Thankful for These November Press Hits
Cyber Security, High Technology, Innovation, Technology Posted Nov 30, 2018 by Kayla Krause
Making our way into the holiday season, security buzz and client news continued to rise throughout the month of November. CHEN PR clients have certainly been busy – from tackling battery design and the Magecart cybercrime group to reflecting on past CISO roles and making “Cybersecurity Firms to Watch” lists. After indulging in Thanksgiving meals and catching up with family and friends, we are also thankful to have these awesome pieces of coverage from November.
Cadenza founder and CEO Christina Lampe-Onnerud, a former MIT postdoc and a battery industry veteran of more than 20 years, spoke with MIT News to discuss the Cadenza supercell battery architecture now being licensed globally. “The crazy idea at the time [of the company’s founding] was to see if there was a different way to engage with the industry and help it accept a new technology in existing applications like cars or computers,” said Lampe-Onnerud. “Our thought was, if we really want to have an impact, we could inspire the industry to use existing capital deployed to get a better technology into the market globally and be a positive part of the climate change arena.”
Dark Reading, 20 Cybersecurity Firms to Watch
InformationWeek and Interop revealed its third Top Vendors to Watch in 2019 and included Claroty in its “Security” category. As a result, Dark Reading published a slideshow of the nominated security vendors. Claroty, which operates in the industrial cybersecurity sector, received a major endorsement for its technology this year when a syndicate of investors – including several control system vendors and operators of industrial networks – pumped $60 million into the company in a Series B funding rounding in June. Industrial cybersecurity has emerged as a major concern this year amid news of heightened interest in critical infrastructure targets among nation-state-backed threat actors.
With the ever-growing possibilities of getting your personal information stolen and sold on the deep and dark web, at times it seems there is no measure too extreme when it comes to protecting yourself from potential hacks. Duo Security’s Wendy Nather, director of advisory chief information security officers, can attest to this. In an article by CNN Business, Nather explains how she uses a different credit card to make automated payments online than she does for normal, everyday purchases. She keeps things separate so that if her everyday credit card is breached, she doesn’t have to change the card for each of her automated payments. It also minimizes the potential damage a hacker can do because it’s not tied to any important online accounts.
Krebs on Security, That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
Flashpoint jointly released research with RiskIQ depicting the work of Magecart – a group of seven cybercrime groups involved in hacking web sites to steal payment card data. Both Flashpoint and RiskIQ have been observing over 800 sites hosting brand impersonation and skimming stores since June 2018. Using the digital equivalent of physical credit card skimmers on these high-profile sites, Magecart is allegedly responsible for the loss of hundreds of thousands of payments card records and victims’ personal data. Krebs sites this report and provides an example of a local photographer in Portland, Oregon whose website is now one of the fake ecommerce sites set-up by Magecart to steal credit card details.
Forum System’s CTO Jason Macy recently spoke with MeriTalk to discuss the role Application Programming Interfaces (APIs) play in federal IT modernization strategies. Macy says, “APIs have transformed the IT landscape. Modernization and DevOps all feed into the concept of an API strategy, which is a means to more easily communicate and modernize systems.” There is a huge difference between API management–managing, versioning, metering, and other lifecycle capabilities–versus securing APIs, he noted.
As organizations continue to arm themselves with an array of endpoint security products to keep up with today’s threat landscape, IT teams look to provide both a usable and secure end user computing environment. Lakeside’s CMO Tal Klein provides some insight on how this situation should be handled, “the bottom line is that both security and performance should be given equal priority, which means as end-user computing leaders define ‘acceptable user experience,’ information security leaders need to delineate what their organization’s ‘acceptable risk’ is.”
Security Boulevard, 3 Ways CISOs Can Pump Up Their Political Prowess
Jack Jones, Co-Founder and Chief Risk Scientist at RiskLens, recently spoke with Ericka Chickowski about lessons learned about being a CISO after he stopped being a CISO. Having played the CISO role at serveral firms including Nationwide Insurance, CBC Companies, and Huntington Bank, Jack says some of the hardest challenges that CISOs have in carrying out their responsibilities tend to involve the use of soft skills. He says they’ve often get their certifications and systems knowledge licked, but struggle with the leadership elements, the team-building and the politics of making it as an executive in the corporate world.
Quite possibly one of the largest data breaches in history, Marriott just disclosed a compromise that affected at least 500 million people and stretches back to 2014. Marriott officials said the intrusion occurred some time in 2014 but they only became aware of the compromise when an internal security system raised an alert about an unauthorized access attempt to the Starwood guest reservation system on September 8, 2018. SafeBreach co-founder and CTO Itzik Kotler provides some insight on this compromise and the affect the adversary has in this situation.