Your data’s in high demand: Can you protect your info and benefit from it too?

Everyone wants your data. Companies are collecting it, cybercriminals are stealing it, and you're left wondering how to keep it safe. Your personal information is valuable, and you deserve to benefit from it without putting your privacy at risk. How do you strike the right balance? In this month's issue of Code to Cloud, we're breaking down the threats to your data and sharing some tips to secure it, right from the experts.?

Do you know the value of your personal data??

In the right hands, your data can open doors to better experiences and tailored services. But in the wrong hands, it can be used against you. Are you missing out on the true value of your personal info??

On the Code to Cloud podcast, Jenny Brinkley , Director of Amazon Security at Amazon Web Services (AWS) , shared her perspective. Personal data, and your online interactions, can reveal a lot about who people are and what they like. “I really am curious to see how this year is going to unfold related to individuals understanding the value of that data,” Jenny said. Individuals should have more control over how their data is used, particularly in training AI models. This could mean having the ability to set preferences or restrictions on how personal data is utilized by companies, or it could mean individuals being compensated for the use of their data.

“I still think that people don't necessarily understand what they create and how valuable that is, but then how to protect themselves as they're operating within different technology stacks,” Jenny said.?

Listen to the full episode to hear more of Jenny’s advice.?

Streamlined and secure: How to accelerate release cycles

How can you make your release cycles more fast, reliable, and secure? On a recent episode of the Code to Cloud podcast, Immuta ’s CTO, Steven Touw , and CISO, Michael Scott , share some valuable lessons about integrating security early in the development process.?

“Shifting left may feel like more work in the short term, but it actually means less work in the long term,” Steve said.

Here are a few of the ways shifting left has brought Immuta long-lasting benefits:?

• Minimized distractions and context switching for engineers, so they can maintain their focus.?
• Moved to a two-week release cycle without compromising security reviews, which demonstrated scalability.?
• Reduced the number of vulnerabilities in their containers, simplifying customer conversations and showcasing security proficiency.?
• Empowered Immuta's engineering team to quickly assess and fix critical vulnerabilities within hours of receiving notifications, rather than reactively responding to customer inquiries.

Listen to their full episode to learn more about how Steve and Mike are working together to make security more efficient.?

Get ready: Your quick guide to new EU cyber regulations

By October 17, 2024, European Union member states must adopt NIS2 standards into their national laws. Soon after, DORA goes into effect in January 2025 and will affect most financial institutions in the EU. The deadlines are approaching quickly, leaving security leaders with little time to prepare — that’s why our team at Lacework has been collaborating with CISOs globally to understand the nuances of these new rules and create resources to help other cybersecurity leaders prepare for them. We've created a infographic to help you:

• Determine if NIS2 or DORA affects your company
• Identify necessary preparations for these regulations
• Understand the penalties for non-compliance

Check out the guide here.

*You should also consider seeking guidance from your counsel on this matter.

Hidden signals: Don’t miss the subtle signs of Windows compromises

The line between system compromise and effective defense often lies in the ability to detect, correlate, and interpret subtle signs of an intrusion. In a detailed examination of a recent Windows security incident, Tareq Alkhatib explored how Lacework Composite Alerts integrate weak signals — individually minor but collectively significant — to detect and alert about suspicious activities.? The attack utilized various tactics, including:?

• OS credential dumping: Targeting the Security Accounts Manager (SAM) database with tools like reg.exe to extract user credentials.
• WDigest manipulation: Exploiting legacy authentication protocols to store passwords in memory in clear text.
• Suspicious binaries and PowerShell commands: Monitoring for atypical command executions that indicate potential attacks.
• Log deletion: Cybercriminals often attempt to delete logs to cover their tracks, which highlights the importance of log integrity.
• Exploitation of Windows features: Attackers manipulate features like image file execution options and scheduled tasks to maintain presence and escalate privileges.

By automatically correlating these subtle cues into definitive indicators of malicious activity, Lacework significantly reduces false positives and enhances the speed of threat detection and response.

Read the full blog to learn how.

The Code to Cloud Monthly Digest is your go-to cloud security newsletter. What topics would you like us to cover in the next issue? Share your thoughts in the comments. ??