Security and Observability for Cloud Native Platforms Part 3

Monitoring and observability are essential for Kubernetes runtime security, i.e., protection of containers (or pods) against active threats once the containers are running.
Monitoring is a predefined set of measurements in a system that are employed to detect the deviations from a normal range. Kubernetes can monitor a variety of data types (Pod logs, Network flow logs, Application flow logs and Audit logs) and metrics (Connections per second, Packets per second, Application requests per second and CPU and memory utilization). These logs and metrics are utilized to identify known failures and provide detailed information to resolve the issue.

Read more

The Complete Guide to Data Security for Omnichannel Retailers

The retail sector is rapidly digitizing. As consumers push for seamless online experiences, many retailers have embraced an omnichannel approach to marketing and sales. Retailers are considered omnichannel when they incorporate several different methods of shopping such as an online shop, a physical store and excepting phone sales. While this shift has many business advantages, data security for omnichannel retailers often falls short — and retail cyber attacks grow.
Omnichannel strategies aim to provide a consistent experience across in-store, social media and online shop interactions on all devices. Businesses employing them retain 89% of their customers, so omnichannel is quickly becoming the norm. However, these strategies’ cybersecurity challenges become more concerning as retail data security issues rise.

Read more

Security and Observability for Cloud Native Platforms Part 2

There are several possible routes to attacking a containerized deployment, and one way to map them is to think of the potential attack vectors at each stage of a container’s life cycle.
The life cycle starts with the application code written by a developer. This code, as well as the third-party dependencies on which it relies, may contain flaws known as vulnerabilities. There are thousands of vulnerabilities that have been published, and if they exist in an application, an attacker may have the ability to exploit them. Examples of vulnerabilities are secret exposure and application (including CNF microservices) traffic in plane text, which can be intercepted and altered.

Read more

The CFO and Cybersecurity – An Essential Partnership

It’s time the CFO got involved in cybersecurity. Remote working has opened vast possibilities for cyber-attackers to access financial data and processes, spreading risk factors well beyond the borders of the IT department.
Everything can be done, and is, on the internet these days, thanks to the global pandemic.

Read more

Security and Observability for Cloud Native Platforms Part 1

This article comprises three parts. We first introduce what a cloud native platform is with a deep dive into Kubernetes (K8s), which is the most popular open-source solution to container orchestration. Then, we discuss the threat landscape and overall security framework for mitigating the corresponding risks. The last part of the article focuses on monitoring and observability using the extended Berkeley Packet Filter (eBPF) technology.

Read more

The History of Hacking Part 2

So, we are at the second part of the history of hacking. If you missed the first part, you can find the article right here on Cybersecurity Magazine. Last time we looked at the Legion of Doom (LoD) and we’ll stick with them here at the start, because in the early nineties what became known as the hacker wars were raging! These wars were fought between members of the LoD and members of the Masters of Deception(MoD). This time it is about the story from the ’90s until 2010.

Read more

Competing For Talent: How to Close the Cybersecurity Skills Gap

The cybersecurity sector is experiencing an unprecedented skills shortage and the bad news is that it is set to get worse. According to recent figures from the Department for Media, Culture and Sport (DCMS), there is an annual deficit of 14,000 entering the market which will lead to cumulative shortages. It is a situation further exacerbated by the Great Resignation which is seeing an exodus from the industry due to high stress levels and burn out rates, with more than a third tempted to quit their jobs.
There is particular demand for those in middle management or senior roles with three years of experience or more, according to the DCMS report, which is likely to cause problems for businesses over the next few years while new entrants hone their craft.

Read more

Hackers History: Part 1

erm “hacker” was used as a term of honour for someone who was able to come up with creative solutions to programming problems. The term hacker changes from something positive to something negative during this period. This happens when a journalist gets the term changed after an interview. When exactly this happens, there is a lot of disagreement about, therefore I will refrain from giving a precise year. This is also the period when you start hearing the name Kevin Mitnick for the first time. He has been described far and wide in many places, including in a movie.

Read more

Do I Still Need a WAF?

The FBI recently released a public advisory regarding a sharp rise in deepfake videos being used by scammers when applying for remote positions. Combined with identity theft, these criminals are able to convince their would-be remote employers that they are who they claim, and often get positions that have access to sensitive data.
HR, recruiters, and other hiring professionals can no longer use only the techniques they used even a year ago when hiring for remote positions. Those in a hiring position need to be able to pick up on potential clues, such as lip movement that doesn’t coordinate with the audio. It’s not a matter of “this isn’t your parents’ world;” it’s “this isn’t even last year’s world.”

Read more