Week in review: The data skills gap, new Kali Linux release, Apache Solr RCEs with public PoCs

Here’s an overview of some of last week’s most interesting news and articles:

The overlooked part of an infosec strategy: Cyber insurance underwriting
When a data breach or cyber attack hits the headlines one of the last things businesses are likely to consider is how cyber insurance could helped.

Free download: Botnet and IoT Security Guide 2020
The Council to Secure the Digital Economy (CSDE), a partnership between global technology, communications, and internet companies supported by USTelecom—The Broadband Association and the Consumer Technology Association (CTA), released the International Botnet and IoT Security Guide 2020, a comprehensive set of strategies to protect the global digital ecosystem from the growing threat posed by botnets, malware and distributed attacks.

Preventing insider threats, data loss and damage through zero trust
Whether they are malicious actors focused on stealing proprietary information and data for profit or personal agenda or legitimate users with excess privileges and/or insufficient expertise who inadvertently wreak havoc, insiders can cause serious damage to organizations.

Kali Linux 2019.4 includes new undercover mode for pentesters doing work in public places
The new release includes several new features, including a new default desktop environment, a new theme and a new undercover mode for pentesters doing assessment work in public places.

Pain points for CTOs: A primer of the most stressful aspects of the job
Not so long ago, CTOs focused heavily on IT operations and their organization’s technology and design expansion. Now, much of their time is spent on business development and raising bottom lines.

Developers worry about security, still half of teams lack an expert
While nearly 75% of developers worry about the security of their applications and 85% rank security as very important in the coding and development process, nearly half of their teams lack a dedicated cybersecurity expert, according to WhiteHat Security.

CVE gap widens: 16,738 vulnerabilities disclosed during the first nine months of 2019
Risk Based Security’s VulnDB team aggregated 16,738 newly-disclosed vulnerabilities during the first three quarters of 2019 which surpassed CVE/NVD by 5,970 during the same period.

There’s no way to fill the data skills gap, what now?
A recent survey of 100 UK CIOs found that 76% are worried about recruiting the IT staff they need to remain competitive. They’re right to be worried. The European Commission estimates that 100,000 new data-related jobs will be created by the end of next year – and we don’t even have the data scientists to cope with the roles that exist today.

Apache Solr RCEs with public PoCs could soon be exploited
Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server.

How can financial institutions prevent shopping season fraud?
Black Friday and Cyber Monday are two of the years’ busiest shopping days. For consumers and retailers alike, it marks the beginning of the winter holiday shopping season, as well as a time when organizations have to do their best to prevent shopping season fraud.

Smart car security: Good practices to improve car safety
Previous attacks on smart cars helped raise automotive industry awareness of the security needs and led to the development of several cybersecurity regulations and initiatives aimed at ensuring secure vehicles.

Five cybersecurity certifications that provide value to employers
Here are a few guiding thoughts on how both cybersecurity hopefuls and current employers should be thinking about professional certifications.

Data security and automation top IT projects for 2020, AI not a priority
Data security and automation are the top IT projects for 2020, while artificial intelligence projects are not in the top 10 for IT professionals, according to Netwrix.

SoniTalk: A new method for near-field communication
The technology is available for free and – contrary to similar technologies – focuses on security and data protection. In this way, SoniTalk leaves it up to the users to decide which apps and devices are allowed to communicate via ultrasound, and in which cases.

Cybercriminals targeting e-commerce website vulnerabilities this holiday season
Expect unprecedented levels of online data theft this holiday season due to a lack of deployed client-side security measures.

Port cybersecurity: Safeguarding operations against cyber attacks
Port stakeholders are facing more and more cybersecurity challenges with the emergence of new threats, regulations and increased digitalization.

Most businesses have yet to allocate a CCPA compliance budget
Only 15% of organizations report having a mature approach to data privacy, 59% have yet to allocate budget to CCPA compliance, and 58% are currently using or will look to implement machine learning-driven systems to improve manual processes for data security, Egress reveals.