Zebeth Media Solutions

EC Cybersecurity

The US Securing Open Source Software Act of 2022 is a step in the right direction • ZebethMedia

By zebethcontrolPosted on Posted in Column, cybersecurity laws, EC Column, EC Cybersecurity, Government & Policy, open source security, SecurityNo Comments on The US Securing Open Source Software Act of 2022 is a step in the right direction • ZebethMedia

Passionate about technology and open source software, Javier Perez is chief open source evangelist and senior director of product management at Perforce. Cybersecurity continues to be a hot topic. More and more organizations are getting hit by ransomware attacks, critical open software vulnerabilities are making news, and we’re seeing industries and governments coming together to discuss initiatives to improve software security. The U.S. government has been working with the tech industry and open source organizations such as the Linux Foundation and the Open Source Security Foundation to come up with a number of initiatives in the past couple of years. The White House Executive Order on Improving the Nation’s Cybersecurity without a doubt kick-started subsequent initiatives and defined requirements for government agencies to take action on software security and, in particular, open source security. An important White House meeting with tech industry leaders produced active working groups, and only a few weeks later, they issued the Open Source Software Security Mobilization Plan. This plan included 10 streams of work and budget designed to address high-priority security areas in open source software, from training and digital signatures, to code reviews for top open source projects and the issuance of a software bill of materials (SBOM). The Act directly addresses the top three areas of focus to improve open source security: vulnerability detection and disclosure, SBOMs and OSPOs. One recent government initiative regarding open source security is the Securing Open Source Software Act, a bipartisan legislation by U.S. Senators Gary Peters, a Democrat from Michigan, and Rob Portman, a Republican from Ohio. Senators Peters and Portman are chairman and ranking member of the Senate Homeland Security and Governmental Affairs Committee, respectively. They were at the Log4j Senate hearings, and subsequently introduced this legislation to improve open source security and best practices in the government by establishing the duties of the director of the Cybersecurity and Infrastructure Security Agency (CISA). This is a turning point in U.S. legislation, because, for the first time, it is specific to open source software security. The legislation acknowledges the importance of open source software and recognizes that “a secure, healthy, vibrant, and resilient open source software ecosystem is crucial for ensuring the national security and economic vitality of the United States.” Finally, it states that the Federal Government should play a supporting role in ensuring the long-term security of open source software.

Read More

2023 will be the year of cyber-risk quantification • ZebethMedia

By zebethcontrolPosted on Posted in Column, cyber risk quantification, cybersecurity, EC Column, EC Cybersecurity, Security, StartupsNo Comments on 2023 will be the year of cyber-risk quantification • ZebethMedia

CRQ is the hottest thing in cybersecurity right now John Chambers Contributor John Chambers is the founder and CEO of JC2 Ventures. Previously, he served as executive chairman and CEO of Cisco. Geopolitical tensions, supply chain challenges, an economic slowdown, an ongoing pandemic and more have meant that companies and people have been impacted in ways that will change how business will be conducted for many years to come, and the ripple effects of these converging variables will be felt for a long time. As headlines continue to be dominated by increasing interest rates, businesses must ensure their budget is being spent efficiently. But despite the economic downturn, the cybersecurity and AI industries have grown steadily over the past 18 months or so. Cybersecurity is critical to businesses’ revenue, growth, reputation and overall function. But are we doing everything to manage the level of risk that exists in our hyperconnected world, or is there a missing link? Cybersecurity is growing more crucial every year A Nasdaq report suggests that 14 market days after a breach becomes public, the average share price of a company bottoms out and underperforms by -3.5% on the stock exchange. An even more alarming data point is that businesses accrue more than 50% of post-breach damages as long-tail costs. More specifically, 31% of expenses are accrued in the second year, and 24% are accrued more than two years after the breach in highly regulated industries. Still, 29% of CEOs and CISOs and 40% of Chief Security Officers admit their organizations are unprepared for the rapidly changing threat landscape.

Read More

To better thwart ransomware attacks, startups must get cybersecurity basics right • ZebethMedia

By zebethcontrolPosted on Posted in EC Cybersecurity, EC TechCrunch Disrupt 2022, ransomware, Security, Startups, TechCrunch Disrupt 2022No Comments on To better thwart ransomware attacks, startups must get cybersecurity basics right • ZebethMedia

The Department of Justice (DOJ) famously declared 2021 as the “worst year” for ransomware attacks, but it seems that title could be in 2022’s hands very soon. Despite some rare wins in the war against hackers over the past 12 months — from the government’s seizure of $2.3 million in bitcoin paid out to the Colonial Pipeline hackers, to its successful disruption of the notorious REvil gang — the ransomware threat continues to grow. Over the past few months alone, we’ve seen threat actors ramping up attacks against public sector organizations, including hospitals, schools and in the case of Costa Rica, entire governments. The private sector is also battling a worsening ransomware threat, with attackers claiming a number of high-profile victims such as AMD, Foxconn and Nvidia. Enable multifactor authentication on everything you have. Katie Moussouris, founder, Luta Security Founders of early-stage startups will undoubtedly find it concerning to see even well-known organizations failing to protect themselves from ransomware despite their seemingly endless resources, particularly as it’s unclear exactly where these companies went wrong. “It could be a zero-day or it could be a failure to implement multifactor authentication (MFA) or an MFA bypass,” said Brett Callow, threat analyst at Emsisoft, during a panel discussion on the ZebethMedia+ stage at Disrupt 2022. “There’s no standard answer, and that is what makes this problem so difficult to deal with.”

Read More
Subscribe to Zebeth Media Solutions

You may contact us by filling in this form any time you need professional support or have any questions. You can also fill in the form to leave your comments or feedback.

We respect your privacy.
business and solar energy