Nitin Natarajan, deputy director, CISA

Constant Vigilance Demanded - Cyber 'Not Just Another Risk'

Tony Morbin • July 4, 2022

The Biden executive order on cybersecurity was a catalyst for action, with tight delivery times for steps including promotion of SBOMs and zero trust. The cyber-physical nexus and expanding threat surface mean it's not easy to maintain vigilance, but recognizing that is the first step.

►

Geo Focus: The United Kingdom

Looking Beyond Silicon Valley for Cybersecurity Talent

Latest

Governance & Risk Management

Django Software Foundation Patches High-Severity Bug

Mihir Bagwe • July 5, 2022

The Django web framework patched a high-severity vulnerability affecting its main branch and three other versions - 3.2, 4.0 and 4.1. Developers who match inputs against safelists are unaffected. There are more than 91,000 websites using the Django framework, many of them based in the United States.

Cloud Security

RSA Conference 2022 Compendium: 150+ Interviews and More

• July 5, 2022

Welcome to ISMG's compendium of RSA Conference 2022. The 31st annual conference covered a wide range of topics including cybercrime, cyberwarfare, zero trust, supply chain risk, ransomware, OT security, cyber insurance and jobs. Access 150+ interviews with the top speakers and influencers.

Anti-Money Laundering (AML)

Leveraging Interindustry Data to Discover Mule Accounts

Suparna Goswami • July 5, 2022

How can you leverage artificial intelligence and make sense of data from different industries to determine whether a customer is creditworthy or whether an account is a mule account? Guy Sheppard, general manager of financial services at Aboitiz Data Innovation, discusses a case study.

Business Continuity Management / Disaster Recovery

US, Israel Initiate Cybersecurity Collaboration Program

Mihir Bagwe • July 4, 2022

The U.S. and Israel have agreed to a new joint cybersecurity program called BIRD Cyber to enhance the cyber resilience of both countries' critical infrastructures. Grants of up to $1.5 million will be given to entities who jointly develop advanced cybersecurity applications under this program.

Leadership & Executive Communication

Okta to Spend $1M Helping Nonprofits Improve Their Security

Michael Novinson • July 1, 2022

Identity titan Okta has awarded $1.02 million in grants to groups focused on linking nonprofits with the talent needed to configure and manage security technology. Nonprofits have limited access to infrastructure and human capital to address their cybersecurity needs, and Okta hopes to change that.

Cyberwarfare / Nation-State Attacks

ISMG Editors: Russia's War Has Changed the Cyber Landscape

Anna Delaney • July 1, 2022

Four ISMG editors discuss important issues, including how Russia's cyber and kinetic wars in Ukraine have changed the cybersecurity landscape, what recent layoffs at cybersecurity firms mean for the industry and how cybercriminals are taking a page out of the white hat hacker playbook

Cybercrime

Ukrainian Cops Arrest Phishing Gang That Stole $3.4 Million

Prajeet Nair • June 30, 2022

Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links. Cybercrime gang members allegedly obtained access to bank accounts under the guise of facilitating social safety net payments from the European Union.

Governance & Risk Management

The Right Way to Change Your Identity Service Providers

Suparna Goswami • June 30, 2022

Markus Kalka, head of security authentication services at Takeda, talks about the challenges of changing identity service providers and shares the experience of consolidating three services into one at his company, a Japanese multinational pharmaceutical.

Email Security & Protection

The Criticality of Reporting Cybercrimes

Anna Delaney • June 30, 2022

For the seventh year in a row, business email compromise produced the largest losses of any type of cybercrime, according to Steve Dougherty of the U.S. Secret Service. He says organizations need to build and maintain relationships with law enforcement agencies before an attack happens.

CISO Trainings

Profiles in Leadership: Rob Hornbuckle

Mathew J. Schwartz • June 30, 2022

Beyond advising the seniormost levels of the business in the strategic use of technology, the need to recruit new cybersecurity professionals often also tops the list of tasks facing today's security leaders, says Rob Hornbuckle, CISO of Allegiant Air.

Endpoint Security

CyGlass Separates From Nominet, Pursues XDR Partnerships

Michael Novinson • June 29, 2022

CyGlass completed a management buyout from Nominet just two years after being acquired and wants to build an EDR stack via partnerships. Board and management changes at Nominet in 2021 resulted in the company returning to its registry roots and gave CyGlass workers the chance to buy the company.

Events

Addressing Misconceptions About Cryptography

Anna Delaney • June 29, 2022

Organizations need to move away from spending money on perimeter security and instead focus on "protecting critical assets using encryption and key management," says Brad Beutlich, of Entrust. "At this point in time, the hackers cannot break encryption technologies," he adds.