Why we need to downplay intense rivalries — to improve cybersecurity

January 2nd, 2017

By Byron Acohido

Imagine if no one in your organization felt compelled to compete for an operating budget, and each and every employee fully understood and embraced cybersecurity best practices?

Sound like a far-fetched fantasy? A security consultancy called New Context Services actually is promoting this radically new type of corporate culture, which it calls “lean security.”

An e-book outlining New Context’s “Lean Security Principal of Awareness” is being prepared for release at the giant RSA cybersecurity conference in February in San Francisco.

Ben Tomhave, security architect for New Context Services, recently gave a preview at the DevOps Connect conference in Seattle. I sat down with him just before he presented. Here’s a synopsis of our conversation. Text editing for clarity and length.

LastWatchdog: Cyber exposures continue to expand, with no end in sight.

Ben Tomhave: Every time we introduce a new platform, we seem to start at square zero, and assume security eventually will come into play. Companies are creating IoT products and not thinking about doing security by default, for instance. It’s not because there is a lack of security technologies, or a lack of standards, …more

 

Why dormant SSH keys represent a nightmarish exposure

By Byron Acohido

cybersecurity150pxA nightmarish new exposure affecting virtually all major networks is just beginning to get the attention of the security community.

It involves a fundamental networking protocol—Secure Shell, or SSH. Invented in 1995 by a Finnish programmer named Tatu Ylönen, SSH is an encrypting routine that enables one software application to securely connect and transfer data to the next. Currently, Ylönen is CEO of SSH Communications Security, which develops …more

How open source flaws pose a rising threat to all businesses

By Byron Acohido
120316_DDos screen175pxArguably the biggest security blind spot in just about every business network is something too few security executives are aware of, much less focusing on: open source software vulnerabilities.

This truism first rose to the fore in 2014 with the flurry of malicious activity following the discovery of gaping defects in three innocuous open-source protocals: Heartbleed, Shellshock and POODLE.

And today, a long know vulnerability in open-source JBoss …more

Machine learning shows promise for improving cyber defenses

By Byron Acohido

cyberattacks_175pxLAS VEGAS — The cyber security sector  generates mountains of data.

Security Information & Event Management, or SIEM, systems, like Splunk, generate logs of all network traffic. Threat data pours in from next generation firewalls, endpoint security systems, intrusion prevention and  detection systems and vulnerability management systems. A growing crop of threat intelligence vendors are coming up with innovations to make better use of this ocean of threat data.

The key …more

Ransomware rampage takes aim at business targets

By Byron Acohido

sh_ransomware_7501_250pxConsumers are no longer the prime target of ransomware campaigns. After years of petty thievery on a global scale – locking up the computer screens of millions of consumers with scams to sell bogus $79 antivirus clean-up services  –  they’ve turned their attention to much bigger fish.

The opening quarter of this year saw a 7 percent  rise  in registration of websites set up exclusively to host ransomware campaigns, …more

Why ‘Shadow IT’ must be addressed

120316_DDos screen175pxBy Byron Acohido

By-passing the IT department in to order begin utilizing the hottest new technologies is something tech-savvy employees have been doing since the inception of corporate networks. Most often, these workers aren’t maliciously motivated. They are simply intolerant of plodding decision-making and so take it into their own hands to acquire and begin using nifty new tools  they believe will help them become more productive.

This dynamic — variously referred …more

Why network perimeters need to be redefined in the age of cloud computing

By Byron Acohido

OLYMPUS DIGITAL CAMERAThe rising business use of cloud services and mobile devices has opened a Pandora’s box of security exposures.

Software as a Service (SaaS) tools like Salesforce.com, Gmail, Office 365 and Dropbox, as well as social media sites like Facebook, LinkedIn and Twitter, are all being heavily leveraged by companies large and small to boost productivity and collaboration.

This trend also has opened up a whole new matrix of access …more