Due to COVID-19 concerns, many United States Government (USG) personnel must now operate from home while continuing to perform critical national functions and support continuity of government services.
Sitting on the frontlines as a red-teamer, people regularly ask me, “Should I do a pentest or hire a red team?” But that’s not the question they should be asking.
Organizations need to enhance current technical security controls to mitigate against the threat of deepfakes to the business. Training and awareness will also need revamping with special attention paid to this highly believable threat.
Hackers will always exploit a crisis, and the coronavirus outbreak is no different. Since January, cybercriminals have leveraged the COVID-19 pandemic to stage all manner of cyberattacks, from ransomware take-overs of hospital systems to private network hacking. But the latest cybercrime scheme exploits the greatest cybersecurity vulnerability of all: human emotion.
Threat actors launched a cyberattack against the Texas Office of Court Administration, the IT provider for many Texas courts, and encrypted their computer systems with ransomware, leaving those systems useless. Cognizant, which has a large presence in Dallas-Fort Worth and is one of the world’s largest and most sophisticated providers of information technology services for other companies, was hit with ransomware with losses currently estimated between $50 million and $70 million.
There is a trade-off between technology innovation and security. The adoption of emerging technologies like 5G will fuel the proliferation of Internet of Things (IoT) which are often built with basic security controls, creating a larger attack surface. At the same time, reliance on data means that data breaches can cause greater damage.
Times have changed and the way we do business will never be the same. The recent pandemic has highlighted health-related risks to organizations of all kinds.
The new NIST standards for IAST and RASP are a testament that outside-in AppSec approaches are antiquated, inefficient, and ineffective. Security instrumentation is more than a paradigm shift of the future—it is an opportunity for today.
One of the best-known brands in the realm of electrical and electronic equipment isn’t a manufacturer, a distributor or a dealer. It’s UL, a certification organization that verifies the safety of the products it tests.
Although it is tempting to think of breaches as being exclusively caused by malicious cybercriminals hacking corporate networks, the truth is that a significant portion are caused—or least facilitated—by insiders.
RSS
