Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/30/2021
10:00 AM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

7 Modern-Day Cybersecurity Realities

Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
Previous
1 of 8
Next

Image Source: Adobe Stock: freshidea

Image Source: Adobe Stock: freshidea

Move to the cloud. Shift left. Buy the latest XDR and deception tools. The technology and cybersecurity industry has always been susceptible to marketing hype, but do these moves actually make their organizations more secure? Or do they just add more complexity?

With all the major hacks, from SolarWinds to the issues with Microsoft Exchange, how can security pros sleep at night? They may think they are doing the right thing, but are they operating with a false sense of security?

Michael Isbitski, technology evangelist at Salt Security, says security pros have to focus more on securing the application programming interfaces (APIs) that power many of these tech strategies. From hosting internal cloud apps to relying on gateways and traditional patch management tools, the old methods don't focus enough on API security – and the APIs are susceptible to attackers.  

"With so much at stake, businesses need to humbly accept that they have been overly confident in these security approaches and tool choices," Isbitski says. "They should seek to update their tooling and processes accordingly to address modern threats."

We've compiled seven tips to help security pros sort out what they need to think about as they deploy many of these evolving security concepts and technologies.

 

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulieS680
50%
50%
JulieS680,
User Rank: Apprentice
5/17/2021 | 4:55:29 PM
Digital Identities are the most vulnerable attack vector
Great read, thanks!

I would add that cybersecurity pros need to embrace the importance of securing digital identities in their security strategies. As we've witnessed, digital identities (user names and passwords) are the most exploited attack vector  - with a valid set of credentials, criminals can just login to get access to critical resources and systems and do significant damage.

Modern approaches to identity security - the protection of human/machine identityes through technologies like dentity proofing, MFA, risk-based authentication -  and identity defined security - using a trusted identitiy to further secure transactions throughout the entire technology stack -  are important to addressing the cybersecurity realities we face today.
jake_hyve
50%
50%
jake_hyve,
User Rank: Author
5/4/2021 | 7:35:54 AM
Response to 7 Modern-Day Cybersecurity Realities article
Really interesting read. To add - I think everyone in a company should be responsible for ensuring security, not just the security or tech people
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38095
PUBLISHED: 2021-08-05
The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.
CVE-2021-32598
PUBLISHED: 2021-08-05
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting...
CVE-2021-32603
PUBLISHED: 2021-08-05
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafte...
CVE-2021-3539
PUBLISHED: 2021-08-04
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
CVE-2021-36801
PUBLISHED: 2021-08-04
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product.