Return on investment: is it worth the money? That is the central question both government and industry in deciding on any procurement. Demonstrating ROI on cybersecurity products is notoriously difficult and is one of the underlying reasons for the poor state of our nation’s cybersecurity posture.
Artificial intelligence (AI) is used all around us and if you’ve used some sort of voice activated technology to make your life easier, then there was likely some element of AI involved. Some of the most notable examples include Siri, Amazon Alexa, Google Assistant and Tesla semi-autonomous vehicles. Individual consumers no longer have to fumble around in the dark to flip the light switch at home, manually search playlists for songs, or type in a password to get into smartphones.
“The best defense is a good offense.” History credits Revolutionary War hero George Washington with being among the first to vocalize this concept, later famously echoed by heavyweight boxing champ Jack Dempsey and football god Vince Lombardi. And it’s easy to see what they mean.
With or without a security operations center, and whether your network is on premises, in the cloud, or a hybrid, you need to determine which events and indicators correlate with cyber attacks. Organizations these days face a wider range and greater frequency of cyber threats than ever before.
There are many rewards to being a world class cybersecurity solutions provider at a time when demand for effective solutions is exponentially greater than the existing supply – and getting greater by the minute. But, perhaps the greatest reward is to be asked to model best practices and product capabilities for the greater good of business and missions in a world class lab. Better yet, to collaborate with the most widely recognized standards body in the world to establish such a model.
RSA is arguably the biggest business-focussed cyber security event of the year. As over 40,000 security professionals completely take over the Moscone Centre in San Francisco. Of course, one of the biggest changes this year was a case of the blues - as AlienVault made its transition into AT&T Cybersecurity. There were smiles all around, and the now blue blinky sunglasses remained a favourite across our two booths.
Cross-site scripting (XSS) is a common vulnerability that is carried out when an attacker injects malicious JavaScript into a website, which then targets the website’s visitors. By doing so, the attacker may gain access to users’ cookies, sensitive user information, as well as view and/or manipulate the content that is shown to the user. This is not another article explaining what XSS is, why it is a security issue and how to fix it because we have already covered that.
Computers are making humans now. Sort of. In a recent discussion at Bulletproof, someone casually mentioned ‘thispersondoesnotexist.com’. It’s a fairly harmless experiment in which AI randomly generates an image of a person who does not exist, thus solving the mystery of the name. This has since prevented me from sleeping at night, not least because I have turned up on it more than once.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Biometrics again. Here’s the thing, you get the consumer all fired up and (as the article says) actually put in some good kit saying this is reliable, and then further down the line substitute it for something that is not so great; will the consumer be aware of the down grade? Most likely not. As with all authentications, biometrics included, don’t rely on just one key…
Higher education finds itself facing a threat to its financial security even larger than student retention – data breaches. As colleges and universities begin to adopt mobile technologies, they also find themselves increasingly targeted by malicious actors. Understanding the recent security breaches impacting the industry can educate institutions about information security.
