2023 RSAC #4

The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach.

This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them!

While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them.

This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them!

In today’s hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work.

Segment Resources:

https://www.digicert.com/blog/digital-trust-as-an-it-imperative https://www.digicert.com/blog/solving-digital-trust-for-the-real-world https://www.digicert.com/campaigns/foundation-for-digital-freedom https://www.digicert.com/digicert-one

This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!

Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization’s security posture.

Segment Resources: https://www.tines.com/reports/voice-of-the-soc-analyst

This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them!

“Man plans, the Universe laughs” - unfortunately, that’s been the saying for far too long when it comes to cybersecurity. Security leaders know it's only a matter of time before their organization gets breached, but instead of being ready for it, they rely on fixing the problem after it happens. In Cisco’s newest report, the first ever Cybersecurity Readiness Index, it was found that a small minority of businesses globally (15%) consider themselves to be ready and able to defend against the expanding array of cybersecurity risks and threats of today. Organizations need to get ready and stay ready with solutions they can trust.

Segment Resources: Report: Cybersecurity Readiness Index https://www.cisco.com/c/dam/m/en_us/products/security/cybersecurity-reports/cybersecurity-readiness-index/2023/cybersecurity-readiness-index-report.pdf

Press Release: New Cisco Study Finds Only 15% of Companies Surveyed are Ready to Defend Against Cybersecurity Threats https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m03/new-cisco-study-finds-only-15-of-companies-surveyed-are-ready-to-defend-against-cybersecurity-threats.html

This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!

Unlike vulnerabilities, which can and do often exist for months or years in application code without being exploited, a malicious package represents an immediate threat to an organization, intentionally designed to do harm. In the war for cybersecurity, attackers are innovating faster than companies can keep up with the threats coming their way. A new approach is needed to stay ahead of the impacts of malicious packages within applications.

Findings from our latest report "Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities" illustrate the growing threat of malicious packages. From 2021 to 2022, the number of malicious packages published to npm and rubygems alone grew 315 percent.

Mend.io technology detected thousands of malicious packages in existing code bases. The top four malicious package risk vectors were exfiltration, developer sabotage, protestware, and spam. Nearly 85 percent of malicious packages discovered in existing applications were capable of exfiltration – causing an unauthorized transmission of information. Threat actors leveraging this type of package can easily collect protected information before the package is discovered and removed.

We’ll share why as long as open source means open, the door will be left open to bad actors, so it’s especially critical to know when things are being brought into your code. Malicious packages represent an immediate threat, unlike vulnerabilities, and can not be taken lightly.

Segment Resources: 360° Malicious Package Protection - https://www.mend.io/malicious-open-source-package-protection/

Please download the Mend Malicious Packages Special Report and be on the lookout for a webinar reviewing the findings on May 30. You can learn more about how to get ahead of malicious packages at https://www.mend.io/malicious-open-source-package-protection/

This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to learn more about them!