Enterprise Security WeeklySubscribe
Breach, AI/ML, Security Operations

Securing AI, SingTel sells Trustwave, Yubico IPO, Healthcare attacks & CISO Tenure – ESW #336

This week, in the enterprise security news,

  1. AI dominates new funding rounds (I’m shocked. This is my shocked face.)
  2. The buyer’s market continues, with lots of small acquisitions
  3. SingTel sells off Trustwave at a significant loss
  4. Yubico goes public (actually, a month ago, sorry we missed it)
  5. Yubico can also now ship pre-registered security keys
  6. New cybersecurity tools for board and exec-level folks
  7. Lessons learned from recent ransomware attacks
  8. Healthcare is increasingly under attack
  9. A study on CISO tenure - longer than you might think!
  10. Don’t miss today’s squirrel stories at the end!

All that and more, on this episode of Enterprise Security Weekly.

Full episode and show notes

Announcements

  • Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: Gutsy launches with huge $51M seed to bring process mining to security
  2. 2. FUNDING: French cybersecurity startup HarfangLab raises €25M Series A to further its European expansion
  3. 3. FUNDING: Conveyor raises $12.5M to automate security reviews using LLMs
  4. 4. FUNDING: Lakera and Deasie raise funding to make AI large language models more reliable – SiliconANGLE
  5. 5. FUNDING: Lakera launches to protect large language models from malicious prompts

    $10M Seed round led by Redalpine

  6. 6. FUNDING: Cyviation Raises Additional $4M in Funding
  7. 7. FUNDING: Vera wants to use AI to cull generative models’ worst behaviors

    $2.7M Seed round led by Differential Ventures

  8. 8. ACQUISITIONS: Zyston LLC Announces the Strategic Acquisition of Blue Lava
  9. 9. ACQUISITIONS: Arctic Wolf acquires cybersecurity automation platform Revelstoke
  10. 10. ACQUISITIONS: Uno team joins Okta to accelerate Okta Personal
  11. 11. ACQUISITIONS: SingTel to sell stake in Trustwave for $205 million

    After years of rumors of a sale at a big loss (throughout 2021 and 2022), it looks like SingTel is finally selling off a 98% stake in Trustwave for $205m. It acquired the company for $770m in 2015.

  12. 12. IPOS: Yubico Goes Public
  13. 13. NEW FEATURES: Passwordless by default: Make the switch to passkeys
  14. 14. NEW FEATURES: Jupyter AI

    https://nbviewer.org/github/engineersCode/EngComp7genAI/blob/main/notebooksen/1GenerativeAI-in-Jupyter.ipynb

  15. 15. NEW FEATURES: GitHub’s Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack
  16. 16. NEW FEATURES: Yubico can now ship pre-registered security keys to its enterprise users
  17. 17. NEW TOOLS: A Tool to Help Boards Measure Cyber Resilience
  18. 18. NEW TOOLS: How Material is That Hack
  19. 19. STANDARDS: A New Extension of the FAIR Standard: Introducing the FAIR Materiality Assessment Model (FAIR-MAM)
  20. 20. LESSONS LEARNED: How Vermont’s largest hospital now protects patient info 3 years after ransomware attack
  21. 21. LESSONS LEARNED: CISA shares vulnerabilities, misconfigs used by ransomware gangs
  22. 22. BREACHES: Recent Okta Super Admin Breach: Resilience Tips for Users
  23. 23. REPORTS: 2023 Ponemon Healthcare Cybersecurity Report

    I'm not a huge fan of Ponemon's work, as their methodologies are often questionable, but there are two main reasons I'm including this report:

    1. Ransomware operators repeatedly promised not to hit hospitals. Clearly that was a lie, and yet, the media and some vendors continue to report on cybercriminal statements as if they're factual (e.g. nearly everything you've read about how the MGM attack went down came from the bad guys).
    2. Attackers have been learning how to scale their attacks. I used to say that there would be a lot more breaches, but that the ratio of attackers to vulnerable companies was small enough that the number of breaches remained limited. I no longer think that's the case.
  24. 24. ESSAYS: The Evolution of the BISO Role: Challenges and Opportunities
  25. 25. ESSAYS: The Security Research Product Function
  26. 26. ESSAYS: Overcoming Security Obstructionism – mattjay
  27. 27. BOOKS: Securing Our Future: Embracing The Resilience and Brilliance of Black Women in Cyber
  28. 28. RESEARCH: F500 CISO Tenure
  29. 29. MEDIA: Security Newsletters: If you build it, they probably won’t come
  30. 30. SQUIRREL: Blind CEO Approval Rating: The Most Popular CEOs, According to Employees

    https://www.teamblind.com/blog/most-popular-ceo-approval-rating-2023/

  31. 31. SQUIRREL (and a cat): VA hospital’s IT snafu blamed on cat’s keyboard surfing

    https://www.theregister.com/2023/10/05/hospitalcatincident/

Deputy CISO at JupiterOne
Product Marketer and Content Strategist at OX Security
Senior Consultant at mandiant

Related

No CVE and No Accountability – PSW #851

Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memorie...