As part of the Executive Order on Improving the Nation’s Cybersecurity (EO 14028), NIST is required to do several things. among those are guides and standards for improving supply chain security and they have already released a number of draft documents related to their tasks. IF you sell to the executive branch, these will become […]
Continue reading → [DISPLAY_ACURAX_ICONS]Hackers are targeting the cloud. Why? To paraphrase Willie Sutton, because that is where the data is. Historically, penetration testers gain access to network devices through the “perimeter defense” and then they move around (the so-called east-west movement) trying to get access to data, wherever it lives inside the network perimeter. But in the cloud, […]
Continue reading → [DISPLAY_ACURAX_ICONS]Vendor risk must be a core part of every company’s cybersecurity program, but it is hard. Especially when the company is a tech company, developing software that you use. The term Minimum Viable Product or MVP is a term marketing folks have used for years to describe creating a version 1 product that has the […]
Continue reading → [DISPLAY_ACURAX_ICONS]59% of cybersecurity executives at large and medium organizations say that they have LOST business due to product security concerns for connected and embedded devices. 45% say that customers want detailed information about what is in their devices, but only 11% of companies have high confidence that they can do that, even if they want […]
Continue reading → [DISPLAY_ACURAX_ICONS]While the details of this are interesting, what is more important is thinking about all of the contracts that you sign. This is a legal battle that goes back several years. In one corner is Fiserv, the Fortune 200 +/- financial services software behemouth. In the other corner is Bessemer System Federal Credit Union, a […]
Continue reading → [DISPLAY_ACURAX_ICONS]I have been talking a lot about supply chain risk lately and there is a good reason. From open source products with backdoors like Webmin or Rubygems to NotPetya a few years ago which shut down many companies around the world to the recent attacks against SolarWinds or Centreon, supply chain attacks are running rampant. […]
Continue reading → [DISPLAY_ACURAX_ICONS]