Meet Max Vetter, Chief Cyber Officer of Immersive Labs. Before joining Immersive Labs, Vetter spent seven years working with the Metropolitan Police Service as a police officer, intelligence analyst, and covert internet investigator. After leaving his career in law enforcement, he trained the private sector and government agencies in ethical hacking and open source intelligence, specializing in darknets and cryptocurrencies. This included three years of teaching at the GCHQ Cyber Summer School. Here, we speak to Vetter about emerging threats in the cybersecurity space and general security trends he has been noticing throughout the industry.
To help software vendors and customers defend against these attacks, CISA and the National Institute for Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks. This new interagency resource provides an overview of software supply chain risks and recommendations. The publication also provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks.
Many companies are struggling to adapt their security strategy to accommodate the new normal. With remote working now an ongoing reality, there has been a rush to adopt and integrate a slew of new tools and cloud platforms to facilitate collaboration and maintain productivity. However, in the race to connect everyone, security implications are often overlooked. This, coupled with the fact that relying solely on a corporate firewall is no longer a sound security strategy, puts many organizations at risk.
So, what should companies do now to adjust their security strategy? Here are five factors to adhere to that will prevent cybercriminals from taking advantage of the virtual business environment.
Kaspersky recently conducted a study based on anonymized OS metadata provided by consenting Kaspersky Security Network users. The survey found that almost one quarter (22%) of PC users are still using the end-of-life OS Windows 7, which stopped receiving mainstream support in January 2020 by way of the vendor no longer sending software updates including critical security fixes.
While COVID-19 paused many activities in 2020, cybercriminals continued to keep busy evolving their arsenal of weapons for more lucrative cyberattacks. While companies adopted remote work models and third parties experienced heightened disruption, cyber risk skyrocketed with increased ransomware, credential stuffing, malware, and Virtual Private Network (VPN) exploitation. As a result, the number of data breaches in the U.S. reached 1001 cases last year, with over 155.8 million individuals affected. Now following the SolarWinds hack, President Biden is set to sign off on an executive action to address gaps in national cybersecurity. The move is causing many CSOs to look for ways to evolve beyond the reactive model to an “always-on” approach -- one that proactively mitigates potential threats and risks before they disrupt business.
Transparency is a cornerstone of security assurance and should be a core value among more organizations across the technology ecosystem. But how do you build that transparency? There are several key components that serve as the building blocks of transparency and security assurance. Here are five key areas to consider.
Critical infrastructures must balance the utility of expanding their network of connected devices with the threats posed by bad actors. Managing the risk emerging from these threats will require an understanding of the specific style of threats posed, as well as how to counter them.
JupiterOne, provider of cyber asset management and governance solutions, announced the hiring of Sounil Yu as Chief Information Security Officer, and the appointment of Latha Maripuri to the company’s board of directors.
In March, President Biden allocated 9 billion dollars in his American Rescue Plan Act of 2021 to upgrade technology and boost talents hiring in cybersecurity. Where would that money be best used and how can the new administration convert this plan into a safe cyber landscape for the U.S.? To find out, we speak to Jeff Alerta, Chief Technology Officer of Inverselogic.
Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices. These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations. It is likely that multiple actors are responsible for the creation and deployment of these various code families, says Mandiant.
