From the Winter 2022 Issue

How to Reduce the Risk of Cyber-Attacks on Global Supply Chains

Author(s):

Amy Nelson, Chair of TCG’s PC Client Work Group, Trusted Computing Group (TCG)

The number of cyber-attacks attempting to compromise global industry supply chains are on the rise, and a new survey by BlueVoyant found that 97 percent of global firms have been impacted by a cybersecurity breach in their supply chain in the past 12 months. Not only that, but 95 percent of respondents said their organizations … Read more

From the Fall 2021 Issue

Why We Haven’t Solved the Problem of Too Many Software Bugs

Author(s):

James Everett Lee, Chief Operating Officer, The Identity Theft Resource Center

Software Bugs

If you needed a microcosm of the challenges currently facing the cybersecurity world, three events in the summer of 2021 summed it up well: Oracle and Microsoft (and others) issued patch updates to fix the usual number of CVEs. Gartner predicted a record level of global cybersecurity investment this year. A group of application security … Read more

From the Fall 2021 Issue

A Software Bill of Materials Is Critical for Comprehensive Risk Management

Author(s):

Dr. Georgianna Shea, Chief Technologist for Center on Cyber and Technology Innovation and TCIL, The Foundation for Defense of Democracies

A software Bill of Material

Executive Summary Very little software is entirely original. Software developers use existing, open-source, and commercially available software components to create new products. On average, 75 percent of a software product is open-source code, according to the 2021 Open-Source Security and Risk Analysis Report. This presents a cyber-risk management problem. The customer cannot effectively manage assets … Read more

From the Fall 2021 Issue

Exploring the Differences Between Bug Hunters and Pentesters

Author(s):

Aditya Agrawal, Core Lead Pentester, Cobalt

Exploring The Differences Between Bug Hunters and Pentesters

In the following, we’ll talk about how to transition from a Bug Hunter to a Pentester. It’s important to note that this content is intended to be an objective comparison with a real person’s experiences. These professions have individual pros/cons that add value to the security industry as a whole.  It’s not uncommon to meet … Read more

From the Fall 2021 Issue

Some Risks We Must Accept

Author(s):

-Larry Letow, President, U.S. Region, CyberCX

Justin Petitt, Director of Cybersecurity, Systems Engineering Solutions Corporation

RISK

“Is that a new breach? Or is it the same one we’re still talking about?” If you think you’re hearing about a company getting hacked almost every day, that’s because you’re paying attention; there were over 1,300 significantly damaging breaches of large businesses last year. That’s more than three per day on average, and that’s … Read more

From the Summer 2021 Issue

Mobile Endpoint Security: How Secure is Your Organization Against Mobile Threats in the Remote Work Era?

Author(s):

Abitha Devi R, Product Specialist, ManageEngine

ManageEngine - Mobile Endpoint Security

Over a year ago, workforces across the globe were required to work from home to ensure their safety during the pandemic. This meant that IT administrators spent a majority of 2020 trying to figure out the best way to connect a distributed workforce while maintaining the overall security of their organization’s network. The organizations that … Read more

Safe Apps: How Can You Tell?

Author(s):

Caleb Townsend, Staff Writer, United States Cybersecurity Magazine

Safe App, Kids safety, kid on Ipad, cybersafe

StandHogg Hits Google Store According to Forbes, Google Android Threats continue to permeate through malware ridden apps that may affect many Android users. Researchers at the Norwegian app security company Promon claim that safe apps can be corrupted through dangerous vulnerabilities. In this particular case, the vulnerability, being dubbed “StrandHogg”, allows dangerous malware to pose … Read more

Emergency Actions After Hacking

Author(s):

Isabell Gaylord, ,

emergency sign in room with red chairs, emergency, hacking metaphor

Hacking has become ubiquitous on the internet. With even major companies like Evernote getting hacked, it’s not hard to imagine that you, an individual, could also get hacked. The experience is actually quite common, though that does not necessarily make it any less distressing. You are left feeling confused, with no idea what you should … Read more

Network Intrusion: How to Detect and Prevent It

Author(s):

Isabell Gaylord, ,

Intrusion, knights attacking laptop, cyber attack metaphor

A network intrusion refers to any forcible or unauthorized activity on a digital network. These unauthorized activities almost always imperil the security of networks and their data. Nowadays, online brands and companies are the usual subjects of these attacks. However, to properly deal with this, organizations should have a cybersecurity team in place. This will … Read more