Shifting to a remote environment may have benefitted businesses, but not without introducing new cybersecurity risks. A data-backed strategy can help security leaders manage those risks.
Meet Ali Golshan, CTO and co-founder at StackRox, a Mountain View, Calif.-based leader in security for containers and Kubernetes. Prior to StackRox, he was the Founder & CTO of Cyphort (acquired by Juniper Networks) and led the company's product strategy and research initiatives. Previously, he worked as a security researcher and engineer at Microsoft and PwC. His career started in government, conducting security and vulnerability research for the intelligence community. Here, we talk to Golshan about the benefits of DevOps.
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) published the Resilient Positioning, Navigation, and Timing (PNT) Conformance Framework today. PNT services, such as the Global Positioning System (GPS), is a national critical function that enables many applications within the critical infrastructure sectors. This framework will inform the design and adoption of resilient PNT systems and help critical infrastructure become more resilient to PNT disruptions, such as GPS jamming and spoofing.
Sift released its Q4 2020 Digital Trust & Safety Index: Holiday Fraud and the Shifting State of E-commerce, which revealed that fraudsters are executing larger and more targeted attacks this holiday season. Derived from Sift’s global network of over 34,000 sites and apps, the Index found the average attempted fraudulent purchase value rose to over $700 from October through November 2020, a 70% year-over-year increase during the same period in 2019.
Despite many companies' best efforts to combat cybercrime, it persists and is increasingly costly. Here’s a look at some of the latest technologies that may be able to turn the tide against malicious hackers because they can still deliver performance and function at the necessary scale.
As we have done in previous years, the Security magazine team compiled our favorite articles from this year. As we head into 2021, we hope you take a moment to review some of 2020’s top articles about lessons learned, thought leadership, security challenges and good practices.
The rise of high-profile data breaches and the implementation of data privacy laws have raised awareness that businesses and institutions rely on consumer information. While there is no single, comprehensive U.S. federal data privacy law, there are enough industry-specific compliance regulations in force in addition to HIPAA, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Children's Online Privacy Protection Act, and a growing number of state privacy laws, that every organization needs to step up and recognize how subject rights requests fit into its data protection and cybersecurity policies.
The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime.
As companies think about how to navigate this new landscape of privacy laws and cybersecurity threats, here are a few major trends and predictions to consider:
CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise. This update also provides new mitigation guidance and revises the indicators of compromise table; it also includes a downloadable STIX file of the IOCs.