
Today, corporate and business networks have drastically evolved — our data spans multiple locations, cloud vendors, and a growing number of endpoints. Traditional security, once reliant on protecting organizations from the perimeter and trusting devices inside the network, has become less effective. Adding to the complexity, the work from home (WFH) model is being embraced by many organizations as they adapt to a rapidly shifting business climate. Corporate Bring Your Own device (BYOD) initiatives are also much more commonplace.
Confidentiality, Integrity, and Availability. These are the three core components of the CIA triad, an information security model meant to guide an organization’s security procedures and policies. While people outside the information security community might hear the phrase CIA Triad and think “conspiracy theory,” those in the cybersecurity field know that the CIA Triad has absolutely nothing to do with the Central Intelligence Agency and everything to do with keeping your organization's data, networks, and devices safe and secure.
Can you recall exactly how good or bad your vision was following your last eye exam? Most of us can’t. A casual poll around the office showed that many people focus only on whether our eye doctor says we need an updated prescription for glasses or contacts. Often, we walk away with a new script but without a clear understanding of our overall eye health, i.e., whether our eyesight got better or worse since the previous visit.
The digital shift is creating security challenges for the FSI. Learn how Synopsys tools and services can help get your security program back on track. Banking isn’t what it used to be—which means banking security can’t be what it used to be either. Keeping customers’ assets safe is no longer a matter of locking the massive door of a vault and keeping watch with some security cameras. The threats to security come from computer keystrokes, not masked men with guns. Indeed, both the players and the landscape have changed. Hardly any bank is just a bank anymore. And entities that aren’t banks are invading turf that we all used to think was owned by banks.
In this blog, you will learn how monitoring data from your Kubernetes environments can be used to detect indicators of a compromise in Kubernetes. Securing Kubernetes is challenging: Configuration flexibility, large clusters, ephemeral containers, and an ever-growing services ecosystem produce complex environments that open up your attack surface. Adversaries get an advantage because complexity is a natural enemy of security. You not only have to watch for misconfigurations that can facilitate attacks, but also for anomalous activity that hides behind the complexity.
Healthcare organizations still seem to think that blocking all access to unapproved cloud storage or cloud collaboration tools means that they’re preventing leakage of sensitive information. But as the old saying goes, “Data flows like water.” Eventually, it’s going to find the holes and escape. Even if a healthcare IT system has water-tight data controls, that’s not the only goal within the organization—and not even the most important one. When blocking prevents a clinician from doing their job to the best of their abilities, data is especially hard to contain.
Organizations are under tremendous pressure to deliver innovative products and stick to tight release timelines. To keep up with the rapid release schedule, engineering teams are adopting the DevOps model for its increased efficiency and agility. It has changed the way that development teams think. As a result, continuously improving performance and delivering releases faster have become standard.
Healthcare is no longer confined to the doctor’s office, clinic, or hospital. Today, networks of health technologies power connected digital ecosystems that have transformed care. These ecosystems have been growing and evolving for years, yet the pandemic has proved them to be an essential lifeline and distinct competitive differentiator. Now, with the greater public adopting and celebrating digital healthcare services, the importance of a well-strategized and implemented digital health ecosystem is business-critical. The result within healthcare’s competitive market is a race for digital enablement and innovation.
Cybersecurity specialists have noticed several troubling trends over the past year, ransomware being one of the most concerning. While this is far from a new issue, it’s now more common than ever before. Every month in Q2 2021 set a new record for ransomware attempts, contributing to a 151% year-over-year increase compared to 2020. Cybercrime has risen in the past year, but ransomware attacks are outpacing other forms. For example, malware fell by 24% in the same timeframe that ransomware more than doubled. Ransomware is driving the surge in overall cybercrime, not the other way around.
According to FBI Director, Christopher Wray, when it comes to ransomware disruption and prevention, “...there’s a shared responsibility, not just across government agencies but across the private sector and even the average American.” At Elastic, we’re here to help state and local governments. Ransomware attacks cost the U.S. government more than $18.9 billion in 2020 alone. By taking a proactive security approach, state and local IT teams can make damage from ransomware a thing of the past.
Open source packages play a critical role in modern software development, fueling the rapid pace of development we’re witnessing all around us. For a developer looking to introduce new functionality into his application, it simply doesn’t make sense to reinvent the wheel. Why not simply install a package that someone else has already invested the time in building and that provides the exact same functionality?
On the countdown to a new release, every second counts to snap up those limited-edition new kicks or sought-after concert tickets. Online attackers know that when deploying bots to gain a competitive advantage, without masking their activity it’s a matter of time before their activity is blocked by the target eCommerce platform. Industries are becoming more and more alert to bots and their ever-increasing sophistication. In a constant game of cat and mouse, threat actors in turn become savvier to the traditional defenses businesses might set up to try to block automated activity. Hustlers will hustle, infuriating but true.
While it’s difficult to imagine our modern business lives without mass storage devices, printers, scanners, and cameras, each USB connection can be a serious risk for an organization’s security. USB devices can be infected with malware that attacks your corporate system once a device is connected. Such attacks can result in the theft or compromise of sensitive data, damage to your infrastructure, or even damaged machines. Have you already included USB devices in your corporate security policy? How do you protect your corporate computers from infected USB devices? Let’s look closer at the most common types of USB drive dangers and ways to secure your organization from them.
Financial institutions are one of the most heavily regulated industries around, and for good reason. Access to the personal information and funds of their customers makes banks a popular target with hackers, and a dangerous location for a cybersecurity breach. With all of the regulations a bank needs to obey, it’s possible you may have overlooked the Payment Card Industry Data Security Standard, or PCI DSS.
A risk assessment is a multi-step process that catalogs all the potential threats to your business. In the same way a person might check the air pressure in a car’s tires or that the office elevator was recently serviced, CISOs should conduct regular risk assessments. Consider it a part of your standard safety management routines. A cybersecurity risk assessment focuses on risks (both internal and external) related to information systems, data, and sensitive information, as well as the preventive control measures associated with each.
HSM stands for hardware security module. HSMs are hardware devices. They can be quite small and plugged into the main board of a computer, or they sit side by side in a server rack. They store sensitive data such as private keys. HSMs do not allow you to read that sensitive data back; instead, they expose only cryptographic operations like signing of certificates or encrypting data. This provides stronger protections for storing private keys compared to disks or databases. Even if an attacker gains remote access to a computer system with an HSM, they will not be able to read a private key.
We are familiar with quantum computing; know that it enables devices to do computations at an utterly inconceivable rate. It facilitates incredible advancements in technology. Ironically, quantum systems can make modern impenetrable cryptography hackable within seconds. Currently, quantum computers pose a high threat to the cryptography that underlies the safety of crucial networks.
The Internet of Things (IoT) is a growing concern for today’s digitally-focused businesses. Every connected device you own can add another security concern to your list. If it collects and stores personal information and data, you’ve just added another attractive target for criminals to access your network. In fact, 57% of IoT devices are vulnerable to medium or high-severity attacks. This alarming statistic highlights the need for robust IoT security plans that ensure the safety of networks and mitigate potential threats presented by IoT connected devices.
Usually, when it comes to cybersecurity spending, people tend to try to calculate risk, savings on breach costs, compliance gaps, reputation costs. Those are all very relevant, but it turns out that for the business, one of the most important aspects of cybersecurity is speed. Below are five different aspects of speed by which a cybersecurity solution (e.g. a SIEM) should be evaluated.
In this episode of AppSec Decoded, we discuss the major open source trends identified within the 2021 OSSRA report. The explosive growth of open source is not new. Developers have been using this collaborative method of building software applications to meet the market demands for quality and speed for many years. Synopsys has conducted research on trends in open source usage with commercial applications since 2015. It releases an annual report of its findings with the aim of helping developers better understand the interconnected software ecosystem they work in.
With the changing tech landscape, v8 of CIS critical security controls presents a more consolidated approach that replaced CIS Top 20 released a while ago.
Cybercrime is one of the most significant threats facing companies today. With the average cost of a data breach reaching an all-time high of $4.24 million , the business case for cybersecurity has never been stronger. Still, some businesses seem to misunderstand the urgency of meeting current cybersecurity standards. It may help to consider the legal consequences of poor cybersecurity. While the United States has no comprehensive nationwide cybersecurity law, American companies can still face legal trouble if they fail to meet certain standards. Various state, industry, and international regulations still apply to many businesses.
Every once in a while, an industry term will get overused by marketing to the point of becoming a cliche. I think “Zero Trust” may have reached this threshold. In some ways, I understand why this is happening. Security perimeters have become obsolete as people use mobile devices and cloud applications to work from anywhere. Zero Trust deployment — moving all your apps and data to the cloud and assuming no user or device is trustworthy until proven otherwise in order to gain access — has been rapidly introduced as a result of the pandemic.
No company is free from risks and vulnerabilities. No matter how robust the digital infrastructure or how strict the cybersecurity measures are, some level of residual risk will always remain. That’s why many organizations include penetration testing in their risk assessment and security program. Security professionals perform penetration tests — essentially, pretending to be a hacker forcing his or her way past cyber defenses — to understand an organization’s infrastructure and identify potential risks and vulnerabilities.
Inappropriate levels of access granted to employees, contractors, and partners is the leading cause of data loss, theft, and breaches. The number of external attacks has grown significantly in the last few years, and the sophistication of those threats has increased exponentially. The primary reason is cybercriminals’ use of new and emerging technologies, such as artificial intelligence (AI) and machine learning (ML).
The Elastic Infosec Detections and Analytics team is responsible for building, tuning, and maintaining the security detections used to protect all Elastic systems. Within Elastic we call ourselves Customer Zero and we strive to always use the newest versions of our products. In this series of blog posts we will provide an overview of our architecture, what data we send to our clusters, how and why we use Cross Cluster Search (CCS) with the Security and Machine Learning (ML) applications, and how we tune, manage and notify analysts for those alerts.
Does the SOC really need to be disrupted? In an EY survey, 59% of enterprises admitted experiencing a material or significant breach. Despite the fact that SOC spend dominates an organization’s cybersecurity budget, more than half of these SOCs were actually ineffective in protecting their organizations from attacks. At the Modern SOC Summit, Girish Bhat, Vice-President of Security, CI & Platform Marketing at Sumo Logic, hosted an in-depth discussion with DJ Goldsworthy, Global Director Security Operations and Threat Management at AFLAC, about the current issues facing security operations and whether disruption or evolution is the best path forward.
Testing practices have been shifting left in the software development process due to the growing challenge of developing and delivering high-quality, secure software at today’s competitive pace. Agile methodologies and the DevOps approach were created to address these needs. In this post, we’ll map out the basics of shift left practices in the DevOps pipeline, and how you can shift left your open source open source security and compliance testing.
Yesterday, the Biden Administration called upon leaders from Amazon, Apple, Google, IBM and Microsoft as well as other private and non-profit organizations to discuss crucial measures for improving the overall cybersecurity posture of the United States. (This follows an Executive Order , which we wrote about in May, outlining a 100-day initiative to improve the security of the modern software supply chain ). One line in particular jumped out at me within yesterday’s new memo : “ the biggest issue the United States has is that nearly half a million public and private cybersecurity jobs remain unfilled