Digital innovation has driven engineering advances for many sectors, including our businesses, homes, transportation and energy systems, and entertainment. The motor speedway is no stranger to the advanced technologies arising both inside the vehicles and outside. The ABB FIA Formula E World Championship is one of the fastest-growing series in motorsport dedicated to efficiency and performance driven by leading technology. Similarly, Fortinet drives digital innovations through our Fortinet Security Fabric. BMW Motorsport relies on Fortinet to secure parts of their motorsport environments and operations across a highly distributed infrastructure.

To read this article in full, please click here

Editor's note: This article, originally published on April 5, 2021, has been updated to reflect recent developments. 

Details of the 2020 SolarWinds attack continue to unfold, and it may be years before the final damages can be tallied.

While it is “hard to say” if the SolarWinds software supply-chain compromise will become known as the highest-impact cyber intrusion ever, it did catch “many people off guard” despite the security industry’s frequent warnings that supply chains pose substantial risks, according to Eric Parizo, principal analyst of security operations at Omdia, a global research firm.

To read this article in full, please click here

Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.

The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.

If you're a security recruiting firm, we want your information! Our goal is to provide the most complete recruiter resource available, but to do that we need your assistance. Please send the name, contact info and a few sentences about your company and its specialties to Michael Nadeau.

To read this article in full, please click here

Editor's note: This article, originally published on August 7, 2018, has been updated to include new information on phishing kit features.

Phishing is a social attack, directly related to social engineering. Commonly centered around email, criminals use phishing to obtain access or information. Phishing attacks can be basic or customized toward the victim and their organization.

A phishing attack with a directed focus is called spear phishing. If, for example, the criminal were targeting a group or person within a company, they'd use spear phishing to make the email look and feel legitimate. Usually this is done by using the victim's correct name and title, referencing legitimate projects, known co-workers, or spoofing an email from a senior executive.

To read this article in full, please click here

The cybersecurity skills gap is a global problem that must be addressed if we hope to stay ahead of today’s motivated cybercriminals. With this being said, there are strong synergies between military service and cybersecurity leading to veterans being a key component to helping address this growing challenge by filling critical cyber roles. In fact, almost 200,000 U.S. service workers transition into civilian life each year with on average 15-year experience under their belt.

Veterans possess situational and other traits that translate well to a role in cybersecurity. Recognizing this, as part of the Fortinet Training Advancement Agenda (TAA) and NSE Training Institute’s Veterans Program, Fortinet facilitates the transition of exceptional military veterans and military spouses into the cybersecurity industry by providing professional networking, training, and mentoring to bring them up to speed as they transition to the civilian workplace. Today, hundreds of “FortiVets” have already been trained, with many more currently enrolled or successfully starting their careers in cybersecurity with Fortinet or other technology partners that are part of our hiring ecosystem.

To read this article in full, please click here

HITRUST definition

HITRUST is a cybersecurity framework that seeks to unify the rules for many other existing regulatory and industry frameworks, including HIPAA, GDPR, PCI-DSS, and more. The idea is that organizations that implement HITRUST—a sort of "one framework to rule them all"—will have done all or almost all of the work necessary to conform to a variety of cybersecurity regulations and standards.

To read this article in full, please click here

The Russian hacking group behind the supply chain attack that poisoned software updates for the SolarWinds Orion platform has been perfecting its email-based attacks over the past few months to plant backdoors inside organizations. These efforts recently escalated with an attack launched from a hijacked email marketing account belonging to USAID and targeted around 3,000 people across over 150 organizations in 24 countries.

The hacking group, known in the security industry as APT29, Cozy Bear, The Dukes and Nobelium, has been tied to the Russian Foreign Intelligence Service (SVR) by the US and UK governments. It has a long history of targeting governmental or government-tied organizations, sometimes using zero-day exploits to gain initial access. In this latest email campaign observed by Microsoft, around a quarter of Nobelium's targets were organizations involved in international development, humanitarian, and human rights work.

To read this article in full, please click here

The Transportation Safety Administration (TSA), an arm of the US Department of Homeland Security (DHS), released a Security Directive on Enhancing Pipeline Cybersecurity. TSA released the document two days after the Biden administration leaked the details of the regulations and less than a month after the ransomware attack on Colonial Pipeline created a significant gas shortage in the Southeast US.

To read this article in full, please click here

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.

Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Amy Bennett, executive editor.

To read this article in full, please click here

What is credential stuffing?

Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts. Billions of login credentials have landed in the hands of hackers over the past several years as a result of data breaches. These credentials fuel the underground economy and are used for everything from spam to phishing and account takeovers. Credential stuffing attacks are one of the most common ways cybercriminals abuse stolen usernames and passwords.

Today’s enterprises know the advantages of leveraging multi- and hybrid cloud environments. In fact, more than 90% now have multi-cloud and hybrid (public/private) cloud environments included as a critical component of their network and business strategy. This model enables organizations to allow critical data and essential applications to reside anywhere, on-premises, on campuses, at branch offices, in the data center, or the cloud. And wherever these applications reside need to be transparent to the user.

To read this article in full, please click here

Victim shaming is never OK. Unfortunately, in some organizations, employees who fall victim to a social engineering ploy that leads to a ransomware attack are blamed for their actions.

“Shaming and blaming somebody for being attacked doesn’t teach anybody and it's certainly not going to make that organization better apt to take care of themselves in the future,” said Mat Gangwer, Senior Director of Managed Threat Response at Sophos.

Social engineering attacks, like phishing emails, are common conduits of ransomware, and have become more sophisticated. So sophisticated that it’s easy for even some of the most seasoned veterans to get fooled.

To read this article in full, please click here

CISOs will have to manage new security challenges in a post-pandemic world. Reconfigured workplaces and employee health considerations, as well as increased threats, have been foisted on organizations just as many security workers are feeling tired and stressed out, according to experts speaking at last week’s RSA Conference.

"When COVID first hit, we jumped in like 'we do insecurity all the time.' We went into firefight mode, and we're good at it, and we practice it," Helen Patton, advisory CISO of Cisco Secure and former CISO at Ohio State University, said. "We're hitting the cadence of this going on for so long. You can feel the stress; you can feel the overworked-ness."

To read this article in full, please click here

It’s well known by now that the consequences of a successful ransomware attack go well beyond the financial loss of paying ransom. Damage to brand and reputation, lost productivity, and compromised data—even if ransom is paid—are common results. Current news of the gasoline shortage on the U.S. East Coast after a ransomware attack reminds us that consequences can be far-reaching. And the first death known to be associated with a ransomware attack in 2020, proved they can be deadly.

To read this article in full, please click here

On the heels of three major cybersecurity incidents over the past six months—the SolarWinds and Microsoft Exchange supply chain attacks and the Colonial Pipeline ransomware attack—government officials and some in the private sector are reviving calls for better information sharing and national breach notification requirements.

To read this article in full, please click here

Cloud workloads are deployed into highly dynamic environments, often utilizing and coexisting with a wide variety of cloud providers and third-party platforms and services. The workloads themselves can range from legacy applications that have been migrated from traditional on-premises data centers, to applications that have been built specifically to run on cloud platforms, to entirely serverless applications. They may run unchanged for weeks or months, or only exist for a few seconds.

Many Ways to 'Secure' Cloud Workloads

There are also many ways to monitor and protect cloud workloads, including agent-based third-party solutions, cloud provider monitoring and logging services, cloud perimeter firewalls, and WAFs. Like anything in life, security technologies come with certain advantages and drawbacks, so organizations often deploy a variety of cloud workload security solutions depending on their regulatory environment, desired security posture, and aversion to risk.

To read this article in full, please click here

The cyber attack on Colonial Pipeline is the latest in an increasing number of ransomware attacks that have been targeting both private enterprise and the public sector.

In this case, it appears that the ransomware variant involved is DarkSide, which ExtraHop has seen in customer environments. This campaign starts by mapping the environment and exfiltrating data, meaning that the attackers likely now have access to detailed information about the company and its pipeline operations. Then the attackers start encrypting systems, making entire portions of the infrastructure unavailable.

This two-pronged approach has become increasingly common, used in major attacks such as the recent REvil attacks on Acer. Exfiltrating potentially sensitive data gives added leverage to attackers and makes detecting and stopping ransomware even more important.

To read this article in full, please click here

There are any number of bad actors behind cyber attacks these days. From enterprising criminals to nation-states to hacktivists to malicious insiders, there are multiple possibilities of who is behind it when a system is compromised and data is breached.

Compromised organizations sometimes rush to point fingers at who is responsible for attacks and threats because it is gratifying.

“Researchers and vendors sometimes rush to attribution,” said Mat Gangwer, Senior Director of Managed Threat Response at Sophos. “It can often be because they want to be the first to make claims that it was a specific group or nation state. And some organizations may do it as a way to reveal the sophistication of the attack they are facing.”

To read this article in full, please click here