Week in review: The state of maritime cybersecurity, zero trust architecture challenges

Here’s an overview of some of last week’s most interesting news, articles and interviews:

Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)
A critical vulnerability (CVE-2021-34746) that affects Cisco Enterprise NFV Infrastructure Software (NFVIS) has been patched and Cisco is urging enterprise admins to quickly upgrade to a fixed version, as proof-of-concept exploit code is already available.

Ransomware gangs target organizations during holidays and weekends
Ransomware gangs may take advantage of upcoming holidays and weekends to hit US organizations, the FBI and the CISA have warned.

Vulnerabilities allow attackers to remotely deactivate home security system (CVE-2021-39276, CVE-2021-39277)
A DiY home security system sold to families and businesses across the US sports two vulnerabilities (CVE-2021-39276, CVE-2021-39277) that, while not critical, “are trivially easy to exploit by motivated attackers who already have some knowledge of the target,” Rapid7 warns.

How do I select a hardware security module for my business?
To select a suitable hardware security module for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

Serverless security market size to reach $5.1 billion by 2026
The serverless security market size to grow from $1.4 billion in 2021 to $5.1 billion by 2026, at a CAGR of 29.9% during the forecast period, according to MarketsandMarkets.

Why companies should never hack back
After major cyberattacks on the Colonial Pipeline and on meat supplier JBS, the idea of allowing companies to launch cyberattacks back at cyber criminals was proposed. This prompted a hot debate amongst government and industry leaders on the feasibility and risks of adopting a retaliatory stance.

Consumers value privacy more than potential savings when purchasing insurance
A recent survey by Policygenius explored consumer sentiment toward new tech being deployed by home and auto insurance companies.

Operationalize AWS security responsibilities in the cloud
In this interview with Help Net Security, Doug Yeum, Head of AWS Partner Organization, AWS, talks about the benefits of this program, and what it takes to become a partner.

How enterprises use security operations to modernize their business
CyberRes published a report which provides insights into how enterprises are utilizing security operations to modernize their business, secure the digital value chain and systematically address modern threats to achieve greater enterprise resiliency.

The consumerization of the Cybercrime-as-a-Service market
The Cybercrime-as-a-Service (CCaaS) market has matured over the past few years. What began as a few lone rogue hackers selling zero-days and user credentials in IRC chatrooms or darknet forums has now evolved into professional and commercial entities.

File upload security best practices rarely implemented to protect web applications
Despite a marked increase in concerns around malware attacks and third-party risk, only 8% of organizations with web applications for file uploads have fully implemented the best practices for file upload security, a report from OPSWAT reveals.

Cyber threats, passenger vessels and superyachts: The current state of play
In this interview with Help Net Security, Peter Broadhurst, Maritime Senior VP Safety, Security, Yachting and Passenger, Inmarsat, talks about the impact of cyber threats on passenger vessels and superyachts, and provides an inside look at maritime cybersecurity today.

Debunking myths about consumer expectations around mobile apps security
Appdome has released a global consumer survey which provides comprehensive insight into the complex and sophisticated security, malware and threat-defense expectations of mobile consumers in the United States, Europe, Latin America and Asia.

The cybersecurity metrics required to make Biden’s Executive Order impactful
For too long, both the private and public sectors have not prioritized cybersecurity efforts enough and only acted in “good faith” – an inadequate effort to improve cybersecurity. Recently, President Biden issued the Executive Order on Improving the Nation’s Cybersecurity, to set government standards and best practices for cybersecurity across sectors, and it is good to see the focus on automation.

Cybersecurity awareness is one of the skills needed for a post-pandemic economy
“Digital collaboration” and “critical thinking” are among the modern skills workers need for the post-pandemic economy, according to a new report. Questionmark is calling on employers to measure strengths and weaknesses across the workforce.

Using zero trust to mitigate 5G security challenges
In this interview with Help Net Security, Chris Christou, Vice President at Booz Allen Hamilton, talks about evolving 5G security issues, leveraging zero trust, as well as implementing 5G security.

Increase in credential phishing and brute force attacks causing financial and reputational damage
Abnormal Security released a report which examines the escalating adverse impact of socially-engineered and never-seen-before email attacks, and other advanced email threats—both financial and reputational—to organizations worldwide.

The cybersecurity of industrial companies remains low, potential damage can be severe
Positive Technologies released a research that examines information security risks present in industrial companies, the second-most targeted sector by cybercriminals in 2020. Among key findings, an external attacker can penetrate the corporate network at 91% of industrial organizations, and penetration testers gained access to the industrial control system (ICS) networks at 75% of these companies.

Finding and using the right cybersecurity incident response tools
Unpacking the layers of a cyberattack is rarely a simple task. You need to analyze many potential entry points, attack paths, and data exfiltration tactics to reveal the scope of what took place—all while the culprits are potentially taking steps to cover their tracks.

CPaaS market to exceed $5 billion in 2021
Data from Synergy Research Group shows the CPaaS market continues to demonstrate strong market growth. This momentum provides a solid foundation for increased development of communication and software technologies, creating and enhancing new customer interactions and experiences.

Critical infrastructure today: Complex challenges and rising threats
In this interview with Help Net Security, threat expert Joe Slowik, Senior Manager at Gigamon, discusses the challenges involved in securing critical infrastructure, the rise in attacks, as well as the evolution of the threat landscape.

New standard enhances the cybersecurity of pipeline control systems
The American Petroleum Institute (API) published its 3rd Edition of Standard (Std) 1164, Pipeline Control Systems Cybersecurity, underscoring the natural gas and oil industry’s ongoing commitment to protecting the nation’s critical infrastructure from malicious and potentially disruptive cyber-attacks.

Out with the old, in with the new: From VPNs to ZTNA
Recent years have witnessed huge advancements in network technologies, with new challengers to the well-established VPNs. The biggest contender in the opposing corner is zero trust network access (ZTNA). With its “authenticate, then trust” approach (compared to VPNs’ trust of IP addresses), ZTNA is becoming an increasingly mainstream choice among businesses.

Getting ahead of a major blind spot for CISOs: Third-party risk
Today, organizations, government and the cybersecurity industry are taking this supply-chain challenge head-on to make this blind spot a bit clearer. From ‘trust but verify’ approaches to ensure better security posture from third-party vendors to implementing more rigorous DevSecOps protocols to ensure security is top of mind from end to end, both organizations and the industry are establishing new standards for their third-party vendors.

Webinar: Practical steps to build a risk-based application security program
Your executives don’t care about security – they care about risk! Join to hear the latest research from a guest speaker, Sandy Carielli, Principal Forrester Analyst, on the role of the security team in building secure products. This will be followed by a roundtable discussion about how to build a risk-based application security program.

eBook: Aligning cyber skills to the MITRE ATT&CK framework
MITRE ATT&CK has become the go-to framework in understanding and visualizing cyber threats and risk. Today its application in identifying the effectiveness of security technologies and processes is widespread, but there are also huge potential advantages in mapping the skills of security teams with threat actor tactics and techniques in MITRE ATT&CK.

New infosec products of the week: September 3, 2021
Here’s a look at the most interesting product releases from the past week, featuring releases from Absolute, Anomali, Cyware, Query.AI and Red Sentry.




Share this