Get My Score

Trending in Security

 

A quick listing of some of the articles where Cavirin's thought leaders were quoted over the last month.  The who's-who of security publications, covering stories as diverse as GDPR, cyber insurance, and USB drive vulnerabilities.  Note that the citations below do not cover our channel launch.   Please go to our website for more.

 

Cyber Insurance, Security and the Enterprise Challenge

 

Reset Your Routers to Avoid Malware Attack, FBI Warns

Canadian Banks Warn Data Breach May Have Affected 90,000 Customers

Two Canadian Banks Report Potential Data Breach

 

Could GDPR Be the Best Thing That’s Happened to Marketing?

 

Can behavior-based cyber insurance improve cybersecurity?

 

More Data Leaked from AWS Bucket Misconfigurations

 

EU Privacy Activist Targets US with GDPR Rules

 

GDPR is on the books, Google, Facebook face lawsuits, others scramble to comply

 

Amazon Comes Under Fire for Facial Recognition Platform

 

Five Business Drivers For Organizations Moving To The Cloud

 

TeenSafe Data Leak Shows Cloud Security Weaknesses
Moving to the Cloud: Too Many Companies, Too Fast?

 

TeenSafe App Exposes Data on More Than 10K Accounts

 

TeenSafe Tracking App Exposes Thousands of Private Records

 

DHS Cybersecurity Strategy Keys in on Risk, Vulnerability Management

 

DHS Publishes New Cybersecurity Strategy
Chili's Discloses Data Breach Exposing Payment Card Information

 

IBM's USB Ban Earns Some Praise, Some Skepticism

 

Bolton's Push to Cut Security Post Not Sound

 

Tech Companies Vow Not to Participate in Government-Sponsored Cyberattacks

 

Bolton, team mull eliminating White House cybersecurity coordinator position

 

IT Management: Do Not Panic over GDPR Challenges

 

Adopt The Right Cyber Posture For Your Hybrid Cloud Environment

 

Twitter Advises Users to Change Passwords Following Encryption Failure
Tens of Thousands of Malicious Apps Using Facebook APIs
 

 

0
0
0
s2sdefault

Too start off the year, at least two publications have reported on surveys that detail the criticality of the cybersecurity skills gap.  For those old enough, it harkens back to the Cold War missile gap of the 1950s.  But unlike the missile gap, which was mostly fictional, this gap is very real, and much more relevant to the typical enterprise.

CSO drew on a Nov, 2017 ESG study that looked at gaps and potential solutions. The most alarming observation is that, despite increased spending and visibility, the percentage of respondents that reported a shortage of skills rose from 23% in 2014 to 51% in 2018. This doubling implies that the majority of organizations are threatened. As solutions, two areas that stand out include:

  • Moving toward technologies with advanced analytics.Think of artificial intelligence and machine learning as a helper application that can accelerate security processes and make the staff more productive.
  • Automating and orchestrating processes.Cybersecurity grew up with a reliance on manual processes, but these processes can no longer scale to meet growing demands. As a result, security automation/orchestration has become a top priority for many organizations.

 

0
0
0
s2sdefault

A lot has been written about the Equifax breach and the impact it has on Americans. But, perhaps there are few articles that focus on what we can do about keeping the systems patched (the actual cause of the breach was a missing patch). Here are three things that relate to the Equifax breach but precisely tell you things that you might want to consider for your systems to avoid becoming the next Equifax.

  1. Detect – The majority of hacks these days, as Gartner predicted, are not zero-day. They come from known vulnerabilities. So, it is important that you have a detection system in place which can continuously keep you alerted if there are any security misconfigurations or unpatched systems. The Cavirin platform provides a very strong detection mechanism which can detect not only security misconfigurations and missing patches on individual operating systems for both machines on-premise but also in the cloud.    

    0
    0
    0
    s2sdefault
Control Your Cloud

Petya'd?  Cavirin to the Rescue!

On the back of WannaCry, the latest ransomware of the week is GoldenEye, a variant of Petya.  First reported a few days back, it has already caused havoc within some very large organizations.  Maersk, for example, was impacted, and one of our engineers from Bangalore reported that 10 million containers at the port of Mumbai don't know where to go.  No, Docker isn't going to come to the rescue.  And you think an airline reservation system shutdown is bad!  What is disturbing to me is that four of the companies hit - Maersk, Me-Doc, Merck, and Mondelez - all start with 'M', and that it is mostly targeted against critical industries.  Today's ransomware attack is sponsored by the letter M.  Someone refining their attack vectors?

0
0
0
s2sdefault
Control Your Cloud

A few days back, a security researcher came upon what is potentially one of the largest exposures to-date of Personally Identifiable Information (PII), but one that was so easy to prevent using the tools available.  Deep Root, a data analytics firm, had posted almost 200 million voter records to their AWS S3 database. This is the distributed offering leveraged by the majority of businesses and SaaS offerings that use AWS.  Note that this is also the same S3 that experienced a wide-ranging failure earlier in the year.  In this case, Deep Root set permissions on their database that would expose it unencrypted and with no password required to the outside world.  Just think what would have happened under GDPR if this occurred in 2018 within the European Union.

0
0
0
s2sdefault

Last week, Mary Meeker and her team at Kleiner Perkins published their yearly internet opus.  For those keeping track, it is now at 355 slides!  Though much of it focuses on the continuing evolution of commerce, media and gaming, as well as China and India, there are some excellent nuggets on the cloud security.  Her analysis plays well into Cavirin’s strategy and product direction.

We live in an increasingly multi-cloud world.  Amazon with AWS got off to an early start, but Microsoft’s Azure, by virtue of its strong enterprise footprint, is gaining ground quickly.  Whereas companies leveraging AWS remained constant at 57% between 2016 and 2017, Azure use grew from 20% to 34%.   And not to be dismissed is the Google Cloud Platform (GCP), growing from 10% to 15% and benefitting from strong enterprise focus as evidenced at this year’s Google Next conference. Beyond this baseline, AWS will experience even greater competition in the future, as only 27% of organizations who don’t currently use AWS are experimenting with or planning to use the platform in the future.   This grows to 33% for Azure and 30% for GCP.   Cavirin natively supports the three major cloud service providers (CSPs), and delivers consistent analysis between these and any on-premise deployments.

 

0
0
0
s2sdefault

© 2018 Cavirin Systems, Inc. All rights reserved.