Week in review: Outdated open source, the role of the lawyer in cybersecurity


Here’s an overview of some of last week’s most interesting news, articles and interviews:

The changing role of the CCO: Champion of innovation and business continuity
In this interview with Help Net Security, Simon Winchester, VP Worldwide Advanced Technologies at Jumio, talks about the changing role of the chief compliance officer (CCO) and how to alleviate some of its burdens in today’s highly regulated world.

81% of codebases contain known open source vulnerabilities
Synopsys released a report which examines the results of more than 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, and highlights trends in open source usage within commercial and proprietary applications and provides insights to help developers better understand the interconnected software ecosystem.

4 steps for building an orchestrated authorization policy for zero trust
There is a great deal of emphasis placed on the zero-trust approach with respect to access. Looking beyond authentication (the act of verifying that someone is who they say they are), evaluating authorization is just as important as it determines what someone can do with that access.

How ready are organizations to manage and recover from a ransomware attack?
Zerto announced the findings of a ransomware study, revealing that gaps in readiness are seriously impacting the ability of many organizations to manage and recover from attacks.

Moving towards defense in depth under the gray skies of conflict
The war in Ukraine is in the second month of bloodshed and the broader impact of the conflict is being felt across the globe, as markets react to increased fuel prices and the consequences of Russia’s growing political and economic isolation.

The state of coordinated vulnerability disclosure policies in EU
The European Union Agency for Cybersecurity (ENISA) publishes a map of national coordinated vulnerability disclosure (CVD) policies in the EU Member States and makes recommendations.

The evolving role of the lawyer in cybersecurity
Cybersecurity is one of the most dynamic fields of law. Long gone are the days when organizations could rely entirely on defensive measures within their own environments for protection: effective threat intelligence and threat hunting programs can take the fight from behind the firewall directly to the adversaries themselves – with lawyers playing a crucial role on the front lines.

The price of an accelerated digital transformation
F5 announced a report which shows the challenges organizations face as they transform IT infrastructures to deliver and secure digital services that have become inseparable from everyday activities, such as completing job tasks or consulting a doctor.

Slow deployment is hampering fraud prevention. What gives?
In May, Okta finalized its acquisition of Auth0 for $6.5 billion. Every company loves to add a shiny new toy to its arsenal, but this move sent a clear message to enterprise vendors: adopt a DevOps-style deployment model or cease to exist.

60% of BYOD companies face serious security risks
When employees began bringing shiny, new smartphones into the office in the late 2000s, many business and IT leaders spotted an opportunity.

The Great Resignation meets the Great Exfiltration: How to securely offboard security personnel
“The Great Resignation” is a phenomenon that has greatly impacted how we work. As of August 2021, 65% of people in the United States were looking for a new job and 25% of them actually quit.

Spreading malware through community phishing
In this video for Help Net Security, Maor Hizkiev, Senior Director Software Engineering at Datto, talks about a recently analyzed community phishing campaign revolving around Nvidia.

DaaS might be the future of work
The move to hybrid work is on. And to support and accelerate it, IT executives are counting on Desktop as a Service (DaaS).

Digital ID verification: Using a mobile device to prove your identity
It’s important to understand that passwords are not passports. Using biometrics, which is a great security advancement, is not the same as identity, says Leonard Navarro, VP of Business Development at Nametag.

How fast do cybercriminals capitalize on new security weaknesses?
Threat intelligence analysts at Skybox Research Lab uncovered a 42% increase in new ransomware programs targeting known vulnerabilities in 2021.

Crypto-related phishing and how to avoid it
In this video for Help Net Security, Michael Aminov, Chief Architect at Perception Point, talks about a recent Binance impersonation attack and, more broadly, the ongoing threat landscape impacting the cryptocurrency industry.

IT leaders require deeper security insights to confidently manage multi-cloud workloads
Gigamon released recent findings from a Pulse.qa study which surveyed IT and InfoSec leaders to identify challenges associated with advancing their multi-cloud strategies.

What’s a vCISO and why does your company need one?
In this video for Help Net Security, Jeff Hoskins, vCISO at BARR Advisory, explains the concept of a vCISO, which stands for virtual chief information security officer, and describes the services that a vCISO might provide.

Financial leaders grappling with more aggressive and sophisticated attack methods
VMware released a report which takes the pulse of the financial industry’s top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector.

Vulnerabilities that kept security leaders busy in Q1 2022
In this video for Help Net Security, Yotam Perkal, VP of Research at Rezilion, talks about the most critical vulnerabilities published during Q1 2022, and the relevant remediation and mitigation steps you need to take.

The state of open-source software supply chain security in 2022
In this video for Help Net Security, Donald Fischer, CEO at Tidelift, talks about the state of open-source software supply chain security in 2022.

PCI DSS 4.0: Meeting the evolving security needs of the payments industry
In this video for Help Net Security, Sean Smith, Practice Manager, PCI Advisory Services at Optiv, discusses the new PCI DSS 4.0 requirements.

How to improve the efficiency of enterprise backup
In this video for Help Net Security, Eric Seidman, Senior Director Product Marketing at Veritas Technologies, talks about improving the efficiency of enterprise backup in connection to Earth Day 2022.

State of Pentesting 2022 report: Interactive event and open discussion
In The State of Pentesting 2022 Report, Cobalt studied data from 2,380 pentests and surveyed 602 cybersecurity and software development professionals.

Product Showcase: Keeper Security’s Enterprise Password Management platform
People often speak of cybersecurity as a technology challenge. But protecting data and IT infrastructure is also very much a matter of human behavior.

New infosec products of the week: April 22, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Arcanna.ai, Finite State, Hillstone Networks, Prevailion, and Vicarius.

More about

Don't miss