Honoring my father by translating his timeless life lessons into practical wisdom for the cybersecurity profession.

The post Legacy of Wisdom: Security Lessons Inspired by My Father appeared first on SecurityWeek.

Palo Alto Networks and IBM announced a significant partnership to jointly provide cybersecurity solutions.

The post Palo Alto Networks Announces Major Cybersecurity Partnership With IBM, Acquires QRadar SaaS Assets  appeared first on SecurityWeek.

Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.

The post RSA Conference 2024 – Announcements Summary (Day 4) appeared first on SecurityWeek.

Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.

The post RSA Conference 2024 – Announcements Summary (Day 3) appeared first on SecurityWeek.

Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.

The post RSA Conference 2024 – Announcements Summary (Day 2) appeared first on SecurityWeek.

Understanding a country's cybersecurity readiness is vital in today's environment. Using data analytics and machine learning, we can assess each nation's cybersecurity strengths, weaknesses, and areas needing improvement. Exploring the cybersecurity rankings of different countries can help us make informed decisions, encourage global cooperation, and work towards a safer digital world for everyone.

The post Global Cybercrime Report 2024: Which Countries Face the Highest Risk? appeared first on Security Boulevard.

Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.

The post RSA Conference 2024 – Announcements Summary (Day 1) appeared first on SecurityWeek.

The U.S. Secretary of State Antony Blinken unveiled an International Cyberspace and Digital Policy Strategy on Monday, outlining the Biden administration's plan to engage the global community on various technological security issues. Blinken introduced this robust international cyber strategy while delivering a keynote at the RSA cybersecurity conference in San Francisco. The strategic blueprint outlined in the latest strategy displayed the federal government's multifaceted approach to engaging the global community on a wide array of technological security issues, aiming to foster collaboration and cooperation among allies, partners and stakeholders worldwide.

What’s at the Core of the International Cyberspace and Digital Policy Strategy

At the heart of the plan lies the concept of "digital solidarity," characterized by mutual assistance to victims of malicious cyber activity and other digital harms. Digital solidarity entails collaborating on shared goals, capacity building, and mutual support to enhance security, resilience, self-determination, and prosperity. Against the backdrop of ongoing cyberattacks targeting U.S. allies by foreign actors like Russia, China, North Korea and Iran, efforts focus on supporting allies and partners, particularly emerging economies, in harnessing the benefits of digital technologies while sustaining economic and development objectives. The strategy emphasizes alignment with international partners on technology governance, fostering strong partnerships with civil society and the private sector, and promoting cybersecurity resilience through diverse products and services from trusted technology vendors. Moreover, it underscores cooperative efforts to defend and advance human rights and build digital and cyber capacity for long-term resilience and responsiveness. The Department of State, in collaboration with other federal agencies, will advance digital solidarity through four key areas of action supported by three guiding principles:

1. Promoting an open, inclusive, secure, and resilient digital ecosystem.
2. Aligning rights-respecting approaches to digital and data governance with international partners.
3. Advancing responsible state behavior in cyberspace and countering threats through coalition-building and engagement.
4. Strengthening international partner digital and cyber capacity.

Efforts to forge digital solidarity will be reinforced by active participation in international fora to shape obligations, norms, standards, and principles impacting cyberspace and digital technology issues. Leadership in these venues is crucial to safeguarding U.S. interests and values in the evolving digital landscape. Recognizing the significance of digital diplomacy, the Department of State will lead interagency efforts to coordinate cyber and digital technology diplomacy to advance U.S. national interests and values in the coming decade.

Cybersecurity Threats from Nation States

The strategy addresses the malign activities of nations such as Russia, China, Iran, and North Korea, condemning their exploitative use of technology for nefarious purposes, including hacking and espionage campaigns. It highlights concerns about these countries' efforts to undermine international regulatory frameworks and undercut U.S. technology manufacturers through state-sponsored subsidies. “Cyber criminals and criminal syndicates operating in cyberspace now represent a specific threat to the economic and national security of countries around the world,” the International Cyberspace and Digital Strategy said. “Cybercrime and online fraud cause significant harm to economic development, with small- to medium-sized enterprises and financial service providers especially at risk. According to one estimate, the global cost of cybercrime is estimated to top $23 trillion in 2027.”

AI Technology Governance

The landscape of AI technology governance is intricate, as per the latest strategy. While AI systems offer promising avenues for societal progress, the complexities of geopolitics further compound the challenges and uncertainties in their regulation and management. AI technologies hold immense potential to drive knowledge expansion, boost prosperity, enhance productivity, and tackle pressing global issues. However, the rapid proliferation of AI technologies also presents substantial risks and ethical considerations. These encompass a spectrum of concerns ranging from exacerbating inequality and economic instability to privacy breaches, discriminatory practices, and amplification of malicious cyber activities. Moreover, the dual-use nature of many AI applications poses challenges in ensuring that emerging technologies are not leveraged for nefarious purposes, including disinformation campaigns and military advancements lacking adequate human rights safeguards. Balancing risks and rewards requires safeguarding democratic values, human rights, and fostering international collaboration to harness AI's benefits while mitigating destabilizing impacts. The strategy also warns against complacency in critical technological domains, cautioning that failure to act could enable authoritarian states to shape the future of technology in a manner detrimental to U.S. interests and values. By advocating for concerted efforts to uphold a rights-respecting, open, and secure cyberspace, the United States aims to advance a vision of global governance that safeguards democratic principles and promotes innovation and prosperity.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

LevelBlue, a new WillJam Ventures and AT&T joint venture, provides various managed cybersecurity services.

The post AT&T Launches New Managed Cybersecurity Services Business LevelBlue appeared first on SecurityWeek.

The US calls for international engagement towards building an open, inclusive, resilient, safe, and equitable digital space.

The post US Releases International Cyberspace Strategy appeared first on SecurityWeek.

Microsoft security chief Charlie Bell pledges significant reforms and a strategic shift to prioritize security above all other product features.

The post Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report appeared first on SecurityWeek.

As you look to navigate RSA Conference, with so many vendors, approaches and solutions, how do you know what solutions you should be investing in?

The post Building the Right Vendor Ecosystem – a Guide to Making the Most of RSA Conference appeared first on SecurityWeek.

SecurityWeek interviews Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta.

The post CISO Conversations: LinkedIn’s Geoff Belknap and Meta’s Guy Rosen appeared first on SecurityWeek.

SafeBase has raised north of $50 million since launching in 2020 with plans to simplify vendor risk assessment disclosures.

The post SafeBase Scores $33M Series B Investment appeared first on SecurityWeek.

The majority opinion is that a cybersecurity professional body is long overdue and would benefit cybersecurity and cybersecurity practitioners.

The post Should Cybersecurity Leadership Finally be Professionalized? appeared first on SecurityWeek.

Jennifer Leggio makes the case for more alcohol-free networking events at conferences, and community-building opportunities for sober individuals working in cybersecurity.

The post Beyond the Buzz: Rethinking Alcohol as a Cybersecurity Bonding Ritual appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.

The post In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO appeared first on SecurityWeek.

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk.

The post Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon appeared first on SecurityWeek.

By Nathan Wenzler, Chief Security Strategist, Tenable India is ranked third globally among nations facing the most severe cyber threats, as per the World Economic Forum. However, despite this alarming statistic, there exists a significant disparity between the escalating volume of threats and the resources allocated to combat them. The cybersecurity sector is grappling with a colossal skills deficit, with a shortage of 4 million professionals worldwide. Even seasoned cybersecurity experts find it daunting to navigate and decipher the increasingly intricate landscape of modern cyber threats across the ever-widening attack surface due to limited resources.

Role of Generative AI in Enhancing Cybersecurity Strategy

In response to this challenge, organizations are turning towards generative AI to bridge the expertise gap and enhance their resilience against risks. A survey reveals that 44% of IT and cyber leaders express high levels of confidence in the capacity of generative AI to enhance their organization’s cybersecurity strategy. Security teams are increasingly consumed by the arduous task of scrutinizing various attack vectors in their systems and analyzing the tactics, techniques, and procedures employed by potential threat actors. Often, they find themselves reacting to cyberattacks post-incident, rather than proactively thwarting them—a strategy far from ideal for robust cybersecurity. Organizations in India must shift towards a proactive stance, actively pursuing and understanding threats to establish a robust line of defense. The expanding attack surface, coupled with the rapid adoption of cloud services, virtualization platforms, microservices, applications, and code libraries has added immense complexity to the security landscape. Organizations now must contend with vulnerabilities, cloud misconfigurations, and risks associated with identity access, groups, and permissions. Conventional attack path analysis tools offer insights into threat actor entry points, which assets are key targets, and what threats may exist but this can demand painstaking manual effort to decipher implications step-by-step. While attackers require just one entry point to infiltrate and laterally move within a system, defenders face the formidable task of analyzing the entire threat landscape all at once, identifying all potential attack paths, and implementing security measures in the places that can mitigate the most risk, especially when operating with limited staff.

Empowering Security Teams with Generative AI

Generative AI emerges as a potent solution to these challenges, empowering security teams by providing them with the perspective of attackers to map out potential threats and prioritize mitigation strategies based on criticality. By consolidating data from disparate sources, generative AI offers an easier way to understand the complexity of the attack surface, enabling organizations to more quickly assess exposures, prioritize actions, and visualize relationships across the entire attack surface. This means security teams can make risk decisions more quickly, leaving less time for an attacker to take advantage of an exposed asset and begin their assault on the organization. Generative AI-powered attack path analysis amalgamates and distills insights from vulnerability management, cloud security, web application, and identity exposures, enabling organizations to comprehend their risk from the perspective of an attacker. This facilitates informed and targeted cyber defense strategies, allowing organizations to anticipate threats and fortify their defenses accordingly. Through succinct summaries and mitigation guidelines, generative AI equips security teams with a quicker and more efficient view of actionable insights, sparing them the tedious task of manually researching what the threats are and what the correct security controls should be, whether that’s identifying specific patches or version numbers or understanding how to correct unauthorized user access. Even team members with varying levels of expertise can draw actionable conclusions from generative AI, simplifying complex cyberattack paths and enabling effective threat mitigation. In summary, generative AI supports a more comprehensive and proactive approach to cybersecurity, empowering organizations to understand and address potential threats quickly. By breaking free from the constraints of siloed security data, organizations can develop strategies to predict, prevent, and mitigate cyber risks effectively and faster than ever before. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

Investors make an early-stage $6.5 million bet on BreachRx, a startup promising to shield cybersecurity executives from personal liability.

The post BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems appeared first on SecurityWeek.