Tag Archive for: leadership

Sternum Adds the Cybersecurity Expert Behind NotPetya Malware Vaccine to Its Security Leadership Team | News

/in


TEL AVIV, Israel–(BUSINESS WIRE)–May 19, 2022–

Sternum, the pioneer in autonomous security and analytics for IoT devices, welcomes Amit Serper, a leading international cybersecurity expert, as its new Director of Security Research. As a veteran cybersecurity professional with a record of excellence in the field, Amit bolsters Sternum’s vast research capabilities with his decades of expertise in reverse engineering, vulnerability exploitation, and ethical hacking.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220519005910/en/

Amit Serper a leading international cybersecurity expert joins Sternum as its new Director of Security Research (Photo: Business Wire)

The global total of cyberattacks is surging year on year as hackers exploit the ever-growing trend toward digitalization. An uptick in international tensions is further exacerbating the trend as Russia allegedly unleashed its cyber-arsenal on Ukraine in the run-up to its ground incursion. Previously, the U.S. intelligence community blamed Moscow for NotPetya malware attacks on Ukrainian networks, which destroyed sensitive data on a variety of servers and spilled out beyond Ukraine to wreak havoc on businesses.

Amit Serper, who found a “vaccine” for NotPetya, now joins Sternum’s leadership team to lend the company his vast expertise in cybersecurity. Amit will be in charge of Sternum’s security research, leading its team of cybersecurity experts as they work to transform the IoT defense paradigm.

Before joining Sternum, Amit worked as the Director of Security Research for Akamai Technologies, a U.S. cloud and cybersecurity giant, where he focused on enterprise network protection. Prior to that, he held the offices of North American VP of Security Research for Guardicore, a network segmentation company, ahead of its acquisition by Akamai. Amit also held a number of positions in Cybereason, working his way up from Senior Security Researcher to VP for Security Strategy. His private sector career followed years of service in the Israeli military and intelligence, where he took on a variety of security roles and…

Source…

Ransomware Report Points to Leadership Problems

/in


By the looks of things, phishing and ransomware are here to stay. There was a time when a wannabe hacker needed moderate coding and hacking skills, but today’s cybercriminals can use a credit card to purchase ready-made phishing and ransomware kits from the dark web. 

A recent report, “Fighting Phishing: The IT Leader’s View,” published by security software firm Egress, confirmed that phishing and ransomware are causing a revolving door of break-ins and breaches for businesses. Yet, there continues to be a disconnect about the prioritization of cybersecurity at the board of directors level, the report found. The report surveyed 500 U.S. and UK IT leaders from businesses that ranged from medium to enterprise sizes.

Related: Walmart Security Chief Criticizes Data Breach Prevention Strategies

“In addition to the disconnect at the board level, the one [report] stat that jumped out to us was the fact that 84% of surveyed organizations have suffered a phishing attack in the past 12 months,” said Jack Chapman, Egress vice president of threat research.

“That is a staggering number with all the discussions about cybersecurity that have gone on around the world this past year,” Chapman added. He noted that the large number of phishing victims suggests that threats are becoming more sophisticated and targeted.

For the organizations affected by phishing attacks, there was a relatively even split between two key tactics attackers used to deploy malware: people clicking malicious links (52%) and people opening malicious attachments (45%).

Watch this video to learn about ransomware prevention tactics and more.

The Effectiveness of Security Awareness Training

Security awareness training for employees does not appear to diminish the amount of phishing exposure. “The research found that 98% of organizations have delivered security awareness training to employees,” Chapman said. “Clearly, security awareness training alone is not enough to protect employees from phishing.”

Forty-five percent of surveyed IT leaders said their organizations change their…

Source…

Who’s on top? The US-European struggle for internet leadership

/in


The new, U.S./EU Trade & Technology Council’s (TTC) first meeting in Pittsburgh in late September highlighted the differences between Europe and the United States on how governments should approach the internet. Broadly, the U.S. and Europe have offered different perspectives over the rules of the road for the internet for decades, and — combined with the Chinese-Russian highly nationalist model — offer three alternate pathways for the future of the internet. Most other countries, the internet and computer industries, and billions of users around the world are watching to see who’s on top.

Although trade, R&D and climate policies are also important parts of the TTC’s mandate, there are numerous other venues for US-EU talks on these three topics, suggesting that the real purpose of the TTC is how to manage the internet. While internet policies are only one piece of a much larger, increasingly tense, European-American relationship, the struggle over control of the internet has its own history, and — because of the internet’s impact on society, trade, security, and national politics — internet policy may have now become the single most important feature of the transatlantic relationship.

To understand the different perspectives, one must begin a few decades ago.

The third perspective on internet governance — the highly nationalistic one pursued by China, Russia and around a dozen other countries — for brevity’s sake, will not be addressed here. But it provides an important, third approach to internet governance.

By the mid-1990s, many European leaders recognized that the era of free-standing, unconnected computers was ending and that, in the future, networked computers would be a globally-dominant industry, as the aerospace, entertainment and the mainframe computer industries had been: Whoever housed and controlled the coming networked computing industry would hold the high ground in guiding and perhaps controlling the world’s economy, security and culture.

Many Europeans were determined to not let Americans dominate yet another controlling industry, but, at the time, it was not clear whether private networks, like France’s Minitel, or open networks, like…

Source…

Microsoft’s Opportunity to Reinvigorate Security Leadership

/in


The White House-hosted cybersecurity summit on August 25, 2021 was an opportunity for representatives from the private and public sectors to discuss how they can collaborate to address pressing information and computer security issues.  Many of the leading technology companies, such as Amazon, Google, IBM and Microsoft, made commitments to expand cybersecurity funding and to help address the shortage of skilled cybersecurity professionals.

Microsoft pledged to “invest $20 billion over the next five (5) years to accelerate efforts to integrate ‘cybersecurity by design’ and deliver advanced security solutions.  This was, by far, the largest commitment from any of the leading cloud and information technology companies in attendance.

$20 Billion, in Context

Microsoft’s commitment to invest $20 billion over five years to improve cybersecurity software resilience is a significant dollar amount. However, when put into context, the amount represents only a tiny share of the total amount companies are presently spending on (and earning from) cybersecurity. According to IDC and Gartner, the overall market for cybersecurity products and services was between $125 billion and $134 billion in 2020.

On average, then, Microsoft’s promise breaks down to $4 billion a year; substantially more than the $1 billion in security investment Microsoft committed to in 2017.  It is also only a fraction of the $10 billion in revenue Microsoft earned over a 12-month period from “advanced security and compliance” products and services sold to hundreds of thousands of enterprise customers.  In fiscal year 2021, for instance, Microsoft had total revenue of $168 billion with net income of $61 billion.

Reinvigorate Trustworthy Computing

One of the seminal moments in cybersecurity history was the “Trustworthy Computing” memo Bill Gates sent to all Microsoft employees on January 15, 2002. In that email, Gates (then chairman and chief software architect at the company) stated that Microsoft needed to focus on building more reliable products. Security requirements needed to be the priority.

That focus led to the development of Microsoft’s security development life cycle (SDL) process, on which all…

Source…