Expert(s):
Senior Security Strategist feature_status*/ ?>
Synopsys

Comments Dotted : 51
January 22, 2021

Experts Reaction On World Economic Forum 2021 Report Cites Cyber Failure As 4th Highest Risk
Admitting that a problem exists is the first step in overcoming that problem.

Admitting that a problem exists is the first step in overcoming that problem. The World Economic Forum ranks cybersecurity failure as the fourth most pressing “clear and present danger” to the global economy. Managing cybersecurity requires organisations of all types and sizes to address cybersecurity directly. Organisations that use software (basically everyone) should put policies and processes in place to minimise risk and protect data. Organisations that build software must make security an

.....Read More

Admitting that a problem exists is the first step in overcoming that problem. The World Economic Forum ranks cybersecurity failure as the fourth most pressing “clear and present danger” to the global economy. Managing cybersecurity requires organisations of all types and sizes to address cybersecurity directly. Organisations that use software (basically everyone) should put policies and processes in place to minimise risk and protect data. Organisations that build software must make security an integral part of their development efforts. The costs of managing cybersecurity today are a small price to pay in comparison with the mammoth costs of cybersecurity failures in the future.

  Read Less
January 12, 2021

Experts Insight On UN’s Environmental Program Breach-100K+ Employee Records Leaked
Cybersecurity is important for every organisation, whether they know it or not.

Software is the critical infrastructure that supports organisations of all types. Cybersecurity is important for every organisation, whether they know it or not. 

 

The recent vulnerability found in the United Nations technology infrastructure shows just how easy it is to accidentally expose a large volume of sensitive data. Like any other organisation, the UN needs a top-down approach to cybersecurity, with defined policies for protecting assets and established processes for publishing

.....Read More

Software is the critical infrastructure that supports organisations of all types. Cybersecurity is important for every organisation, whether they know it or not. 

 

The recent vulnerability found in the United Nations technology infrastructure shows just how easy it is to accidentally expose a large volume of sensitive data. Like any other organisation, the UN needs a top-down approach to cybersecurity, with defined policies for protecting assets and established processes for publishing software. 

 

In this case, the United Nations’ Vulnerability Disclosure Program worked exactly as it should; security researchers located a dangerous vulnerability and the United Nations was able to fix it to prevent any further exploitation. This is a good outcome, but a better path forward would be a proactive approach, in which processes would be put in place to prevent such a vulnerability from ever being exposed in the first place. 

 

A proactive, positive approach to cybersecurity is the best way for organisations to reduce risk and protect their assets.

  Read Less
December 09, 2020

Expert Insight On Amnesia:33 Vulnerabilities Impact Millions Of Smart And Industrial Devices
The Amnesia:33 disclosures affect a software component used in many IoT devices for networking.
Security must be part of every phase of software development. During the design of an application, threat modeling and architectural risk analysis are critical. During development, static analysis helps minimize weaknesses, and software composition analysis (SCA) help minimize risks of third-party components. Fuzz testing minimizes risk by helping developers harden the application to unexpected or malicious protocol inputs. Security even plays a key role in software maintenance, when new.....Read More
Security must be part of every phase of software development. During the design of an application, threat modeling and architectural risk analysis are critical. During development, static analysis helps minimize weaknesses, and software composition analysis (SCA) help minimize risks of third-party components. Fuzz testing minimizes risk by helping developers harden the application to unexpected or malicious protocol inputs. Security even plays a key role in software maintenance, when new vulnerabilities in software components might be discovered and software updates might be necessary. The Amnesia:33 disclosures affect a software component used in many IoT devices for networking. While these weaknesses were most likely located using fuzzing, they highlight the importance of software composition analysis for vendors. After you release a product, you need to respond if new weaknesses are discovered in software components that you already used. In an ideal scenario, devices would be able to update themselves with a newer version of the component that does not have the same weaknesses. For many IoT devices, getting a functioning product to market quickly takes precedence over, which means manufacturers might not have an automatic mechanism for updates, or indeed, might not even be devoting resources to maintaining released products.  Read Less
November 25, 2020

Expert Advise On Black Friday And Cyber Monday
Research unfamiliar web sites to determine legitimacy.
Online holiday shopping this year will be more popular than ever, as the global pandemic encourages shoppers to stay home. Consequently, we can expect to see an increase in cybercrime and scams. The best way to make better software is by incorporating security at every phase of the development process. When designing software, vendors should use threat modeling to incorporate features that thwart attacks. Defense in depth and other secure design principles should be used. When building and.....Read More
Online holiday shopping this year will be more popular than ever, as the global pandemic encourages shoppers to stay home. Consequently, we can expect to see an increase in cybercrime and scams. The best way to make better software is by incorporating security at every phase of the development process. When designing software, vendors should use threat modeling to incorporate features that thwart attacks. Defense in depth and other secure design principles should be used. When building and testing software, vendors need to integrate automated security testing to find and fix more vulnerabilities before release. Unfortunately, consumers don’t have visibility into how apps and web sites are built, so it is nearly impossible to assess the risk of using a particular piece of software. However, consumers can take proactive steps to protect themselves. Keep system software and applications up to date to guard against known vulnerabilities. Protect accounts with multifactor authentication whenever possible; strong, hard-to-guess passwords are recommended. As always, be wary of anything that seems too good to be true, particularly unsolicited emails or texts offering free gift cards. Research unfamiliar web sites to determine legitimacy. When application developers build security in, and consumers follow best practices, we will have a safe and enjoyable online holiday shopping season.  Read Less
November 03, 2020

Lazda And Eatigo Suffer Data Breach; Millions Of Account Details Sold Online
The best you can do is recognise this reality and take steps to protect yourself.
What can ordinary people do? Consumers do not have much individual power. We would like to strongly encourage companies to be scrupulously careful about their cybersecurity, to safeguard your information as carefully as you do. In the absence of collective action, or strong legislation, consumers are mostly on their own. The best you can do is recognise this reality and take steps to protect yourself. Given the sheer number and volume of data breaches, every consumer should assume that at.....Read More
What can ordinary people do? Consumers do not have much individual power. We would like to strongly encourage companies to be scrupulously careful about their cybersecurity, to safeguard your information as carefully as you do. In the absence of collective action, or strong legislation, consumers are mostly on their own. The best you can do is recognise this reality and take steps to protect yourself. Given the sheer number and volume of data breaches, every consumer should assume that at least some of his or her personal information is available to cyber criminals. With this in mind, be highly skeptical of unsolicited emails or phone calls, even when the caller seems to know information that only a legitimate organisation would know. Never, ever provide passwords, government identification numbers, account numbers, or other sensitive information in response to unsolicited communications. Ask to call back anyone asking for such information. Independently verify that the request is valid. Use two-factor authentication for any sensitive services. This minimises the risk of an attacker using your stolen credentials in a credential-stuffing attack.  Read Less
October 14, 2020

Cybersecurity Experts Reacted On Hackney Council Cyber Attack
Every organisation is a software organisation, even the Hackney Council in North London.
Every organisation is a software organisation, even the Hackney Council in North London. Consequently, every organisation must have a software security initiative (SSI). The purpose of the SSI is to set up policies and processes for protecting the organisation, detecting when attack is underway, responding quickly to any intrusion, and restoring systems and data after an attack. Business continuity planning is always important. The global pandemic has unequivocally demonstrated that all.....Read More
Every organisation is a software organisation, even the Hackney Council in North London. Consequently, every organisation must have a software security initiative (SSI). The purpose of the SSI is to set up policies and processes for protecting the organisation, detecting when attack is underway, responding quickly to any intrusion, and restoring systems and data after an attack. Business continuity planning is always important. The global pandemic has unequivocally demonstrated that all organisations must prepare for unexpected events. Proactive actions include keeping systems updated, using multifactor authentication, user education, and backups. Reactive actions include containing an attack, implementing emergency processes, and restoring infected systems. Risk can never be eliminated, but managing software security in a methodical, disciplined manner lowers the likelihood of a successful attack, and makes cleaning up and restoring services after an attack quicker and less expensive.  Read Less
August 05, 2020

Expert Reaction On Mirai Botnet Is Targeting RCE Vulnerability In F5 BIG-IP Software
Thinking about security during every phase of the SSDLC means that the vendor locates and eliminates more vulnerabilities during product development.
It’s no surprise that the Mirai botnet now includes an exploit for CVE-2020-5902, and it is a good example of how known vulnerabilities get weaponized. Outside observers can easily Monday-morning-quarterback by suggesting that all affected customers should immediately upgrade their F5 products to the latest software versions. Unfortunately, it’s not that easy. Making a change to any production deployment is a risk—if it ain’t broke, operations people are reluctant to fix it, for good.....Read More
It’s no surprise that the Mirai botnet now includes an exploit for CVE-2020-5902, and it is a good example of how known vulnerabilities get weaponized. Outside observers can easily Monday-morning-quarterback by suggesting that all affected customers should immediately upgrade their F5 products to the latest software versions. Unfortunately, it’s not that easy. Making a change to any production deployment is a risk—if it ain’t broke, operations people are reluctant to fix it, for good reason. Infrastructure upgrades are ideally made in a controlled fashion, with a defined, measured process for making upgrades in a test environment and performing extensive testing before rolling the upgrades out to production. Faced with a near-constant deluge of patches and upgrades, this process can get clogged. While vulnerabilities and upgrades are an inevitable part of using software, when vendors follow a Secure Software Development LIfe Cycle (SSDLC), such disruptions are minimized. Thinking about security during every phase of the SSDLC means that the vendor locates and eliminates more vulnerabilities during product development, minimizing the downstream risk for their customers. More secure, safer products with fewer emergency patches are a competitive advantage.  Read Less
July 24, 2020

Experts Insight On Premier League Club Almost Loses £1m to Hackers
Every organisation either creates software or uses it, and many do both.
The narrowly avoided theft of nearly £1m from a Premier League football club is hardly surprising, but serves to highlight some truths of the current era. First, every organisation is a software organisation. Every organisation either creates software or uses it, and many do both. Consequently, all organisations must embed software security into their culture. Security cannot be bolted on to existing processes and systems. Responsibility for security cannot be assigned to a single group.....Read More
The narrowly avoided theft of nearly £1m from a Premier League football club is hardly surprising, but serves to highlight some truths of the current era. First, every organisation is a software organisation. Every organisation either creates software or uses it, and many do both. Consequently, all organisations must embed software security into their culture. Security cannot be bolted on to existing processes and systems. Responsibility for security cannot be assigned to a single group within an organisation, but must be part of how everyone goes about their daily business. Finally, as organisations gradually get smarter about how they approach software security, attackers shift their attention from the software to the humans operating the software. The attempted theft at the football club was enabled by compromising the credentials of the club’s managing director, which was likely accomplished through social engineering.  Read Less
July 15, 2020

Experts On MGM Hotel Breach
Be very skeptical when someone uses your information to appear to be a legitimate organisation.
The scope of the MGM Grand data breach appears to be much wider than originally thought. However, the details are murky. Is the information for sale really legitimate? Was the information pulled from MGM Grand or from a leak monitoring system? We might never know the real story. What is crystal clear, however, is the importance of properly handling sensitive information, both for consumers and for organisations. For consumers, the continual stampede of data breaches shows that much more of.....Read More
The scope of the MGM Grand data breach appears to be much wider than originally thought. However, the details are murky. Is the information for sale really legitimate? Was the information pulled from MGM Grand or from a leak monitoring system? We might never know the real story. What is crystal clear, however, is the importance of properly handling sensitive information, both for consumers and for organisations. For consumers, the continual stampede of data breaches shows that much more of your information is available to a much wider audience than ever before. Be very skeptical when someone uses your information to appear to be a legitimate organisation. As for passwords, make sure you use strong passwords and do not ever reuse the same password across multiple different services. Use two-factor authentication whenever possible. For those building software and systems, security must be front-of-mind in every phase, from design through implementation to maintenance. Security cannot be added on as an afterthought. Sensitive data must be protected in multiple layers, such as strong access controls, encryption for data in transit, and encryption of data at rest. With proper design and implementation, systems can safeguard sensitive information by making the attacker cost prohibitively high.  Read Less
June 17, 2020

A Legion Of Bugs Puts Hundreds Of Millions Of IoT Devices At Risk
Nevertheless, something will always go wrong and updates will always be necessary.
The Ripple20 disclosures are a graphic illustration of three truths in software development. First, security must be integrated to every part of software development. From threat modeling during design to automated security testing during implementation, every phase of software development must involve security. Vulnerabilities that escape unnoticed represent serious risk. Finding and fixing more vulnerabilities during development translates directly to lower risk. Second, organisations.....Read More
The Ripple20 disclosures are a graphic illustration of three truths in software development. First, security must be integrated to every part of software development. From threat modeling during design to automated security testing during implementation, every phase of software development must involve security. Vulnerabilities that escape unnoticed represent serious risk. Finding and fixing more vulnerabilities during development translates directly to lower risk. Second, organisations that create software must manage their third-party components. The main reason for the far-reaching effects of the Ripple20 vulnerabilities is that they are vulnerabilities in a network component used by many organizations in many products. Each software development organisation must understand the third-party components they are using to minimise the risk that they represent. Finally, all software products must be able to update themselves. Using secure development practices and managing third-party components will result in fewer, less frequent updates. Nevertheless, something will always go wrong and updates will always be necessary. Systems and devices must be able to update themselves securely, and the manufacturer must make a commitment to maintaining the software for some clearly stated time period.  Read Less