A survey of 1,600 chief information security officers found that more than two-thirds of them (68%) expect a “physical cyberattack” on their organizations in the next 12 months.

The survey, which forms the basis of the annual “Voice of the CISO report” by Proofpoint, an enterprise security company, showed a clear shift among security chiefs in attitudes toward future threats to their organizations. Just 12 months ago, less than half of CISOs (48%) saw a cyber attack on their horizon.

This apparent change suggests that security professionals see the threat landscape as heating up once again, the report noted, and they have readjusted their concern levels to match.

“As we emerged from the pandemic, security leaders realized they were able to implement more long-term controls to protect their work environment, so there was a sense of peace,” said Lucia Milica Stacey, Global Resident CISO at Proofpoint.

“However, as the volume of attacks continues to rise, along with geopolitical tensions and global economic uncertainty, a lot of the optimism is gone,” he told TechNewsWorld.

reasons for pessimism

According to security experts, several factors may be contributing to CISOs’ concerns about rising cyber attacks.

“New vectors of attack continue to emerge – software supply chain compromise, third party and SaaS systems involving APIs, AI-related security risks – each requiring new defensive strategies and skills,” said Carl Mattson, CISO of Nonum Security , a provider in Palo Alto, Calif., of a cloud-native API security platform.

“Meanwhile, traditional threats like ransomware or web application attacks are never going away,” he told TechNewsWorld. “With security budgets and staffing levels remaining largely flat, the stage is set for greater risk exposure this coming year.”

The proliferation of endpoints in the enterprise also gives CISOs increased cause for alarm.

Darren Guccione, CEO of Keeper Security, a password management and online storage company, said, “IT leaders are finding it increasingly difficult to gain comprehensive visibility, security, compliance and control to protect every employee, on every device, from every location. ” in Chicago.

“The expanding attack surface specifically related to cyberattacks is on the rise and IT security teams are competing for talent as macroeconomic conditions tighten budgets,” he told TechNewsWorld.

Adoption of the model as a service by threat actors increases the likelihood of an organization being attacked over the next 12 months. “Phishing as a service and ransomware as a service enable a significant increase in the number and scale of cyber attacks,” explained Avishai Avivi, CISO of SafeBreach in Tel Aviv. , Israel.

“At that point, it becomes a statistical reality,” he told TechNewsWorld. “The more attacks, the more likely an attack is to succeed.”

insider threat to data

Proofpoint also reported that CISOs believe employee turnover poses a risk to data security. More than eight out of 10 security chiefs (82%) told researchers that employees leaving their organization contributed to a data loss incident.

“Resource constraints and large staff turnover are likely underlying reasons for the high percentage of CISOs concerned about the loss of sensitive data due to employee turnover,” Stacey said.

The report said the two sectors most affected by turnover were retail (90 per cent) and IT, technology and telecommunications (88 per cent).

These trends leave security teams with a nearly impossible challenge, it continued. When people are gone, it’s hard to stop them from taking data.

Some organizations require written guarantees from former employees that they will delete all company data. Others threaten potential employers with potential liability if an employee shares any data from their old job. But none are even close to being a satisfactory solution.

“Many employees, upon their departure, try to take some aspect of their job with them,” said Daniel Kennedy, research director of information security and networking at 451 Research, which is part of S&P Global Market Intelligence, a global market research company. Is.

“For vendors, this could be contact or customer account information. For other employees, it could be a form of intellectual property, models they worked on or code, for example,” he told TechNewsWorld.

“When I was a CISO,” he recalled, “I was definitely concerned with the hits on our various data loss platforms and departing employees. I could usually predict when someone was going to resign based on their behavior. going to give

changing narratives

The growing concern of CISOs about insiders contributing to data loss represents a departure from previous thinking on the subject.

“The recent shift from ‘it is wrong to distrust employees’ or ‘we hire the best people’ to ‘we have to expose ourselves to all kinds of threats’,” said Saurya Biswas, technical director of risk management and governance. There is a change in the thinking of ‘to be protected from’.” At NCC Group, a global cyber security consultant.

“Recent US defense leaks by insiders Jack Teixeira, Chelsea Manning and Edward Snowden may have helped shape this narrative,” he told TechNewsWorld. “It’s not the prevalence of malicious insider trading that has changed, but the awareness around it.”

The level of employee mistrust displayed in the survey probably says something more about a company’s overall culture, maintained Daniel Schwalbe, CISO of DomainTools, an Internet intelligence company in Seattle.

“But it can also be attributed to the rise in remote working, which makes some CISOs feel like they are losing visibility into where their data ends up,” he told TechNewsWorld. “The current realities of a remote workforce have thrown pre-pandemic corporate networks out the window.”

Call for Cyber ​​Resilience

Proofpoint’s report also found that most organizations are likely to pay the ransom when affected by ransomware. Three out of five CISOs (62%) surveyed believed their organization would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months.

CISOs’ organizations were increasingly relying on insurance to shift the cost of their cyber risks, the report said, with 61% saying they would claim cyber insurance to recover losses incurred in various types of attacks .

“Over the past five years, there has been a general incentive for cyber insurers to pay the ransom and have the cost covered by their premiums,” said Chris Cooper, CISO and a member at Six Degrees, a cyber security consultancy in London. ISACA Emerging Trends Working Group.

“Fortunately, this is changing, as paying the ransom only instigates incidents,” he told TechNewsWorld.

“There is also growing evidence that some groups are coming back for a second bite at the cherry,” he added.

Ryan Kalumber, executive vice president of cyber security strategy at Proofpoint, urged security chiefs to remain steadfast in protecting their people and data despite the challenges they face.

“If the recent devastating attacks are any indication, CISOs have an even more difficult road ahead, especially given uncertain security budgets and new job pressures,” he said in a news release. “Now that they have returned to a higher level of concern, CISOs must ensure they focus on the right priorities to lead their organizations toward cyber resilience.”

Like a persistent piece of malware that your antivirus product can’t wipe out, the annual RSA Cyber ​​Security Conference was back with a vengeance this year. But while the malware example is inherently malicious, the industry event seemed to stir goodwill and a positive message for the cybersecurity industry, starting with its theme for the year: “Stronger Together.”

Similar to many face-to-face industry events, RSA languished during the height of the pandemic, turning to an online-only presence as the Covid outbreak spread. But from April 24 to 27, San Francisco’s Moscone convention complex reignited again as the center of the cyber security universe. The sponsoring organization reported that this year’s conclave — its 32nd annual event — attracted “more than 40,000 attendees, including 650+ speakers, 500+ exhibitors and 500+ members of the media.”

This year’s event featured a host of distinguished speakers, including current and former elected and appointed officials from numerous foreign and domestic government agencies, as well as highly respected academics and researchers, and representatives from dozens of commercial and non-profit security organizations.

There were also some celebrity guests on hand, including comedian and actor Eric Idle, best known as co-creator of the famed comedy troupe Monty Python, and eight-time Grammy Award-winning country western star Chris Stapleton.

Rising Cybercrime Affects Security Industry Outlook

The mood was decidedly more upbeat than last year’s RSA conference, which scaled back to in-person attendance but drew just 26,000 visitors and saw layoffs among tech companies both in and around the cybersecurity field. And was impressed with the cut report.

What a difference a year makes. Describing the 2023 event, RSA Conference Senior Vice President Linda Gray Martin said, “The excitement and enthusiasm was felt in and around the RSA Conference throughout the week.” Given the enthusiasm of the crowded press and exhibitors, the exaggeration seems justified.

Driving the resurgence of attendance and interest in this quintessential security event was increased awareness of increasingly sophisticated threats, including new forms of ransomware and malware, and the nascent challenges and opportunities presented by generative AI and open source.

As always, RSA provided a convenient milestone for the release of new security products and services, as well as reports and insights focusing on the evolving threat landscape. Several reports published during the event highlighted vertical industries that are particularly at risk, including manufacturing, healthcare and finance.

AT&T Business released its 12th annual Cyber ​​Security Insights Report on RSA, filled with findings from its survey of 1,400 security practitioners in North and South America, Europe and Asia. Respondents were limited to organizations that have implemented “edge use cases” that include the integration of new technologies such as 5G, robotics, virtual reality and/or IoT devices. Not surprisingly, they found these respondents to be under constant threat of attack.

However, with the notable exception of the US SLED (state and local government and education) market, most of those surveyed were more concerned about incidents of distributed denial of service (DDoS) attacks and business email compromise (BEC) fraud rather than ransomware. . and other types of malware, or advanced persistent attacks (APTs).

The results may indicate that security professionals in edge-intensive industries, many of which are considered part of the critical infrastructure of their respective nations, are clearly out of touch with the magnitude of the threats they pose, including state-sponsored attacks. they are facing.

As the report’s authors conclude, “The use of cyber as a geopolitical weapon has forced government regulators and security leaders to become increasingly aware of the potentially devastating nation-state cyberattack. Yet the U.S. Construction management in SLED, and fleet tracking in transportation, are just the use cases for which nation-state cyberattacks crack the top three in perceived likelihood.

Another report released at the RSA event by cybersecurity vendor BlackBerry, its second quarter Global Threat Intelligence report, also showcased a number of specific industries that are drawing heavy fire from cybercriminals. These include healthcare, which encounters an average of 59 new malicious samples per day, including a growing number of new Emotet variants, according to the report.

BlackBerry also found that attacks against government entities, manufacturing and critical infrastructure were targeted by “sophisticated and sometimes state-sponsored threat actors, engaging in espionage and intellectual property operations”.

The company’s newly named CylanceIntelligence cyberthreat intelligence (CTI) subscription service, formally announced during RSA, reported that “crimeware and commodity malware are also frequently found in these critical industries.”

For a more in-depth look at BlackBerry’s findings, please watch the video interview with Ismael Valenzuela, the company’s Vice President of Threat Research, that I conducted during RSA. (Note: In addition to reporting for TechNewsWorld and other media outlets, I also serve as editorial director for BlackBerry.)

AI gets VIP treatment

Much of the discussion and subsequent coverage surrounding RSA 2023 involved the use of artificial intelligence (AI) as an increasingly powerful tool in the hands of both attackers and defenders.

While AI has been around in various forms for decades, its most notable success has been at the box office, usually playing Hollywood villains. Ever since the murderous HAL 9000 debuted in Stanley Kubrick’s 1968 screen adaptation of Sir Arthur C. Clarke’s “2001: A Space Odyssey”, AI has been largely typecast as a homicidal bogeyman in popular fiction. Is.

IBM’s Watson has worked hard to demonstrate more benign uses and behaviors of the technology, even to the extent of appearing as a contestant on “Jeopardy” in 2011. But the most recent and rewarding commercial acceptance of AI has come at the hands of leading cyber security vendors. CrowdStrike and Silence (acquired by BlackBerry in 2018).

Today, AI is practically a checklist item for endpoint security solutions, rapidly displacing older signature-based malware detection. However, the commercialization of generative AI tools using large language models (LLMs) such as ChatGPT in the past year has brought AI into the mainstream in ways Watson only dreamed of, impacting the technology’s usefulness across many fields of endeavor. Precisely exposed and fast tracked.

As predicted by many, one of the first malicious uses of these widely available AI tools has been to improvise phishing lures. Another report released in RSA, Zscaler’s 2023 ThreatLabz Phishing Report, confirms that AI tools like ChatGPT can improve phishing hit rates, ultimately making it easier to steal credentials. But those use cases may represent only the low-hanging fruit of AI for threat actors.

The report states, “New AI techniques and the emergence of large language models such as ChatGPT have made it easier for cybercriminals to generate malicious code, conduct Business Email Compromise (BEC) attacks, and develop polymorphic malware, making it easier for victims to Identify phishing.

As Forbes contributor Will Townsend pointed out in his RSA roundup article, discussions in and around tradeshows highlighted that AI has quickly become “a double-edged sword that will need constant sharpening” because it Rapidly deployed by both attackers and defenders.

Despite recent high-profile tech industry layoffs, demand for cybersecurity professionals is still very high. With so many tech industry workers looking for their next job, why aren’t these displaced workers being recruited?

Better matching candidates less likely to retrain as cyber security techs may hold the answer. Demand for cyber workers is set to increase by 25% in 2022, and much commentary exists about the need to hire cyber security talent from non-traditional backgrounds, such as bartenders or school teachers.

According to data released in late January from the Cyber ​​Security Workforce Analysis site developed by NIST, CompTIA and the National Initiative for Cyber ​​Security Education at Lightcast, the total number of employed cyber security workers is expected to remain fairly stable in 2022 at about 1.1 million. The number of online job postings declined from 769,736 to 755,743 in the 12 months ending December 2022.

“Despite concerns about a slowing economy, the demand for cybersecurity employees remains historically high. Companies know cybercrime won’t stop for a downturn in the market, so employers don’t want to risk stopping their cybersecurity hiring. Can,” said Lightcast Vice President of Applied Research – Talent Will Marko.

According to Lightcast data, each of the first nine months of 2022 set records for the highest monthly cyber security demand since 2012 but cooled off in November and December. A key indicator is the ratio of currently employed cyber security employees to new openings, which indicates how significant the workforce shortage is.

The supply-demand ratio is currently 68 workers per 100 job openings, up from the ratio of 65 workers per 100 jobs in the previous period. Based on these numbers, approximately 530,000 more cybersecurity workers are needed in the US to close current supply gaps.

Some industry researchers suggest that hiring cybersecurity talent from non-traditional backgrounds, such as bartenders or schoolteachers, is an ideal out-of-the-box solution.

unrealistic idea given the technical constraints

Other cyber professionals argue that such a solution is not in line with the reality of the industry. Mainly, the barriers to entry remain high, with many organizations still using outdated recruitment methods, such as requiring certification that is impossible to obtain without work experience.

Lenny Zeltser, CISO at cybersecurity asset management company Axonius and instructor at cybersecurity training, certification and research firm SANS Institute, also finds it surprising that no one is talking about what happens once you land one. How difficult it is to move up the hierarchy. Cyber ​​situation in the first place.

There is little or no guidance on how to go from cyber practitioner to chief information security officer, or CISO. Many organizations lack standards and structure regarding how to pay cyber therapists, and many employees know the only way to advance is to move to other companies, he argued.

People are simply starting the conversation in the wrong place, Zeltser offered. Companies must first address the “cyber security career gap” before they can begin closing the cyber industry skills gap.

He said that learning computer security skills is not the primary issue. Many avenues exist for those motivated to acquire the necessary skills. The problem is the expectation of what skills are needed.

“I believe there are a lot of opportunities out there for people to acquire security skills. So it leads me to consider that maybe there is more to it,” Zeltser told TechNewsWorld.

“Maybe we have unrealistic expectations for what we’re looking for.”

Forget Ideal Candidates

Perhaps the typical unicorn situation where companies want one security professional who can do everything is the culprit, he said. It is such a specialized field that includes many specialized subsets, and it is difficult to be an expert on everything within cyber security.

“We’re not open enough to let people with unusual non-technical backgrounds enter the field,” Zeltser said.

He offered an example from his previous roles within the industry. With a slight variation, hiring managers want their recruiters to do X, Y, and Z. Not seeing those abilities on a resume puts job applicants in the skills gap category.

What is the solution? Take cyber applicants with a few skills and train them for the rest.

Zeltser recalled the employees looking for some security experts who would provide customer support. The company needed entry-level security personnel, but they were not available.

The company recruited tech-savvy bartenders who were interested in computers and could set up their own Wi-Fi. But he only did this at home, he explained.

“We found that we were able to train them in the right safety skills in the office. But we didn’t need to train them and it’s very hard to teach them how to multitask and how to think on their feet and how to interact with humans.” Do it,” Zeltser said. It turns out the bartenders are really nice.

need a positive end result

Zeltser found many options where he could have been more open, and it became a necessity. Being more open means changing your mindset to accept people from non-technical, non-traditional backgrounds,” he offered.

“I wish we could stop telling people in the industry that if they enter the field as a security professional, they should work at the pinnacle of a career in cyber security, which is the CISO role. The thing is, there aren’t enough of these roles,” he said.

According to Zeltser, the industry does not require as many security officers as other types of security professionals, resulting in people being set up for failure.

“We’re asking them to work in that direction, and that’s how we define success. But instead, we can talk about other ways in which people can be successful because not everyone has to be an executive.” Should be, not everyone should be a manager,” he said.

skill gap meets security gap

Even with a shortage of trained cyber security personnel, many organizations are on the right track in securing and mitigating cyber risks to their business. The challenge, according to Joseph Carson, chief security scientist and consultant CISO at Delinia, is that large security gaps still exist for attackers to abuse.

“The security gap is widening not only between business and attackers, but also between IT leaders and business executives,” he told TechNewsWorld.

Carson acknowledged that some industries are showing improvement. But the issue still exists.

“Unless we solve the challenge of communicating the importance of cybersecurity to executive boards and the business, IT leaders will continue to struggle to obtain the resources and budget needed to close security gaps,” He warned.

need a better career path

Organizations need to continue expanding their recruiting pools, account for bias that may currently exist in cyber recruiting, and provide in-depth training through apprenticeships, internships, and on-the-job training. It helps build the next generation of cyber talent, introduced Dave Geary, CEO of crowdsourced cybersecurity platform BugCrowd.

“By creating opportunities for career development and rallying behind our mission to help protect our customers, their customers and the wider digital community from cyberattacks, employees feel they have a greater say in themselves and the wider community,” he told TechNewsWorld. There is an opportunity to improve.”

Gerry said that over the years, we have been led to believe that there is a significant gap between the number of open jobs and the candidates qualified to fill those jobs. While this is partially true, it does not provide an accurate view of the current state of the market.

“Employers need to take a more proactive approach to recruiting from non-traditional backgrounds, which, in turn, broadens the candidate pool from those with only formal degrees to individuals who have incredibly high potential with the right training.” ,” They said.

maybe a better option

The recent release of the National Cyber ​​Security Strategy will demand more than it can offer. This could slow down processes massively, predicted Guillaume Ross, deputy CISO at cyber asset management firm JupiterOne.

It will be necessary to prioritize and reduce the attack surface as much as possible. Also, security measures should ensure that developers, IT, and even business/process management people integrate security into their daily work routines.

“Improving the security skills of a million developers and IT workers will have a much better impact than training a million new “security people” from scratch,” Ross countered with TechNewsWorld.

large scale universal solution

The skills and cyber security shortage is not just a problem for US industry. Ravi Pattabhi, vice president of cloud security at ColorTokens, an autonomous zero-trust cyber security solutions firm, said there is a severe shortage of skilled cyber security experts across the globe.

Some universities have started teaching students some basic cyber security skills, such as vulnerability management and system security hardening. Meanwhile, cyber security is undergoing a transformation.

“The industry is increasingly incorporating cyber security into the design phase and building it into product development, code integration and deployment. This means that software developers also need basic cyber security skills, including the use of the Mater Attack Framework and using pen test tools,” Pattabhi told TechNewsWorld.

Microsoft announced last week that, as it did with .NET years ago, it will be putting generative AI into everything, including security.

Back in the .NET days, I joked that Microsoft was so over the top with .Net that the bathrooms were renamed Men.net and Women.net. Many of those efforts didn’t make sense. However, given that generative AI affects most functions at Microsoft (except the bathroom), it makes more sense for the company to do so now.

Let’s take a look at how generative AI will impact security. Then we’ll end with our product of the week: the BAC Mono custom-built, street-legal track car.

Biggest Security Exposure… You Are

We often get overly excited about all the technology we have at our disposal to reduce breaches. But after layer upon layer of security software to identify and fix breaches, one constant is that the most common cause of a breach is a person. Ransomware attacks, identity theft, data theft, and many additional problems mostly track back to someone who was tricked into providing information that could be used to cause harm.

The industry talks about regular employee training, safety drills and audits, and excessive penalties, all of which have had minimal impact on the problem because companies do not practice any of these consistently and effectively. I include security companies, especially their executives, in that group who often think the rules they helped create don’t apply to them.

Back when I was doing a security audit (at a company not known for security) on a CEO who often bragged that he knew more about security than anyone else in my division, I would go over his most sensitive information. which was in a locked vault in 10 minutes. Not by using some super-secret James Bond hacking technique, but by looking in his secretary’s drawer where all the keys were stored, which were unlocked.

Human error is the most important and prevalent cause of some of our most painful security problems, and it’s been that way for decades.

HP PC Security Solutions

I’m writing this at HP’s Amplify partner event, where HP just kicked off its security solution. HP’s Wolf Security is arguably the best PC security solution on the market.

HP highlighted that the security business generates $8 trillion in revenue, which is a fraction of the money it protects. Yet all this technology is useless if you can’t stop an employee from doing something stupid.

The HP tech includes VMs, BIOs, security and some of the most impressive security solutions I’ve seen, but it only addresses someone who accidentally drops or loses a PC. It does not deal with an employee who voluntarily or accidentally breaches his safety.

One exception is HP Sure Click which helps prevent the user from clicking on a link they shouldn’t. Sure Click isolates risky tasks in a virtualized environment so that damage does not escape from harming a separate VM. This effort goes a long way. However, while HP does the most, it’s still not enough.

Examples of Why We Need AI Security

One of the biggest problems I’ve ever covered was a CIO who got fired via email. He was so enraged that he used his credentials to effectively put all of his ex-company hard drives out of business. Yes, he was prosecuted for poverty and went to jail, but that didn’t help the company he shut down.

In another large-scale breach, an attacker with uncontested access to a company’s HR system used alleged credentials and crafted a global email that went out to every non-management employee telling them that the firm had been sold and that they were about to be fired. To receive the check, employees were required to provide their banking information.

Almost every employee gave their information before anyone even thought to ask the manager about it. By the time the attempt was called off, the attacker’s servers were offline, and the thieves had moved away.

These examples show successful exploits that would have bypassed HP’s Wolf Security. One because it was a physical breach with no laptop involved and the other was caused by a phishing attack that resulted in access and compromise of an HR system that Wolfe Security would not protect.

I’m not picking on HP here because neither HP nor any other tech company can effectively solve an employee-sourcing problem. But that “yet” is where AI potentially comes in.

AI to the Rescue: Blackberry to Microsoft

Microsoft’s Security Co-Pilot is initially focused on providing security professionals with information on current and potential breaches in real time so that they can be rapidly mitigated. This should help address the ongoing problem of understaffed and under-resourced security. This is the initial focus of most of these generative AI efforts: to increase productivity and reduce workforce burden.

However, the real promise for generative AI is that it can learn from employee behavior, and reduce it by learning from that behavior. Largely, one company that has moved aggressively against this employee risk with older AI technology is BlackBerry’s Silence unit.

BlackBerry’s technology monitors employees and will move to block anyone behaving abnormally, such as a service professional who suddenly starts downloading the firm’s employee or product development files—a sign that a The attacker was using his own credentials.

Generative AI can go much further and potentially more quickly. Using massive models, generative AI can predict future behavior, identifying employees who routinely violate company policies (indicating that they are more likely to act inappropriately). likely), and can recommend remedies ranging from recurring automated training to dismissal for those employees most likely to be the cause. of violations, eliminating potential problems before an incident occurs.

Now, before you fret about the “termination” part, realize that if these employees cause a breach, the remedies may include not only termination but also financial costs to the employee or even depending on the nature of the breach and Jail time is also included, depending on the size. Therefore, even for the dismissed employee, this remedy is better than what would otherwise have been the case.

Wrapping Up: Generative AI and the Future of Security

AI is being brought to security, starting with BlackBerry and ending with Microsoft’s most recent effort. The result is the potentially ultimate elimination of our most important security risk: people. As generative AI and other future forms of AI advance in security, we will finally have the opportunity to mitigate the one security problem that keeps biting us in the butt: ourselves.

As with other technologies, I expect IT to be slow to adopt these tools and that avoidable breaches will forever change our career paths and financial security.

AI will not only help keep our companies safe, but those we love, including ourselves. Note that the individuals who most need this protection are our aging population, who bad actors often trick into giving up their retirement funds because of such breaches.

The only question is whether AI defenses will be deployed before this same technology can be used against us. AI is neither good nor bad; It is a tool. Sadly, in cyber security, new technologies are increasingly used against us than for us.

tech product of the week

BAC Mono custom-built, street-legal track car

Since we’re talking about AI this week, two weeks ago, Nvidia held its GTC conference, where I looked at Nvidia’s idea of ​​a car that would be built first virtually and then customized to your specific needs and tastes. Custom-made for.

The BAC Mono car is an early example of how the rest of the car market would develop. Using advanced workstation tools from HP, Bac has created a process that Nvidia talks about.

I sold my track car a few years back, and I miss it. But generally, a track car is some old sports car or hot hatch that you drive on a track. These cars are designed for day-to-day driving and are not ideal for the track – and dedicated track cars require you to trailer them.

Dedicated track cars that are also road-legal are rare and very expensive, and customization is limited. Using the Metaverse and VR technologies, this last one can be changed. Not only can the car be more customized, but it can be built more quickly, tested virtually, and better able to pass the changing rules of driving on public roads.

With a price tag of $151,000, the BAC Mono is not for the faint of heart, but it will outperform supercars on the track that cost a lot more. It’s designed to help you hit your corners efficiently and a supercar can draw similar crowds for a fraction of the price.

bac mono car

Bac Mono | Image credit: Briggs Automotive Company

This might not impress your date, since it has a seat, but in most supercars, once she tries to get into the car, she’ll inadvertently stop being impressed without providing a photo opportunity.

Plus, since it’s a track car, you’ll be less motivated to do the stupid things that often define supercar drivers (there are thousands of videos of supercar drivers doing expensive, stupid things on YouTube).

The BAC Mono is not only the harbinger of how we’ll buy cars in the future, but I also lust for one, so it’s my product of the week.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

Is it worth exposing your personal data in exchange for the convenience of using pet apps on your smartphone?

Pet apps leaking your sensitive information has probably been a no-brainer for you. But it may now, thanks to two recent studies presented at the 2022 IEEE European Symposium on Security and Privacy Workshop conference.

On 28 February computer scientists from Newcastle University and Royal Holloway, University of London exposed a number of security and privacy issues. Researchers from both universities evaluated popular Android apps for pets and other companion animals, as well as farm animals. They found that 40 users are leaking information.

Dubbed pet tech, pet industry developers use technology to improve the health, well-being and overall quality of life of pets. Obviously, they also use it as a source of data acquisition which puts users’ security at risk.

Pet tech is expanding and includes a wide range of products including GPS trackers, automatic feeders and pet cameras, according to a written statement from Newcastle University. Other examples of pet technology include wearable devices that monitor pets’ activity levels, heart rates, and sleep patterns.

Some of these pet apps control smart feeding systems that dispense food at a set time or in response to the animal’s behavior. These apps and platforms also allow owners to track and manage their pet’s health records and connect with veterinary professionals.

According to Ashish Patel, general manager/EMEA at mobile security solutions firm Zimperium, the leaky apps problem is widespread, going far beyond just pet apps.

The problem is evident across all markets, countries and applications. This includes sharing unencrypted information in clear text and sharing data on open cloud-based servers.

“It’s a problem that’s coming to the forefront now, but we see more organizations implementing security from development, with scanning techniques in app development to create more secure apps, to ensure app keys are encrypted and it is equally important that it is running on a secure [non-breached] With device run-time protection, Patel told TechNewsWorld

What researchers discovered at Pet Apps

The researchers did not disclose the names of the pet apps analyzed. Nor did he clarify what type of content was leaked from specific apps.

However, they verified that the apps sent developers sensitive user information, including email addresses, location data and pet details, without encryption or user consent.

Many of these apps put users at risk by exposing their login or location details.

According to the Newcastle University statement, the three applications had users’ login details visible in plain text within non-secure HTTP traffic, meaning anyone using one of these apps could inspect anyone’s internet traffic. and get their login information.

Furthermore, the two apps also showed user details, such as their location. This allows someone to gain access to their devices and expose them to a cyber attack.

The tracking software embedded in the four apps raised another concern: the trackers could collect user data related to how the app or smartphone was used.

The analysis revealed that 21 apps track users without their consent, violating current data protection rules.

Researchers’ privacy and security warnings

Scott Harper, a Ph.D. student at Newcastle University’s School of Computing and lead author of the study, said pet tech products such as smart collars and GPS trackers are a fast-growing industry. This brings with it new security, privacy and security risks for pet owners.

“While owners may use these apps for peace of mind about their dog’s health or where their cat is, they may not be happy to learn about the risks they pose,” he said in the university statement. Apps that keep for cyber security.

Harper urged users to make sure they set up unique passwords, check settings and consider how much data they want to share.

Dr. Maryam Mehranzad, co-author of the report from the Department of Information Security at Royal Holloway, University of London, said that using modern technologies to improve many aspects of our lives often involves cheap technologies that compromise users’ privacy, security and privacy. comes at a cost of , and safety.

“Animal technologies can pose complex risks and harms that are not easy to identify and trace. In this interdisciplinary project, we are working on solutions to reduce such risks and enable animal owners to use such technologies without risk or fear. allowed to use.”

Second study shows user complacency

The research team conducted a second study which surveyed 600 participants from the UK, US and Germany. They questioned the technologies used, the events that occurred, and the methods used to protect their online security and privacy in general and pet apps in particular. The researchers published the survey findings in the journal Proceedings of the 12th International Conference on the Internet of Things. Their results revealed that participants believed there were a variety of attacks likely to target their pet technology.

Despite this concern, respondents said they take some precautions to protect themselves and their pets from the potential risks and harms of these technologies. The university statement did not disclose the numerical results.

Co-author Dr Matt Leach, Director of the Center for Comparative Biology, Newcastle University, said: “We would urge those developing these technologies to enhance the security of these tools and applications to prevent their personal information or location from being shared. risk can be reduced.”

Cyber ​​Security Insider Responses

According to Casey Ellis, founder and CTO of crowdsourced cybersecurity firm BugCrowd, application developers, especially for apps that are not “security first” in their nature, often prioritize features and usability over security to differentiate in-market. give priority. Speed ​​is the natural enemy of security, so these kinds of issues are often seen in fast-to-market areas like mobile applications.

“At the end, [vulnerabilities vary and] Come down to risk to the individual user. For example, to some people, a breach of privacy may not seem like such a big deal. For others, it could create an immediate personal safety issue,” Ellis told TechNewsWorld.

Regardless, app developers must ensure that security and privacy controls are behaving as users expect, which is clearly not a consistent theme here, he said.

App users should realize that if they are not paying for an app or service, then they are the product. Zane Bond, head of product at cybersecurity software firm Keeper Security, warned that your data and usage is how the company will make money.

“Be aware and understand that most services are not free. You just have no idea of ​​the cost. Even with many paid services, your data is still for sale,” Bond told TechNewsWorld.

The White House on Thursday released its highly anticipated National Cyber ​​Security Strategy. The new federal policy assigns more digital security responsibility to tech firms instead of more federal regulations.

The policy document urges a greater mandate on the firms that control most of the country’s digital infrastructure. It also propagates an expanded government role to disrupt hackers and state-sponsored entities.

But the strategy lays out a cybersecurity roadmap for new laws and regulations over the next few years aimed at helping America prepare for and fight emerging cyber threats. It sets the pace of government actions in the long run:

  • Explore a national insurance backstop in case of a catastrophic cyber attack to complement the existing cyber insurance market;
  • Focus on protecting critical infrastructure by expanding minimum security requirements to specific sectors and streamlining regulations;
  • Treat ransomware as a threat to national security, not just a criminal issue.

This triggers a fundamental directional shift in the government’s cyber security approach. The shift in focus reflects how the United States allocates roles, responsibilities, and resources in cyberspace.

It also balances the responsibility of protecting cyberspace by shifting the burden of cyber security from individuals, small businesses and local governments. Instead, according to policy pronouncements, the most capable and best-positioned organizations have an obligation to mitigate the risks to all of us.

“The strategy recognizes that the government must use all instruments of national power in a coordinated manner to protect our national security, public safety and economic prosperity,” the White House said in its announcement.

new approach

The Biden-Harris strategy seeks to build and enhance collaboration around five pillars:

  • protect critical infrastructure;
  • disrupted and disintegrated threat actors;
  • shaping market forces to drive security and resilience;
  • Invest in a resilient future through strategic investments and coordinated, collaborative action to lead the world in innovation of secure and resilient next-generation technologies and infrastructure;
  • Forge International Partnership to Pursue Common Goals

According to the policy statement, along with those standards, the newly tapped global allies and partners will make the United States’ digital ecosystem defensive, resilient, and aligned with values.

Federal Cyber ​​Security Requirements, Enforcement

Eric Noonan, CEO of CyberSheth, proposed that the federal government commit explicitly and meaningfully to expanding mandatory minimum cyber security requirements in critical areas.

He said it was a fresh acknowledgment of the federal government’s role and a complete abandonment of the original 2003 strategy, which stated that federal regulation would not be the primary means of securing cyberspace.

“It may have taken 20 years, but the federal government is now saying the quiet part loudly. Lack of mandatory cyber security minimums has failed, and regulatory mandates are coming, so get your house in order, Noonan told TechNewsWorld.

The strategy also makes clear that where the government does not have the authority to mandate minimum standards, the administration will work with Congress to close those gaps and control irregularities.

Noonan predicted that a big change is coming in our ability to detect and defend against cyber threats. But that’s only when agencies like the DOD, the SEC, the FCC, and the rest of the federal government fully exercise their regulatory powers to establish and enforce mandatory cyber security minimums across their respective contractors and suppliers.

“The single most impactful thing the federal government can do is to protect our nation’s cyber defense, and this strategy does it,” he said.

positive support from the European Union

Martin Riley, director of managed security services at cyber firm Bridewell, is pleased to see a change in the United States’ attitude regarding cyber security.

“It’s great to see these moves taking effect. We find ourselves in a leadership position in many areas in Europe with regulations like NIS and GDPR,” Riley told TechNewsWorld.

He added that the European Union is in a great position to assist its US partners and lead them in the pursuit of cyber resilience. “I look forward to digging into the details to see the incentives being implemented by the US government to ensure these practices are taken up equally across all states and relevant territories.”

updated technology vital employment

The report emphasizes the modernization of federal security. Darktrace CEO Marcus Fowler advised that a critical part of this should be accelerating the government’s ability to onboard modern and next-generation security technologies.

“Government agencies need to be able to efficiently test technologies in dynamic environments that, in both scale and complexity, would be expected to protect the environment,” Fowler told TechNewsworld.

He offered that US officials would also benefit from moving validated security solutions to the front of the line and accelerating mandatory audit timelines. Ultimately, as the federal government gains access to advanced security solutions more quickly, it may force attackers to adapt faster to try and keep pace.

“It is positive to see that the new strategy emphasizes the importance of mandating ‘security by design’ as well as focusing on robust technologies and building a better cyber workforce,” said Fowler.

technology key element

Technology will also be critical in improving the speed and scale of threat information sharing, the report calls for. Threat intelligence is important, but the threat landscape is vast and growing.

“Organizations need technology that cuts through the intelligence and identifies how a particular vulnerability affects their unique environment. They need that information fast,” recommended Fowler.

Distilling that information and turning it into a strategy based on bespoke organizational risk is a job for technology. He said that we cannot burden humans any longer as they need to be freed for strategy and treatment.

The future is one where a hybrid human-AI approach to cyber is essential. Fowler said the goal is to end up with a stronger, more resilient and better-enabled cyber workforce.

“This must be executed with innovative and accessible programs that are growing and investing in the next generation of security practitioners and upskilling them to further enhance workload efficiency and accelerate response times,” he said. Said.

Ongoing training, preparation needed

The administration’s new cyber security efforts, unfortunately, don’t move the needle on what needs to be done to strengthen the security workforce we have today, said Live-Fire OT/ICS founder and CEO of cloud range cyber attack simulation training company Debbie Gordon warned. ,

“In any type of life safety sector — and that’s exactly what cyber security of critical infrastructure represents — the need for ongoing training and readiness is integral,” Gordon told TechNewsWorld.

As the cyber threat landscape changes daily, critical infrastructure sectors are the targets of the most advanced, nation-state backed Advanced Persistent Threats (APTs). He advised that we cannot rely on annual training certifications to assure that our infrastructure is safe.

“Ongoing training requirements that can be measured against industry standard frameworks to validate their effectiveness can not only help organizations ensure they have the right skills to prevent and respond to attacks, are the right people. They can provide cybersecurity professionals with a clear path to expand their careers with cyber skills unique to operational technology (OT) cybersecurity,” said Gordon.

The new year is up and running, set to bring solutions and challenges affecting all industries. As the faltering economy continues to revolve around the ravages of broken supply chains and deteriorating cyber security, businesses and analysts alike are turning their attention to what’s next.

TechNewsWorld spoke with IT executives to gather predictions for what will happen in 2023. He offered insightful writing on the wall about what to expect going forward.

One of the most important areas is the need for more effective security to protect cyber infrastructure. Politics aside, Executive Order 14028 issued in May 2021 clarified the priorities. President Biden’s order requires agencies to improve their security to secure the integrity of the software supply chain.

“Software vendors can no longer hide from their shortcomings, and software users can no longer hide from their responsibilities,” said John Geter, chief product and technology officer at RKVST, a SaaS platform for tracking supply chain issues. Technewsworld.

With still a way to go, he sees the digital supply chain finally being recognized as just as important as the physical one. Gator also sees a critical need for suppliers to provide quality and for consumers to control their own risk.

He offered, “Companies and governments around the world are waking up to the fact that the software they use to run their enterprise operations and the hardware and software solutions they use and deliver to customers are represent a significant risk.”

Core Technologies Top Priority

Geter said the current political and macroeconomic conditions are worse than most people predicted, and this is having a chilling effect on innovation.

People will focus more on cost cutting and efficiency. However, this should not diminish the importance of the key technologies being developed.

“But it changes the emphasis from new use cases like proactive cyber defense to improvements in existing use cases like more efficient audits,” he said.

Geter suggested that most supply chain problems come from mistakes or oversights that originate in the supply chain itself, and that leave targets open to traditional cyber attacks.

“It is a subtle distinction but an important one. I believe the bulk of the discoveries arising from improvements in supply chain visibility [in 2023] Will highlight that most threats arise from mistake, not malice,” said Geter.

Year of AI and ML

The new year will bring a renewed focus on machine learning operations (MLOps), predicted Moses Gutman, CEO and co-founder of ClearML, an MLOps platform. It is important to take stock of how machine learning has evolved as a discipline, technology and industry.

He expects artificial intelligence and machine learning spending to continue to grow as companies look for ways to optimize increased investment and ensure value, especially in a challenging macroeconomic environment.

“We’ve seen a lot of top technology companies announce layoffs in late 2022. It’s likely that none of these companies are laying off their most talented machine learning personnel,” Gutman suggested to TechNewsWorld.

However, to make up for the shortfall of fewer people in deep technical teams, companies will need to lean even further into automation to maintain productivity and ensure projects get completed. He also expects to see companies that use ML technology put in place more systems to monitor and conduct performance and make more data-driven decisions on how to manage ML or data science teams.

“With clearly defined goals, these technical teams will need to be more key performance indicator-focused, so leadership can have a more in-depth understanding of machine learning’s ROI. Gone are the days of vague benchmarks for ML,” Gutman said. .

end of talent hoarding

Artificial intelligence and machine learning have become common in the last decade. Those working with ML are likely the most recent employees, as opposed to employees who have been working with AI for a long time.

Many big tech companies started hiring these types of workers because they could handle the financial cost and keep them away from competitors — not necessarily because they were needed, Gutman said.

“From this perspective, it is not surprising to see so many ML workers being laid off given the surplus within large companies. However, with the era of ML talent hoarding coming to an end, it could usher in a new wave of innovation and opportunity for startups,” he observed.

With so much talent now looking for work, he expects to see many displaced workers move out of big tech and into small and medium-sized businesses or startups.

Cloud Predictions

Drew Firmant, vice president of enterprise strategies at Pluralsight, believes that fundamental cloud computing skills will continue to be the most relevant and in-demand worker needs for 2023. This is despite ML and AI getting the most attention.

According to Pluralsight’s State of the Cloud report, 75% of tech leaders are building all new products and features in the cloud. Yet he noted that only 8% of technologists have significant cloud-related skills and experience.

Ironically, lower-level cloud infrastructure skills will continue to be in high demand because using those technologies successfully requires more people than higher-level services, said Mattias Andersen, Pluralsight’s lead developer advocate.

“For example, many organizations now want to own and manage their own Kubernetes clusters, allowing them to hire for Kubernetes administration skills while they offload to a cloud provider,” Anderson told TechNewsWorld. “

tech talent shift

Firmant said an expected shift from consumers of talent to creators of talent will be a key differentiator for cloud leaders in 2023. Gartner reports that 50% of enterprise cloud migrations will be delayed by two years or more due to cloud skills shortages – directly impacting the ability of enterprises to achieve cloud maturity and achieve a return on their technology investment.

“To address the challenges of cloud adoption, enterprises must invest in migrating their talent to the cloud as much as they are investing in migrating their applications,” Firmant told TechNewsWorld. “Lift-and-shift migration strategies limit the benefits of cloud platforms, and the approach doesn’t work well for workforce transformation.”

He urged that in order to achieve a sustainable transformation towards cloud adoption and maturity, enterprises need to invest strategically in skill development programs designed to achieve cloud adoption at critical mass.

Multi-Cloud Adoption

Avoiding vendor lock-in is an important target for 2023. According to Anderson, this is the strategy that is now prevalent across the industry landscape. More enterprises are adopting multi-cloud, either by design or by accident.

“The increase in multi-cloud adoption will accelerate demand for the tools needed to manage the increased complexity as enterprises struggle to reduce their implementation timelines. The trifecta of multi-cloud challenges and solutions in 2023 will include security, cost and operations,” said Anderson.

This, he said, would force another need on multi-cloud strategies. Technologists must become multilingual between two or more cloud providers.

He predicted, “With the current shortage of cloud talent, the multi-cloud strategy trend is expected to add further stress to the existing skills gap.”

open-source role

The focus on ML operations, management and governance will force MLOPS teams to do more with less. According to Gutman, businesses will adopt more off-the-shelf solutions because they are less expensive to produce, require less research time, and can be customized to meet most needs.

“MLOps teams will need to consider open-source infrastructure rather than being locked into long-term contracts with cloud providers. While organizations doing ML at hyper-scale can certainly benefit from integration with their cloud providers, it forces these companies to work the way the provider wants them to work,” he added. Explained.

This means users may not be able to do what they want the way you want, he warned. This also puts users at the mercy of the cloud provider for cost escalations and upgrades.

On the other hand, open source provides flexible customization, cost savings, and efficiency. Users can even modify the open-source code to make sure it works exactly as they want.

Gutman concluded, “especially with teams shrinking in technology, it’s becoming a more viable option.”

Navigating the Internet can be a troublesome journey. Bad actors constantly hide behind emails, websites and social media invitations with the intention of exploiting uninformed users. Even your Wi-Fi router and the now-ubiquitous QR code are danger points. Add to that, the never-ending virus and malware threats.

Computer and mobile device users are often unaware of the danger zone. However, the Internet does not require a continuous journey through the Badlands. To stay safe online, it’s important to know what to avoid and how to protect yourself.

Here are five things you have under your control to help keep your digital activity safe.

1. QR Codes, Easy But Potentially Harmful

QR code for TechNewsWorld.com
A secure QR code for TechNewsWorld.com

These postage-sized image links can be convenient for websites. Simply point your smartphone’s camera at it and instantly visit a website, tech support location, discount offer on purchases, or restaurant menu.

However, QR codes can also take you to a nefarious place where malware or worse is waiting. QR codes can be programmed to link to anything, putting your privacy and security at great risk.

Think before scanning the QR code. If the code is displayed on a website or printed document that you trust, it is probably a safe one. If not, or you’re unsure, check it out.

You can download reputed QR reader apps that will do security checks at the endpoint of destination of the QR code. One such security tool I use is the Trend Micro QR Scanner app, which is available for Android and iOS.

2. Avoid ‘Unsubscribe’ Email Scams

This is a popular ongoing scam that has a high success rate for hackers. Potential victims receive an email asking for a product offer or other business invitation. The opt-out action move is enticing, looks familiar, and feels appropriate. “Don’t want to receive our emails? Click here to unsubscribe,” it prompts.

Sometimes annoying repetitive emails asking if you want to unsubscribe from future emails. Some even provide a link for you to unsubscribe.

Do not select any option. Clicking on the link or replying confirms your active address.

Never enter your email address in the “Unsubscribe me” field. More senders will follow.

A better way to remove unwanted email, especially from an unknown sender, is to mark it as spam. This moves it to the spam folder. You can add that sender to your email program’s block list, or set a filter to automatically remove it before it reaches your inbox.

Finally, check out the free service Unroll.me. There you can unsubscribe from unwanted emails, keep others, or receive the rest in the Daily Digest.

3. Lockout Facebook Hackers

Other villains try to usurp Facebook accounts. Hackers can change your password, email address, phone number and even add a security code to lock you out of a pirated account. Before trouble strikes, be proactive to prevent these situations. Facebook provides the following security settings that you need to enable.

Enable two-factor authentication (2FA) to require your login approval on a different device.

To do so, log into your Facebook account on a desktop computer and navigate to Settings & Privacy. Next, select Security and login. Then scroll down and edit the Two-Factor Authentication option.

Facebook Two-Factor Authentication Settings

You will need to enter your Facebook password to complete this step.

Activate these two additional features to block Facebook hackers:

  • Enable the code generator feature in the Facebook mobile app
  • Set up login alerts in your email

First, open the Facebook mobile app and tap on the magnifying glass, enter the word “code generator” and tap the search icon. Tap on the Result Code Generator to navigate to the next screen, then tap the “Turn on Code Generator” button to receive a 6 digit code that changes every 30 seconds. You will need to enter this code within that short amount of time to login to your account on another device.

Next, set an alert about unfamiliar logins. You can do this from a computer or mobile device.

  • Computer: Go to Settings & Privacy > Settings > Security & Login > Receive alerts about unrecognized logins (see screenshot above).
  • mobile application: Tap Menu > Settings & privacy gear icon > Settings. Then tap Password & Security. Next, scroll down to Set up additional security > Receive alerts about unfamiliar logins > Tap to select your preferred notification methods.

If you’re having trouble logging in, visit facebook.com/login/identify to have the problem fixed. If you are unable to log in there, go to this Facebook help page instead and fill out the request form for Facebook to review your account. You will need to answer a few security questions to prove your identity. This may include providing proof of ID, like a picture of a driver’s license.

4. Secure Your Wi-Fi Router

The influx of people working remotely since Covid has put home Wi-Fi routers among the target sites of hackers. As a result, malware attacks on home Wi-Fi networks are on the rise because residential setups often lack the level of security and protection found on enterprise networks.

One nasty attack tool, called ZuoRAT, is a remote access Trojan designed to hack into small office/home office routers. It can affect macOS, Windows, and Linux computers.

With it, hackers can collect your data and hijack any site you visit on your network. One of the worst factors of ZuroRAT is that once your router is infected, it can infect other routers to spread the hackers’ reach.

Follow these steps to better secure your home/office Wi-Fi network:

  • Be sure to enable WPA2 or WPA3 encryption on your router. The default factory setting is often the old WEP (Wired Equivalent Privacy) security protocol, or is set to none. See the user manual or the router manufacturer’s website for instructions.
  • Change your router’s SSID (Service Set Identifier) ​​and password. It is critical. Typically, the factory setting shows the make or model of the router and has a universal password such as 0000 or 1234. Change the name of the SSID to not identify you easily. Avoid names that include all or part of your name or address. Make sure the password is very strong.
  • For added security, change the router’s password regularly. Yes, this is a major inconvenience as you will also have to update the password on all your devices that use that Wi-Fi network. But considering that it will keep hackers away, it is well worth the trouble.
  • Keep the router’s firmware up to date. Refer to the user manual and/or the manufacturer’s website for steps on how to download the latest update.

general question
How do I create a password that is hard to hack?

The strongest passwords have all these characteristics:

  • Long – the more characters, the better
  • mix of upper-case and lower-case letters, numbers, and special characters
  • No jargon words or anything related to personal information

Pro Tip: When using a password generator, always replace at least a few characters from the random result to create your final credential.

5. Beware of the phony tech support plans

Some fraudsters call you on the phone to tell you they are a tech support department working for a well-known computer or software company. The caller claims to have detected a virus on your device or made a call in response to an alert from your computer of malware. The scammer offers to fix it if you only provide your credit card number.

Keep phone. Your computer is not infected.

A modified version of this tech support scam is a text or email claiming the same details. do not respond. Just delete the message and move on.

You can also browse the web when a pop-up message crashes on your screen. I have received too loud Audio alerts warn me that my computer is in danger and should not be turned off without responding for help.

In all these cases, scammers want to scare you into following their instructions. The action they seek to fix the alleged problem will damage your bank account and possibly let them transmit the actual infection.

Follow these best practices to protect yourself from tech support fraud:

  • never Allow a scammer to trick you into visiting a website or clicking on a link.
  • never Agree to a remote connection by the so called technical support agent who initiated contact with you.
  • never Provide payment information for technical support you haven’t started. Legitimate tech companies will not call you and ask for payment to fix a problem detected on your device.

If you suspect that your computer has a virus or malware problem, contact a self-repair center. You probably already have a support plan or active warranty from where you bought the computer. If you have not contacted a technical support company, the call or message you have received is illegitimate.

A recent gathering of global cybersecurity professionals has unearthed the latest attack scenarios that hackers use to infiltrate corporate networks. But contrary to the hopes of misguided potential victims, no silver bullet or software guarantee will completely protect them.

RSA Conference (RSAC) presenters focused on increasing demand for implementing the zero-trust philosophy. Presenters urged network managers to educate their employees about digital identity proofing. This includes securing the data points needed to practically spread digital ID proofing solutions.

Another major cause of network breaches is organizations integrating their on-premises environments into their cloud environments. This makes the cloud prone to various on-premise generated attacks.

“The RSA Conference plays a vital role in bringing the cyber security industry closer together. As cyber attacks grow in frequency and sophistication, it is imperative that public and private sector practitioners and experts are able to address today’s greatest challenges. Be called upon to hear unique perspectives to help,” commented RSA Conference Vice President Linda Gray Martin.

RSAC provides a year-round platform for the community to engage with, learn from and access cyber security content. That process is available online and at in-person events.

According to the RSAC, better cyber security will come only with a greater focus on threat hunting activities along with authentication, identity and access management.

head in charge

RSA Federal President Kevin Orr oversees the deployment of security, specifically identity access management tools, for federal and commercial customers. His company has its roots in the early days of cybersecurity security.

At this year’s RSA conference and related Public Sector Day, he had the opportunity to speak with leaders in the government and enterprise cybersecurity sector. He discussed his comments on the state of cyber security with TechNewsWorld.

RSA Federal is an identity and access management (IAM) solutions firm that began as a cybersecurity section within Dell Computer Company. Today, it has contracts with some of the most security-sensitive organizations in the world.

Important among the tech firm now known as RSA Federal LLC and the name of one of the leading encryption technology algorithms. RSA provides security services and solutions to customers throughout the federal public sector ecosystem.

RSA is a public-key encryption technology developed by RSA Data Security, which was founded in 1982 to commercialize the technology. The acronym Rivest stands for Shamir and Edelman, the three MIT cryptographers who developed RSA public key cryptography.

long-standing convention roots

A series of RSA company sales have positioned it to capitalize on a growing need for cybersecurity specialists. Security Dynamics bought the company in 1982. Dell later acquired RSA from EMC in 2006. A consortium of private equity investors led by Symphony Technology Group bought RSA from Dell in 2020.

The sales reflected both RSA’s and Dell’s corporate strategies. This allowed RSA to focus on security-first organizations, while Dell pursued its product strategy, according to Orr.

The annual RSAC event is an important gathering for the computer security community. It is considered the world’s leading information security conference and exhibition. Originally scheduled for February 7–10, world events led to it being rescheduled for June 6–9 at The Moscone Center in San Francisco.

RSA Federal is not a conference sponsor. However, its representatives participate in panels, showcases and speeches throughout the event.

This year’s 31st annual conference was the first to be held as a standalone, independent business since the investment from Crosspoint Capital Partners in March. The event was attended by over 26,000 attendees, including over 26,000 speakers, 400 exhibitors and over 400 members of the media.

notable takeaway

According to Orr, the biggest takeaways for cybersecurity were placed in key addresses. Security was impacted by a rapid digital transformation.

This change happened rapidly due to the pandemic. This forced it to accelerate partnerships with people working away from home.

The disruption of change in the physical world is now creating a digital ripple across the entire supply chain. Better supply chain security is needed to prevent tampering within its technology.

“Another major theme was the role played by massive propaganda. We are in a hyper-connected world. The propaganda blurs how people separate fact from fiction,” Orr said. This continues to influence the use of technology.

Perhaps one of the most damaging effects is a lack of deteriorating talent. He said that not enough people are skilled to deal with cyber security threats and what needs to be done within the cyber security domain.

Attacks are on the rise now with many different factors. In a previous world, we were all sitting behind a firewall in a corporation, Orr noted. Security teams can keep tabs on the good guys and the bad guys, except maybe insiders.

“The firewalls disappeared as soon as we went mobile from the pandemic. Your personal limit of security has disappeared. Some of that boundary needs to be built around identity,” he urged.

Identity border protection

From Orr’s catbird seat in the world of cybersecurity, he sees how preventing identity breaches is now necessary. Organizations must know who is connecting to their network. Security teams need to know what the detection does, where they are in the network, and what access they should have to see. In this globalized world, those derailments really changed things.

“The attack vectors also became realised. The attack vectors have really changed,” Orr said.

Network managers must now look at the danger areas and figure out how and where to spend the money. They also need to learn the techniques available and more importantly know that the attack surface is large.

“That means they need additional sets of people or different sets of skills to come across these open issues and address them,” Orr said.

Those decisions also include ROI factors. He further added that what is really driving the security question is that generally a corporate expense should have a return on investment.

Ransomware Gone Rogue

The rise of ransomware attacks sucks money from businesses. Initially the strategy was not to pay the ransom demand. From Orr’s point of view the better strategy now depends on the circumstances.

Either way, the victims of the ransom pay and hope for the best. Or they refuse to pay and still hope for the best. There must be a plan for the worst in the game.

“I think it is a personal decision depending on the situation. Now one size does not fit all. You have to see what the bad guys have and what they value. The big question is how to stop it from happening all the time,” he said.

lack of software options

The cyber security industry is not only facing a shortage of talent. Advanced equipment may be lacking.

“I think there’s a lot of basic technologies. I’ll start with the stuff first. Take a look at the truth. For some types of organizations cybersecurity products aren’t really something you can buy. First Step Click on Phishing Attempts Have to learn not to do,” Orr advised.

The solution starts with education. Then it continues with placing some parameters. Determine what your most valuable data is. Next research how to keep it safe. How do you monitor it?

“Cyber ​​security is really a layered approach,” Orr warned.

never trust, always challenge

That was a big topic of the security conference, he continued. Part of the big change is not being able to trust network visitors.

“It was the kind of thing that has really changed now, not to be trusted. There is always the essential approach to verify. Now you are looking at things differently,” he observed.

We are making good progress. The difference is that we are now preparing for a cyberattack, he concluded.