August 09, 2022

August 09, 2022

Deepfakes Grow in Sophistication, Cyberattacks Rise Following Ukraine War

The use of deepfakes to evade security controls and compromise organizations is on the rise among cybercriminals, with researchers seeing a 13% increase in the use of deepfakes compared with last year. That's according to VMware's eighth annual "Global Incident Response Threat Report," which says that email is usually the top delivery method. The study, which surveyed 125 cybersecurity and incident response (IR) professionals from around the world, also reveals an uptick in overall cybersecurity attacks since Russia's invasion of Ukraine; extortionary ransomware attacks including double extortion techniques, data auctions, and blackmail; and attacks on APIs. "Attackers view IT as the golden ticket into an organization's network, but unfortunately, it is just the start of their campaign," explains Rick McElroy, principal cybersecurity strategist at VMware. "The SolarWinds attack gave threat actors looking to target vendors a step-by-step manual of how to successfully pull off an attack." He says that keeping this in mind, IT and security teams need to work hand in hand to ensure all access points are secure to prevent an attack like that from harming their own organization.


How CFOs and CISOs Can Build Strong Partnerships

“There is no substitute for regular communication,” he said. “In addition to the formal, structured channels, I have found it most helpful to just talk to Lena and her team about key initiatives, any issues concerning them, and overall trends in security and the business more broadly.” If possible, conversations between the CISO and chief financial officer should also include the chief privacy officer, said Raj Patel, partner and cybersecurity practice leader at consulting firm Plante Moran. “Each has a role in protecting data and assets,” he said. “The conversation can start simply by scheduling a meeting around it.” These talks should take place at least quarterly, according to Patel, and should not be focused solely on the budget. “We don’t fight a war on budgets but do what we need to defend ourselves,” he said. “When our organizations get attacked every day, we are in a war. Many finance executives focus on a budget and at times compare it to prior budgets. When it comes to cybersecurity, the focus needs to be on risk, and allocating financial resources should be based on risk.”


The cloud ate my database

The first version of PostgreSQL was released in 1986, and MySQL followed less than a decade later in 1995. Neither displaced the incumbents—at least, not for traditional workloads. MySQL arguably took the smarter path early on, powering a host of new applications and becoming the “M” in the famous LAMP stack (Linux, Apache, MySQL, PhP/Perl/Python) that developers used to build the first wave of websites. Oracle, SQL Server, and DB2, meanwhile, kept to their course of running the “serious” workloads powering the enterprise. Developers loved these open source databases because they offered freedom to build without much friction from traditional gatekeepers like legal and purchasing. Along the way, open source made inroads with IT buyers, as Gartner showcases. Then the cloud happened and pushed database evolution into overdrive. Unlike open source, which came from smaller communities and companies, the cloud came with multibillion-dollar engineering budgets, as I wrote in 2016. Rather than reinvent the open source database wheel, the cloud giants embraced databases such as MySQL and turned them into cloud services like Amazon RDS.


Everything CISOs Need to Know About NIST

When it comes to protecting your data, NIST is the gold standard. That said, the government does not mandate it for every industry. CISOs should comply with NIST standards, but business leaders can handle risk management with whichever approach and standards they believe will best suit their business model. However, federal agencies must use these standards. As the U.S. government endorses NIST, it came as little surprise when Washington declared these standards the official security control guidelines for information systems at federal agencies in 2017. Similarly, if CISOs work with the federal government as contractors or subcontractors, they must follow NIST security standards. With that in mind, any contractor who has a history of NIST noncompliance may be excluded from future government contracts. The Cybersecurity Framework is one of the most widely adopted standards from NIST. While optional, this framework is a trusted resource that many companies adhere to when attempting to reduce risk and improve their cybersecurity systems and management.?


What Does The Future Hold For Serverless?

In production-level serverless applications, monitoring your application is paramount to your success. You need to know if you’ve dropped any events, where the bottlenecks are, and if items are piling up in dead letter queues. Not to mention you need the ability to trace a transaction end to end. This is an area that is finally beginning to take off. As more and more serverless production workloads are coming online, it is becoming increasingly obvious there’s a gap in this space. Vendors like DataDog, Lumigo, and Thundra all attempt to solve this problem - with pretty good success. But it needs to be better. In the future we need tools like what the vendors listed above offer, but with optimization and insights built-in like AWS Trusted Advisor. We need app monitoring to evolve. When we hear application monitoring, we need to assume more than service graphs and queue counts. Application monitoring will become more than fancy dashboards and slack messages. It will eventually tell us we provisioned the wrong infrastructure from the workload it sees.


Cybersecurity on the board: How the CISO role is evolving for a new era

More and more businesses agree. Gartner's survey of board directors found that 88% view cybersecurity as not only a technical problem for IT departments to solve, but a fundamental risk to how their businesses operate. That’s hardly surprising, given the recent history of hacks against private businesses. ... Ensuring the CISO has a seat on the board is one way of ensuring a company has a firm handle on how to handle these risks to the business. Even so, says Andrew Rose, resident CISO at security company Proofpoint, they should be careful in how they communicate their concerns. “The 'sky is falling' narrative can be used once or twice, but after that, the board will become a bit numb to it all,” Rose explains. Forcing boards to prioritise cybersecurity should instead be done through positive affirmation, argues Carson - and, ideally, be framed in how shoring up the company’s defences will help it perform better in the long term. “You need to show them how this is going to help the business be successful, how it will help employees to do their jobs better, provide value to the shareholders, [and] return an investment,” he says.

Read more here ...

要查看或添加评论,请登录

Kannan Subbiah的更多文章

  • March 20, 2025

    March 20, 2025

    Agentic AI — What CFOs need to know Agentic AI takes efficiency to the next level as it builds on existing AI platforms…

  • March 19, 2025

    March 19, 2025

    How AI is Becoming More Human-Like With Emotional Intelligence The concept of humanizing AI is designing systems that…

  • March 17, 2025

    March 17, 2025

    Inching towards AGI: How reasoning and deep research are expanding AI from statistical prediction to structured…

  • March 16, 2025

    March 16, 2025

    What Do You Get When You Hire a Ransomware Negotiator? Despite calls from law enforcement agencies and some lawmakers…

  • March 15, 2025

    March 15, 2025

    Guardians of AIoT: Protecting Smart Devices from Data Poisoning Machine learning algorithms rely on datasets to…

    1 条评论
  • March 14, 2025

    March 14, 2025

    The Maturing State of Infrastructure as Code in 2025 The progression from cloud-specific frameworks to declarative…

  • March 13, 2025

    March 13, 2025

    Becoming an AI-First Organization: What CIOs Must Get Right "The three pillars of an AI-first organization are data…

  • March 12, 2025

    March 12, 2025

    Rethinking Firewall and Proxy Management for Enterprise Agility Firewall and proxy management follows a simple rule:…

  • March 11, 2025

    March 11, 2025

    This new AI benchmark measures how much models lie Scheming, deception, and alignment faking, when an AI model…

  • March 10, 2025

    March 10, 2025

    The Reality of Platform Engineering vs. Common Misconceptions In theory, the definition of platform engineering is…

社区洞察

其他会员也浏览了