As security leaders gain increasing responsibility for cybersecurity, Security columnist John McClurg – Vice President and Ambassador-At-Large in Cylance’s Office of Security & Trust and former CSO at Dell; Vice President of Global Security at Honeywell International, Lucent Technologies/Bell
Laboratories – guides enterprise security executives through cybersecurity standards, frameworks, risks and management techniques.
A single application may have hundreds of thousands of vulnerabilities. Increasingly, cybercriminals are targeting people just as much if not more than the systems that underlie an infrastructure, which is why the trusted insider conundrum is exacting renewed attention. In most instances, they represent a cheaper and more accessible conduit to achieve one’s objective. What’s to be done?
As technology grows and advances, potential cyber threats grow with it. While this notion is nothing new, the current speed of innovation makes it more important than ever to consider the implications these developments will have on our cybersecurity capabilities — especially with cybercriminals becoming more sophisticated and more adept at using emerging blind spots to their advantage.
Over the last two years, ransomware has been, without a doubt, the hottest topic in cybersecurity discussions in both the cybersecurity community and the general population. Major attacks like the one on SolarWinds and against Colonial Pipeline have dominated headlines — and for good reasons.
The first RSA Conference took place 30 years ago. It was conceived by the then-CEO Jim Bidzos, and consisted of roughly 50 people in a room discussing cryptography – the focus area of that first assembly. By the turn of the millennium, the conference expanded internationally, reaching audiences in Europe, China, Singapore and Abu Dhabi. Ten years later in 2011, the RSA Conference boasted an impressive 18,500 attendees in the United States alone.
BlackBerry Limited released its 2021 BlackBerry Threat Report, detailing a sharp rise in cyberthreats facing organizations since the onset of COVID-19. The research shows a cybercrime industry which has not only adapted to new digital habits, but also become increasingly successful in finding and targeting vulnerable organizations.
Today, open-source code is everywhere. In fact, 99% of all codebases contain open-source code, and anywhere from 85% to 97% of enterprise codebases come from open-source. What does that mean, exactly? It means that the vast majority of our applications consist of code we did not write.
Someone of a cynical persuasion may think it was only a matter of time until ‘outsourcing’ came to the cybercrime business. While this inevitability may be debatable, the early success of the model certainly isn’t.
The SolarWinds cyber compromise makes Cyber Tactics’ columnist John McClurg reflect and rethink about nation-state adversaries, insider threats, spearphising, AI-machine-powered learning, crimeware-as-a-service and much more. Here, he takes a look at what risks persist within organizations and potential consequences.
Threat actors who phish see themselves as businesspeople, even if that business is illegal. They’re always seeking ways to maximize their profits, and with phishing, they know they can do that by better tailoring the email lure to resonate with the intended recipient.