RSA Conference

►

Profiles in Leadership: Rich Lindberg

Anna Delaney •  June 24, 2022

Rich Lindberg, CISO of JAMS, didn't set out to have a career in cybersecurity. Instead, he sought to make a living at what he enjoyed - programming. "I embraced fun," he says. Now he wants to help others do the same by growing the diversity of the industry workforce.

►

'When, Not If': Crafting Cyber Resilience Plans That Work

Mathew J. Schwartz •  June 24, 2022

To excel at cybersecurity incident response, start with planning, preparation and, ideally, regular tabletop exercises, say Kevin Li, CISO for MUFG Securities Americas, and Rocco Grillo, managing director of Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice.

►

How Security Risks Might Halt the Use of AI in Applications

Michael Novinson •  June 23, 2022

Modern applications and architectures are permeating more deeply into organizations to transform back-office functions as well as those that directly affect the customer experience, according to Kara Sprague, F5's executive vice president and general manager of application delivery.

►

How to Mitigate Emerging Security Threats Against the Cloud

Michael Novinson •  June 23, 2022

The need to secure cloud workloads and environments isn't new, but a surge of funding and attention has come to the sector over the past year. One of the most acclaimed cloud security startups has been Wiz, which in October raised $250 million on a $6 billion valuation.

►

How Ransomware Has Changed the Nature of Risk

Anna Delaney •  June 23, 2022

Ransomware has changed the risk landscape for suppliers and is forcing companies to reconsider their risk relationships, says Kelly White, co-founder and CEO of RiskRecon. He discusses the correlation between cyber hygiene, ransomware and data loss.

►

The State of Phishing and Email Security

Anna Delaney •  June 22, 2022

"Credential phishing is off the charts," says Tonia Dudley of Cofense. She discusses the challenge for organizations to strike a balance between having the right controls in place to block malicious emails and stopping the business from receiving legitimate emails.

►

Why Diversity Is the Defender's Greatest Weapon

Anna Delaney •  June 22, 2022

CISO Patricia "Patti" Titus says the cybersecurity sector is "still struggling" with the diversity and inclusion it requires. "The things we do really impact all of our end users, employees and customers," she says, so you need "the broadest skill set possible when you're making decisions."

►

Techniques to Improve Supply Chain Confidence

Anna Delaney •  June 22, 2022

Former ISACA board chair Rob Clyde shares highlights from ISACA's "Supply Chain Security Gaps: A 2022 Global Research Report," in which 25% of respondents say they experienced a supply chain attack last year, and offers recommendations for assessments and testing of software.

►

Securing Digital Payments in the Future

Anna Delaney •  June 21, 2022

Ten years from now, "the ability to transact on a global basis will continue," says Nick Coleman, CSO, real-time payments at MasterCard, who adds, "Maybe my car will buy stuff for me." Coleman discusses the future of digital payments and the technologies that can help secure that future.

►

The Future of Authentication Is Biometrics and Passwordless

Michael Novinson •  June 21, 2022

The need for more modern identity and access management capabilities such as biometric and passwordless authentication has been amplified by the COVID-19 pandemic and the shift to remote work, according to Forrester researchers Paul McKay and Merritt Maxim.

►

Essential Steps for Building a Risk Management Program

Anna Delaney •  June 20, 2022

When building an insider risk management program, don't start "too large or too quickly," says Randy Trzeciak of Carnegie Mellon University. He says the first step is to protect your organization's critical assets and services and then "build a risk program appropriate to those assets."

►

Legal and Litigation Trends in 2022

Anna Delaney •  June 20, 2022

Ronald Raether of Troutman Pepper says privacy, data security and information governance departments must collaborate to reduce unauthorized access to systems by criminals and make data operationalization more effective. He also says proper data mapping, governance and classification are critical.

►

How Can We Fill the Cybersecurity Education Gap?

Anna Delaney •  June 20, 2022

CTO Daniele Catteddu of the Cloud Security Alliance sees significant gaps in how the cybersecurity industry delivers education and training. For example, he says, while organizations are demanding Zero Trust services and guidance on implementation, the industry's offerings do not meet that demand.

►

How Can We Simplify Cyber Defense?

Anna Delaney •  June 20, 2022

The overlying problem in cybersecurity is scale and the complexity that comes from that scale, says Philip Reitinger, president and CEO of the Global Cyber Alliance. He says we need to simplify how we defend ourselves and "give individuals and companies products that meet them where they are."

►

Proposed SEC Rules Will Force Boards to Double Down on Cyber

Michael Novinson •  June 20, 2022

Publicly traded companies will need to beef up their cybersecurity knowledge since the the U.S. Securities and Exchange Commission is proposing rules and guidelines that would mandate more stringent oversight of cyber risk, says Roger Sels, former vice president of cyber solutions for BlackBerry.

►

Does Zero Trust Feel Too Overwhelming? Here's How to Start

Michael Novinson •  June 18, 2022

Evolving to a zero trust architecture can be overwhelming for organizations, leaving many unsure of where they should even start. Cloudflare Chief Security Officer Joe Sullivan urges CISOs to break the journey into bite-sized chunks that can be easily digested.

►

The Push on Capitol Hill for Passwordless Authentication

Michael Novinson •  June 17, 2022

Interest in passwordless authentication architecture continues to grow among U.S. government agencies and departments as they embrace more modern approaches to identity and access management, says Sean Frazier, federal chief security officer at Okta.

►

The Evolution of Phishing From Email to SMS and Voice Hacks

Michael Novinson •  June 17, 2022

Phishing is no longer restricted to just emails. As attackers broaden their arsenal, businesses today also need to be on the lookout for impersonation attempts via SMS text messages or voice calls, says Roger Grimes, a data-driven defense evangelist at KnowBe4.

►

How XDR Is Fulfilling the Promise that SIEM Never Did

Michael Novinson •  June 17, 2022

SentinelOne has expanded its detection and response capabilities beyond the endpoint in recent years with the acquisition of data analytics tech developer Scalyr and identity and deception technology vendor Attivo Networks, says Nicholas Warner, president of security.

►

Why Supply Chain Attackers Love Managed Service Providers

Mathew J. Schwartz •  June 17, 2022

Throughout the pandemic, more organizations have embraced managed service providers, but the same economies of scale that attract customers also make MSPs an increasing target of attackers, says Candid Wüest, vice president of cyber protection research at Acronis.

►

How Modern Tech Is Changing Vulnerabilities and Responses

Michael Novinson •  June 17, 2022

The proliferation of IoT devices and cloud has created a more vulnerable attack landscape, while technologies such as AI and deep learning can potentially thwart zero-day threats, says Itai Greenberg, chief strategy officer at Check Point Software Technologies.

►

Unexpected Pairings: Wine Tasting and Threat Intelligence

Mathew J. Schwartz •  June 17, 2022

In his spare time, ransomware expert Allan Liska recently became a certified sommelier. Branching out from his day job as principal intelligence analyst at Recorded Future, Liska says he's found numerous parallels between the deductive tasting process and threat intelligence.

►

Russia's Lie: It's Hardly Hitting Ukraine With Cyberattacks

Mathew J. Schwartz •  June 17, 2022

As the Russia-Ukraine war continues, many commentators continue to highlight the lack of Russian cyberattacks. But The Chertoff Group's Chad Sweet says Russian cyberattacks remain fast and furious, although Moscow continues to publicly downplay both the attacks and their relative failure.

►

Hydra Darknet Market: Threat Intelligence Lessons Learned

Mathew J. Schwartz •  June 17, 2022

Until its disruption earlier this year, the Russian-language Hydra marketplace was the world's largest darknet market. Studying how Hydra became such a success will be key to tracking and disrupting future darknet markets, says Ian Gray, senior intelligence director at Flashpoint.

►

Why Zero-Day Attacks on Open-Source Libraries Are Surging

Michael Novinson •  June 17, 2022

The discovery and subsequent exploitation of a critical zero-day vulnerability in Apache's Log4j open-source library has highlighted the importance of code security in today's threat landscape, says Steve Wilson, security chief product officer at Contrast.