October is National Cybersecurity Awareness Month, and we wholeheartedly support this important initiative to focus attention on the critical security challenges facing all of us. This week’s theme focuses on the continued proliferation of IoT with, “The Future of Connected Devices.”
If there’s one major cyber trend we’ve seen unfold around connected devices, it’s that there is a tendency to focus cybersecurity awareness on what we can see – phones, laptops, and IoT devices, while assuming that protecting endpoints will stop the epidemic of damaging cyberattacks.
COVID-19 has posed a wide variety of problems to businesses of all kinds, from hospitals and grocery stores to cannabis dispensaries and schools. While security technology has always been an important investment for businesses to make, during the pandemic, the use of security technology has become more vital than ever, and has provided businesses with solutions to some of their pandemic problems.
COVID-19 has helped business owners realize that their security systems have a far larger function and versatility than strictly traditional loss prevention. While many have traditionally viewed them as ways to prevent theft, such as shoplifting, or protect their employees and buildings, business owners are now being exposed to the true capabilities of their security systems.
On one hand, we have cybersecurity solutions that are not keeping pace with today’s hackers. In spite of more resources being devoted to cybersecurity, cyber compromises are at an all-time high, with even less experienced hackers now gaining access. At the same time, hardware designers are changing their industry standards and direction. This change enables hackers anytime access to hardware - even when it is powered off. The result of this combination is a perfect cyber storm, ready for disaster.
Over the past decade we’ve seen an increase in consumer grade IoT devices, but the security of those devices hasn’t always kept pace with the realities of the cyber threats targeting what is arguably an unmanaged computing device. These cyber threats are made more concerning when the expected lifespan of the device is factored in. After all, dishwashers, thermostats and doorbells aren’t devices like smartphones where there is social pressure to have the latest version.
Modern security teams are not unlike the tenacious forensic investigators featured on many popular network television shows. In order to determine ‘who done it’ they must piece together small and seemingly unrelated strains of evidence.
As CSO of Auth0, Joan Pepin is responsible for the holistic security and compliance of the company's platform, products, and corporate environment. Here, we talk to Pepin, who has focused her time on mentoring and advocating for women in cybersecurity and technology, working to reconstruct the notion that women should only work within their bounds, and encouraging women to reach higher and challenge the status quo. She actively supports, advises, and works alongside women in the cybersecurity industry including participating in organizations, like Women Who Code and Women in InfoSec.
The British Interactive Media Association (BIMA) recently revealed that tech workers are five times more likely to suffer from a mental health problem than the wider population.
Nominet’s latest CISO Stress Report has also revealed that almost nine in ten (88%) chief information security officers (CISOs) consider themselves under moderate to high stress levels. The same report revealed that CISOs lose on average $35 000 a year in unpaid overtime, while increased stress levels have resulted in a 26-month tenure on average.
Defending against insider threats is one of the biggest challenges an organization can face, and the COVID-19 pandemic has only made detection more challenging as remote employees continue to use virtual private networks (VPNs) to access sensitive company files and information. Here, we talk to Carolyn Crandall, Chief Deception Officer at Attivo Networks, to discuss how security teams can use deception technology to detect and prevent insider threat attacks.
There are few discussions in the physical security business that don’t at some point focus on the topic of cybersecurity. One area frequently missing from these conversations is the importance of a trusted supply chain for manufacturers. Since a product is only as good as the hardware and software inside it, examining how something is built can give us rapid insight into its potential vulnerabilities and overall cyber worthiness. The NDAA (National Defense Authorization Act) ban is particularly focused on the subject of component sourcing for security devices. What is inside that device that could be exploited? Where did it come from? What do we know about the manufacturing process? These are all important questions about the manufacturing supply chain that need to be considered by anyone who cares about cybersecurity.
Faced with this ransomware onslaught, organizations of all kinds need to rethink how they protect themselves. Part of that rethink means merging the need to provide better privacy protection for their employees with the necessity to protect themselves from the consequences of a ransomware attack exposing both customer and employee data. With federal agencies signaling the possibility of fines for complying with ransomware demands and the liability from exposing personally identifiable data likely to rise significantly, not doing so will soon be too costly to consider.