The threat posed by software supply chain attacks is growing, but organizations can take steps to minimize the risks. Trey Herr of the Atlantic Council outlines ways to gain more insight into supply chain problems.
Chris Kubic, former CISO of the National Security Agency, describes how deception technology can change the defensive landscape: "Where deception comes into play is for the unknown threats, the things that are either an attack you haven't seen before or the attacker evolved their technique."
The physical breach of the U.S. Capitol by a violent mob, members of which allegedly accessed lawmakers' systems and stole devices, offers cybersecurity professional lessons to learn on authentication, encryption and more, says cybersecurity expert Brian Honan.
Nearly all TVs sold today are smart TVs that connect to the internet, which holds the potential for security problems. An Australian security researcher explains how he found two flaws in smart TVs from the manufacturer TCL.
In 2020, the "zero trust" conversation evolved from "What is it?" to "How do we achieve a zero trust architecture?" Chase Cunningham, principal analyst serving security and risk professionals at Forrester, offers an outlook for what we can expect in 2021.
What's needed to make a shift from traditional IAM to CIAM? To start, an organization needs to look at fraud detection solutions and risk-based authentication technologies such as device intelligence and behavioral biometrics, says David Britton of Experian.
The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ. The attack surface management expert details lessons all organizations must learn in the wake of this "unprecedented" attack.
He's commanded armed forces, directed the National Security Agency, and now he is president of vendor IronNet Cybersecurity. From this unique perspective, retired General Keith Alexander says the SolarWinds breach is "a call for action."
In the wake of the SolarWinds breach, NIST's Ron Ross has turned his attention to systems security engineering - and the reality that the adversaries are exploiting it to their advantage better than the defenders are. This disparity, Ross says, has to change.
In 2011, Sam Curry headed the response team for RSA's then-landmark breach. Today, as CSO at Cybereason, he looks at the SolarWinds supply chain attack and sees similarities - but also is struck by "the scale, the scope, the subtlety" of the incident.
Philip Reitinger has held senior cybersecurity leadership roles in both the public and private sectors. He's seen big breaches. And he says what he sees so far in the SolarWinds attack may be just the "tip of the iceberg" in terms of government and business entities that have been compromised.
He was the first U.S. federal CISO, and before that he was an Air Force general. So when Gregory Touhill reacts to the coordinated supply chain attack on SolarWinds, he does so in military terms. His message to the global cybersecurity community: "Shields up."
The supply chain attack targeting SolarWinds was planned for months and intensified since the November election, says Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black. "Unprecedented" is how he describes the scale of the attack and level of sophistication.
Cybersecurity is a legitimate - and significant - business risk, and it's time to frame the topic appropriately, says Robert Hill, CEO of Cyturus. He shares insight on how to discuss cyber risk appropriately with C-level leadership and the board of directors.