Author Ian Keller Posted on Categories CISO BlogTags , , , , ,   Leave a comment on The Password Era is Dying (Slowly)

The Password Era is Dying (Slowly)

The FIDO Alliance has been dropping some knowledge on the state of digital identity and security. And let’s be honest, it’s a mixed bag.

On the one hand, we’ve got the Credential Exchange Format (CXF), which is like a translator for your digital credentials. It helps your devices and apps talk to each other without getting lost in translation. This is a big deal because it means smoother transitions between platforms and less risk of data loss.

But on the other hand, we’ve got the FIDO Alliance Consumer Barometer 2024, which paints a picture of consumers who are still stuck in the past. Despite the rise of stronger authentication methods like biometrics and passkeys, passwords are still the king of the castle. It’s like people refusing to give up their flip phones when smartphones hit the scene.

The FIDO Alliance has been dropping some knowledge on the state of digital identity and security. And let’s be honest, it’s a mixed bag.

On the one hand, we’ve got the Credential Exchange Format (CXF), which is like a translator for your digital credentials. It helps your devices and apps talk to each other without getting lost in translation. This is a big deal because it means smoother transitions between platforms and less risk of data loss.

But on the other hand, we’ve got the FIDO Alliance Consumer Barometer 2024, which paints a picture of consumers who are still stuck in the past. Despite the rise of stronger authentication methods like biometrics and passkeys, passwords are still the king of the castle. It’s like people refusing to give up their flip phones when smartphones hit the scene.

Author Ian Keller Posted on Categories Threat ActorsTags , , , , , , , ,   Leave a comment on GoldenJackal: The Air-Gapped Assassin

GoldenJackal: The Air-Gapped Assassin

GoldenJackal the cybercriminal, who’s defying the laws (or is it paws) of physics and cybersecurity and like the furry hairball namesake is also expanding its territory. This sophisticated threat actor has managed to breach air-gapped networks not once, but twice, using two separate toolsets designed to infiltrate even the most isolated systems.

GoldenJackal the cybercriminal, who’s defying the laws (or is it paws) of physics and cybersecurity and like the furry hairball namesake is also expanding its territory. This sophisticated threat actor has managed to breach air-gapped networks not once, but twice, using two separate toolsets designed to infiltrate even the most isolated systems.

Author Ian Keller Posted on Categories CISO BlogTags , , , ,   Leave a comment on CISO’s in Retail: From Gatekeepers to Growth Catalysts

CISO’s in Retail: From Gatekeepers to Growth Catalysts

It’s a tale as old as time: the CISO, the eternal pessimist, the blocker of all things fun and innovative. But times are a-changin’. Thanks to the relentless march of technology and the ever-evolving threat landscape, the CISO is finally shaking off their reputation as the corporate buzzkill. According to a new report released by Netscope, retail CISOs are embracing their role as business enablers, not just gatekeepers. They’re saying “yes” to innovation, taking risks, and even embracing the chaos … Continue reading “CISO’s in Retail: From Gatekeepers to Growth Catalysts”

Author Ian Keller Posted on Categories CISO BlogTags , , , ,   Leave a comment on Marriott’s Massive Meltdown: A Tale of Neglect and Fallout

Marriott’s Massive Meltdown: A Tale of Neglect and Fallout

Marriott, the hotel giant that promised luxury and comfort, has instead delivered a nightmare of data breaches. Over the years, Marriott and its subsidiary, Starwood Hotels, have been a veritable buffet for hackers, leaving millions of customers’ personal information exposed.

The breaches were so egregious that Marriott has agreed to pay a hefty $52 million fine and implement stricter security measures. It’s like a slap on the wrist for a company that’s practically invited hackers to their digital party.

Marriott, the hotel giant that promised luxury and comfort, has instead delivered a nightmare of data breaches. Over the years, Marriott and its subsidiary, Starwood Hotels, have been a veritable buffet for hackers, leaving millions of customers’ personal information exposed.

The breaches were so egregious that Marriott has agreed to pay a hefty $52 million fine and implement stricter security measures. It’s like a slap on the wrist for a company that’s practically invited hackers to their digital party.

Author Ian Keller Posted on Categories CISO BlogTags , , , 2 Comments on Mamba 2FA: The Low-Life’s New Phishing BFF

Mamba 2FA: The Low-Life’s New Phishing BFF

Don’t be fooled by the name. We’re not talking about the sleek, black snake that can strike faster than the blink of an eye. No, we’re talking about Mamba 2FA, a new phishing platform that’s just as deadly, but in a much more insidious way.

Mamba 2FA is like a snake in the grass, lurking in the shadows of the digital world. It’s a PhaaS (Phishing-as-a-Service) platform, which means even the most clueless cybercriminal can unleash a sophisticated phishing attack with a few clicks. It’s like arming a toddler with a bazooka!

Don’t be fooled by the name. We’re not talking about the sleek, black snake that can strike faster than the blink of an eye. No, we’re talking about Mamba 2FA, a new phishing platform that’s just as deadly, but in a much more insidious way.

Mamba 2FA is like a snake in the grass, lurking in the shadows of the digital world. It’s a PhaaS (Phishing-as-a-Service) platform, which means even the most clueless cybercriminal can unleash a sophisticated phishing attack with a few clicks. It’s like arming a toddler with a bazooka!

Author Ian Keller Posted on Categories CISO BlogTags , , , ,   Leave a comment on The State of SaaS: A Complex Landscape of Opportunity and Risk

The State of SaaS: A Complex Landscape of Opportunity and Risk

The 2024 State of SaaS Security Report highlights the dual nature of SaaS: revolutionizing work while introducing security vulnerabilities. Key issues include decentralized control, lack of visibility, and overlooked SSPM. Organizations should educate employees, establish clear rules, prioritize critical assets, and invest in strong SSPM solutions to mitigate these challenges.

The 2024 State of SaaS Security Report highlights the dual nature of SaaS: revolutionizing work while introducing security vulnerabilities. Key issues include decentralized control, lack of visibility, and overlooked SSPM. Organizations should educate employees, establish clear rules, prioritize critical assets, and invest in strong SSPM solutions to mitigate these challenges.

Author Ian Keller Posted on Categories CISO BlogTags , , , , , , ,   Leave a comment on The GCC: A Cyberattack Hotspot

The GCC: A Cyberattack Hotspot

Cybercriminals and hacktivists are increasingly targeting the United Arab Emirates, Saudi Arabia, and other nations in the Gulf Cooperative Council (GCC) region. This surge in attacks is likely due to the region’s economic prosperity and its stance on geopolitical issues. According to a new report by Positive Technologies, DDoS attacks in the GCC region have skyrocketed by 70% in the past year. Hacktivists are using online forums to organize and execute these attacks, targeting both public and private sector organizations. … Continue reading “The GCC: A Cyberattack Hotspot”

Author Ian Keller Posted on Categories CISO BlogTags , , ,   Leave a comment on Women in Cyber

Women in Cyber

Saudi Arabia is advancing women’s participation in cybersecurity, aligning with Vision 2030 goals. This initiative enhances digital security and promotes gender equality and economic empowerment. Mentorship programs aim to challenge gender biases, fostering inclusivity. The Kingdom’s strategic efforts, including the National Cybersecurity Authority, are pivotal in protecting its digital infrastructure amidst rapid modernization.

Saudi Arabia is advancing women’s participation in cybersecurity, aligning with Vision 2030 goals. This initiative enhances digital security and promotes gender equality and economic empowerment. Mentorship programs aim to challenge gender biases, fostering inclusivity. The Kingdom’s strategic efforts, including the National Cybersecurity Authority, are pivotal in protecting its digital infrastructure amidst rapid modernization.

Author Ian Keller Posted on Categories CISO BlogTags , , ,   Leave a comment on Strengthening Information Security by Taming the Technical Debt Dragon

Strengthening Information Security by Taming the Technical Debt Dragon

First off lets define what technical debt is, specifically when looking at it through the lens of a CISO. Technical debt, in with this context, refers to the consequences of making suboptimal decisions for the sake of short-term benefits or to meet deadlines. It’s like borrowing money: while it can provide immediate relief, it eventually needs to be repaid, often with interest. Technical debt is a pervasive challenge in software development and it carries significant implications for information security. While … Continue reading “Strengthening Information Security by Taming the Technical Debt Dragon”