Poor security measures associated with software development puts organizations at risk
September 15, 2020
Digital Shadows revealed new research looking at the growing problem of company access keys inadvertently exposed during software development. Access keys, and their corresponding secrets, are used by developers to authenticate into other systems.
What are the expectations, technical implementations, and challenges of using cloud security access brokers (CASB)? Cloud Security Alliance's latest study reveal unrealized gaps between the rate of implementation or operation and the effective use of the capabilities within the enterprise.
From the early days of the web, the concept of authentication has been synonymous with the notion of ‘logging in,’ typically with a username and password. Today, this ubiquity has exploded to the point that the average individual has 191 usernames and passwords acting as one-to-one keys for any website they’ve registered with.
The Fourth District Court of Louisiana has been hit by ransomware. Hacking group/ransomware strain Conti has claimed the attack on the US Court, and published apparent proof of the attack on its dark web page this week, CBR reports.
In September 2019, the Department of Homeland Security (DHS) issued its Strategic Framework for Countering Terrorism and Targeted Violence (CTTV Framework) and now offers this corresponding Public Action Plan demonstrating the Department’s efforts to combat emerging threats and improve information sharing.
The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Election Assistance Commission (EAC), released the Election Risk Profile Tool, a user-friendly assessment tool to equip election officials and federal agencies in prioritizing and managing cybersecurity risks to the Election Infrastructure Subsector.
When NSA and the National Cryptologic Museum Foundation (NCMF) break ground on the proposed Cyber Center for Education and Innovation (CCEI) on the campus of NSA-Washington (NSAW), it will culminate many years of hard work and commitment shared by the two partners. The state-of-the-art CCEI will offer over 70,000 square-feet of conference space and classrooms, providing a venue focused on delivering programs that encourage government, industry, and academia to share insights, knowledge, and resources to strengthen cybersecurity across the Nation.
Organizations may consider adopting an adaptive risk-based trust approach to securing their privileged access. This approach uses least-privilege, zero-trust as a baseline for how organizations build trust scores which will then be used to determine the level of security which is required to gain access to the cloud, and specific applications and systems.
In Spring 2020 as the COVID-19 pandemic was starting to spread across the globe, a survey of approximately 250 U.S. consumers commissioned by Awake Security found that the two threats from the DHS list that worry Americans most are cyberattacks on core infrastructure (electric, water, transportation etc.) and cyberattacks on corporations.
Diving deeper into the results surfaces something that is contrary to the popular narrative: consumers take responsibility for their personal cybersecurity and even help out those around them. They hold the government and enterprises ultimately accountable, but also understand the role each individual has to play.