Tag: Applying | SpinSafe

Applying Aristotle’s ‘First Principles’ to revolutionise cybersecurity

July 19, 2022/in Internet Security

Article by Virsec A/NZ regional director Robert Nobilo.

‘First Principles’ is a concept that emerged during the time of Aristotle. He used this approach to break down a complicated problem into its most basic elements and reassemble it from the ground up, using only the irrefutable truths that remain.

Fast forward 2,000 years, and Paypal Co-founder Peter Thiel and Netflix CEO Reed Hastings are among a group of industry leaders who use the ‘first principles’ decision-making strategy to build companies that disrupt and improve entire industries.

Today, we can also apply ‘first principles’ to the challenge of cybersecurity. Unfortunately, traditional security approaches that were once effective in preventing basic cyber-attacks are no match for today’s sophisticated adversaries. As the techniques of hackers continue to evolve and become more complex, our approach to security needs an overhaul as well.

First, let’s take a look at why traditional security approaches are outdated and ineffective.

Why traditional security approaches just don’t cut it nowadays

Digital transformation, cloud connectivity and remote work have enabled companies to be more competitive, generate revenue and increase productivity. However, with this connectivity and an expanded attack surface comes increased risk. Cyber threats are also evolving.

A surge in supply chain attacks like Log4j, SolarWinds, PrintNightmare and Kaseya all continue to exploit vulnerabilities in this software, impacting millions of users downstream while costing billions of dollars to contain and remediate. These attacks take advantage of hyperconnectivity and application vulnerabilities as gateways to bypass traditional security solutions such as endpoint detection and response (EDR), allowing the adversary to control the software and launch malicious activity in a matter of seconds.

Despite prioritising security and investing in upgrades, CISOs and organisations are falling further behind. Conventional security approaches aren’t effective because they focus from the outside in—chasing evolving threats and plugging porous perimeters. This abstracted approach has proven to create an endless game of cyber…

Source…

Applying Gen. Brown’s action orders to cyberspace education and training

March 25, 2021/in Internet Security

Following the SolarWinds intrusion, a growing symphony of cyberspace and intelligence agencies continue to earnestly scour their networks, carefully examining cascading effects associated with the world’s largest cyberattack. Unbeknownst to many, a similar and equally devastating SolarWinds-like problem quietly persists throughout the Air Force. For this analysis, the problem is not directly related to sanitizing critical software ecosystems, cloud computing environments or vast network technologies, but has everything to do with a large number of cyberspace personnel who lack adequate levels of training and certification to prosecute information warfare operations in a manner commensurate with national security imperatives.

Through a strategic guidance memorandum, the Air Force chief of staff, Gen. Charles Q. Brown, challenged all airmen to “accelerate change or lose.” After the initial dictum, he subsequently released action orders, specifically oriented toward four areas: airmen, bureaucracy, competition and design implementation. Upon reading Gen. Brown’s guidance, one may inquisitively ask, “How do I apply these four lines of effort to my area of expertise?” Since the preponderance of victories, whether in the air, at sea or on land, heavily rely on promptly and securely transmitted data — oftentimes shared amongst joint and coalition partners — it is advantageous to use the action orders as a frame of reference and offer perspectives relative to the future of cyberspace training.

Airmen

There is no question that America’s dedicated and courageous airmen serve as the lifeblood for the greatest Air Force in the world. Despite having legions of highly capable and technically inclined professionals, the locations and concentrations of cyberspace talent are not readily known. Once airmen (officer and enlisted) depart basic technical training programs, the Air Force — professional military education and on-the-job training notwithstanding — does not have a sanctioned process to record achievement of additional skills, training and personal education pursuits. To aid in accelerating change, the Air Force would benefit by innovating how it trains,…

Source…

Applying Inogen Data Breach Lessons to Healthcare Providers

April 18, 2018/in Internet Security

Applying Inogen Data Breach Lessons to Healthcare Providers HealthITSecurity.com

Full coverage

data breach – read more

Huawei leads the pack in applying Android security updates – New Straits Times Online

July 26, 2016/in Mobile Security

Huawei leads the pack in applying Android security updates
New Straits Times Online
KUALA LUMPUR: Studies have revealed that many Android devices are still running on older operating systems (OS), despite numerous efforts by Google over the last nine months to improve the platform's security level. Statistics provided by renowned …

“android security” – read more

Tag Archive for: Applying