In this edition of Security’s Top 5 from Security magazine, we showcase the top stories and new developments from across the security industry throughout April. This month, we take a look at top cybersecurity conferences, fixing the cybersecurity skills gap, geopolitics and security, and more.

1. Top Cybersecurity Conferences in 2024

Cybersecurity conferences provide security leaders around the world of all levels of experience with an opportunity to connect with one another. Security magazine highlights some of the upcoming cybersecurity conferences in 2024.

2. How to Fix the Growing Cybersecurity Skills Gap

In today’s cybersecurity landscape, companies must strive to be a learning-forward organization. Tangible adoption of this principle must go beyond formal skills and training — every encounter your teams have with a threat or an attack is a learning opportunity. In the midst of an incident, team members should be encouraged to apply their skills and expertise without the fear of post-incident blame, which only limits response and hinders loyalty.

3. Protecting Ships From Cyber Terrorism

Ports and offshore facilities are major elements of the maritime ecosystem, and they expose a collection of additional attack surfaces. Equipment and systems operating on loading docks and even oil rigs are inviting targets. These communicate with ships and can unknowingly share malware. Equipment and systems — from Chinese-made cranes to container-stacking machinery to drilling mechanisms — are in the hacker’s sights.  

4. The Cybersecurity and Geopolitical Discussion — The real space race: Inside geopolitics and security of a $1.8T industry— Episode 22

In Episode 22 of the Cybersecurity & Geopolitical Discussion, hosts Ian Thornton-Trump CD, CISO for Cyjax, Lisa Forte, Partner at Red Goat Security and Philip Ingram MBE, CEO of Grey Hare Media debate the geopolitical and security dimensions of the current global space industry.  

5. A Vulnerability in Linux Distributions May Allow Unauthorized Access 

Red Hat has recently reported a malicious code embedded in XZ Utils versions 5.6.0 and 5.6.1, which are XZ format compression utilities that are often involved in Linux distributions. The vulnerability has been labelled as CVE-2024-3094.