In this EM360 podcast, we investigate the cutting edge Cybersecurity issues that organisations are facing today. These discussions are led by the organisations at the forefront of defence as they walk us through the issues people are facing and how to effectively implement prevention strategies.
Building Connections in Your Cybersecurity Job
Building your career and starting a cybersecurity job comes with its perks, but it of course comes with its difficulties and shortcomings. Some people cite that the career can often result in low pay based on the amount of labour that's put in, while others find the career attractive but are unsure at what level to start with. One of the biggest problems facing organisations today is the lack of cybersecurity professionals available, and it absolutely could be to do with the drawbacks of having a cybersecurity job. There are other arguments to be made, however, most notably that the cybersecurity field changes with every month. New adversarial technologies and approaches plague organisations, and having someone that is fully equipped and trained to deal with these challenges is a nightmare.
According to The New York Times, there will be over 3.5 million unfilled cybersecurity jobs by the end of 2021, so what can be done about it? Joining us in this podcast are Samantha Humphries, Head of EMEA Marketing and Security Strategy at Exabeam, and Phil Jackman, Director of Dynamo North East. They will be exploring the necessities of networking for cybersecurity professionals, the steps that need to be taken to encourage more cybersecurity professionals and the difficulties facing the career today.
Best Software Security Practices for 2021
Implementing the best software security practices in 2021 is an absolute minefield when there are varying different softwares and technologies that all seem to be promising the same thing. For many application developers, the use of open-source libraries grants them greater freedom when developing their apps but simultaneously leaves them vulnerable. Application security remains a corner stone of the app development world, but so few developers take it as seriously as they should.
In a recent open-source edition of Veracode's State of Software Security Report, it was revealed that a shocking 70% of applications have a security flaw in an open source library on initial scan. Beyond this being a flaw within some open source software, one of the most striking statistics is that ‘79% of the time, developers never update third-party libraries after including them in a codebase'. This calls for stronger security within application security, but what steps can developers take in order to ensure the longevity of application security?
In this podcast, we speak to John Smith, Manager, Solutions Architect, EMEA and APAC at Veracode. John takes us through some of the findings from this report, the vulnerabilities within open source software, the needed steps to improve application security and what awaits in the future.
Top Enterprises are Normalising Data Leaks
Since the Facebook-Cambridge Analytica data scandal of 2018, the populous has become so accustomed to data mismanagement and even data leaks that it no longer makes the headlines. In fact, even in 2021 Facebook faced scrutiny for a data leak that revealed over 530 million people's private information, in some cases including phone numbers. Of course, legal action has been taken by individual bodies but, as many experts point out, tech giants such as Facebook and Google have the monetary capacity to hire complex legal teams that allow them to navigate around GDPR and other data violations. Data leaks are now being normalised, which causes more risk to both individuals and even organisations. The latest development comes under the bracket of 'data scraping'; a controversial topic in the technology industry.
Data scraping is, in its essence, a technique that allows a computer to extract data from an output that's generated by another program. Now, data scraping in its core form is not necessarily harmful but the risk of leaks that occur from data scraping, or the purpose of data scraping, raises a lot of questions. Joining us in this episode of The Next Phase of Cybersecurity is Derek Taylor, Lead Principal Security Consultant at Trustwave. In this podcast, we explore some of the reasons why data scraping is so alarming to cybersecurity experts, how user's privacy calculus around data disclosure decisions are being manipulated, the 'privacy paradox' and reversing the normalisation of data leaks.
Analysing the Top Indicators of Behaviour
Cybersecurity has revolved around several different methodologies over the last decade, but the arguments for and against using an approach based on "Indicators of Compromise" remain prevalent to this day. Relying on the top indicators of compromise, or IOC, depends upon finding threats as and when they appear. New methodologies incorporate a slightly more anticipatory model, however; Indicators of Behaviour, or IOB, work to understand the common signs that could potentially lead an organisation to be struck by a cyber attack.
Having a firm understanding of these topics is essential for any CISO or anyone involved in the security field, however it can be time consuming. That's why, on this episode of The Next Phase of Cybersecurity, we have interviewed https://www.linkedin.com/in/richardwuk/ (Richard Walters,) CTO at https://www.censornet.com/ (Censornet). Using his expertise, Richard walks us through the detailed differences between IOB and IOC, the ROI organisations could see from implementing an IOB based approach and how to implement the switch from IOC to IOB.
What Cybersecurity Experts Get Wrong
When it comes to using a cybersecurity product, relying on new technology has often been seen as the primary objective. What cybersecurity experts are starting to realise, however, is that technology by itself has limitations; the perfect combination actually comes from having good technology and skilled professionals who know how to use it. Many security technologies rely on an alert basis; a method that notifies professionals to investigate problems as and when they appear. The problem with this is that, according to Arctic Wolf, 44% of security alerts are actually not investigated.
What cybersecurity solutions do I need to know about?
Threat hunting is, as our guest today points out, the method of "proactively identifying malicious activities or security concerns within an organisation." This means that malicious activities could have previously been detected or maybe the hunter is looking for threats before they have even made their first appearance. In fact, the method of being anticipatory when it comes to cybersecurity has always proved to be more effective than being reactionary.
Our guest today is Christopher Fielder, Director of Product Marketing at Arctic Wolf. Christopher takes us through the steps of incorporating threat detection in your organisation, what the fundamental misconceptions are about threat hunting and how it can save your business more than it costs.
Social Engineering: Psychological Warfare in the Cyberspace
From the usage of anti-money laundering software all the way to endpoint security, the enterprise space is always preparing for the next attack. Recognising the fact that as much as you train and prepare your organisation, adversaries will also continue to advance can be anxiety inducing. Yes, organisations lose billions every year to fraud and the beginning of 2021 was met with a huge influx in cybercrime, but it's the methods that the adversaries are using that is truly concerning.
Social engineering is a method used by adversaries in the cyberspace that works by gaining the trust of their target. By impersonating a colleague, bribing or blackmailing the victim or even just assuming the voice of an authoritative figure, adversaries are coercing employees into cooperating and, potentially, into wiring money to them. It's psychological warfare and it's not slowing down; social engineering attacks make up 98% of attacks every year, so what can you do to prevent it?
Educating us in this episode of The Next Phase of Cybersecurity is Greg Hancell, Senior Manager Fraud Consultancy a OneSpan. Greg details to us the use of automation in fraud operations, how AI is saving banks and what current methods an adversary might use in conducting a social engineering attack.