In this edition of Security’s Top 5 from Security magazine, we showcase the top stories and new developments from across the security industry throughout August. This month, we highlight ways to expand the security candidate pool; new cybersecurity disclosure rules adopted by the SEC; MacOS malware found on a Russian dark web forum; and more.
The August Security magazine Special Report dives into the challenges security teams are facing in hiring the diverse talent needed to solve evolving challenges and mitigate new and future security threats. Security leaders share their thoughts on meeting those challenges and how to expand the security talent pool to meet the needs of the evolving security field.
In a recent The Security Podcast episode, Igal Lytzki, a threat analyst and Incident Response team leader at Perception Point, discusses emerging security threats and how security leaders are utilizing social media for research and threat intelligence.
In his article, Director of Product at Verkada Jake Stauch discusses how it has become increasingly clear that the traditional model of physical security with multiple guards patrolling buildings and facilities had become less effective and more expensive.
He says: “Given these limitations, it’s clear we’re overdue for a new approach to physical security, one bolstered by the latest developments in camera hardware, access control systems, environmental sensors and the cloud. Call it ‘augmented security’.”
In late July, the Securities and Exchange Commission voted 3-to-2 to adopt rules that require disclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant’s cybersecurity risk management, strategy and governance in annual reports. The ruling requires reporting material cybersecurity incidents to the SEC within four days of determining the incident is material.
Security leaders shared some of their thoughts on the ruling. Diego Souza, Global CISO at Cummins Inc said the regulations are a positive step toward improving the security of public corporations and protecting investors.
Hidden virtual network computing malware specifically targeting macOS was recently identified by Guardz. The malware, which is available on the major Russian dark web forum Exploit, allows cybercriminals to gain and maintain persistent unauthorized access to a victim's Mac computer without being detected, and demonstrates the concerning emergence of a growing number of macOS-focused Attack as a Service tools.
While cybercriminals have predominantly designed malware to target Microsoft Windows devices at scale, they are now increasingly developing tools for macOS. The malware operates covertly, gaining access without requesting permission from the user and deliberately concealing its presence to evade detection by small and medium-sized enterprises, where macOS devices are widely utilized.