expert

General

Attacks on Shadow APIs Loom Large

Shadow APIs (Application Programming Interfaces) are now the biggest threat facing API security today. Analysis of more than 20 billion transactions from the first half of 2022 found 16.7 billion of these were malicious in nature and the majority (5 billion) were against unknown, unmanaged and unprotected APIs, more commonly referred to as Shadow APIs.

Read More
General

IoT Regulation: The Carrot and the Stick

Security is a real concern among consumers when it comes to the Internet of Things (IoT) which have time and again succumbed to a litany of attacks due to poor protection mechanisms and vulnerabilities. Yet vendors remain slow to implement the 13 guidelines contained in the UK DCMS Secure by Design Code of Conduct published way back in 2018 and which aligns with the international standard ETSI EN 303-645.
To help boost uptake, the UK Department for Culture, Media and Sport put out a tender to the industry to devise a scheme that would incentivise manufacturers to demonstrate proactive security compliance to customers. The result was the IASME scheme which offers three levels of compliance – Basic, Silver and Gold – in a bid to encourage the industry to take action. Those meeting the criteria can then display the associated badge on their products, reassuring customers. It’s the carrot, if you will, ahead of the legislation expected to be brought in next year under the Product Security and Telecommunications Infrastructure (PSTI) Bill.

Read More
General

Superintelligence Will Not Be Controlled

The invention of Artificial Intelligence will shift the trajectory of human civilization. But to reap the benefits of such powerful technology – and to avoid the dangers – we must be able to control it. Currently we have no idea whether such control is even possible. My view is that Artificial Intelligence  – and specifically its more advanced version, Artificial Super Intelligence– could never be fully controlled.  

Read More
General

Competing For Talent: How to Close the Cybersecurity Skills Gap

The cybersecurity sector is experiencing an unprecedented skills shortage and the bad news is that it is set to get worse. According to recent figures from the Department for Media, Culture and Sport (DCMS), there is an annual deficit of 14,000 entering the market which will lead to cumulative shortages. It is a situation further exacerbated by the Great Resignation which is seeing an exodus from the industry due to high stress levels and burn out rates, with more than a third tempted to quit their jobs.
There is particular demand for those in middle management or senior roles with three years of experience or more, according to the DCMS report, which is likely to cause problems for businesses over the next few years while new entrants hone their craft.

Read More
General

The Current Intersection of Universal Design and Cybersecurity and Why It Must Expand

Many businesses develop cybersecurity programs without considering universal design. This results in programs that fail to meet the needs of the entire workforce. Even worse, inaccessible cybersecurity programs can force workers to miss out on important security tips and insights. This can lead to data breaches that damage a company’s brand reputation and bottom line. 
A clear understanding of the relationship between cybersecurity and universal design is a must, especially as more industries become common targets for cyberattack. Cybersecurity professionals can apply universal design best practices in their everyday work. In doing so, they can develop and maintain best-in-class cybersecurity programs.

Read More
General

OT/ICS Security Training

This article is inspired by a recent article on the Computerworld site for Denmark, where one of the CISO’s for a big energy company lamented the lack of formal skills in the cybersecurity community on the security requirements for Operational Technology (OT) and Industrial Control Systems (ICS). This triggered light research from me on the options out there for relevant trainings and certifications.

Read More