The countdown is on to Keyfactor Tech Days     | Secure your spot today!

Digital Trust Digest: This Week’s Must-Know News

Industry Trends

The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.

graphic illustration of a pixellated world map and computer code
Icon Icon

Identity Management Day 2023 highlights identity-based security

Identity management is a key component of any security strategy. Identity Management Day encourages leaders to educate themselves on best practices for managing digital identities, from strong password policies to phishing education and two-factor authentication.

VMBlog interviewed over 20 security experts — including Keyfactor’s own CSO, Chris Hickman — to get their take on the future of identity and the role it plays in the cybersecurity landscape.

Check out the full piece for a roundup of perspectives across the industry.

Icon Icon

White House security strategy raises the bar for software standards

Somewhere around half a billion data records were compromised last year — and that’s just the damage that was detected and reported. And last year’s prosecution of Uber’s CISO for mishandling a 2016 cyberattack shows that the stakes are rising for vendors who fail to prioritize security. 

Writing for the Forbes Technology Council, Secure Code Warrior CEO Pieter Danhieux believes the White House’s new cybersecurity strategy will usher in a new era of security-skilled developers and cement NIST’s development framework as the definitive basis for general best practices.

A sea change is happening that repositions security as a value-add to product quality. To see what that means for your organization, read Danhieux’s entire op-ed here.

photo of person working at a computer with a semi-transparent overlay of code over top
photo of man giving a presentation to a group
Icon Icon

“Stronger Together” emerges as the theme at RSA

Last year, the Rusia-Ukraine war was fresh on the minds of RSA attendees, and in the year since, it’s been revealed that organizations have been widely underprepared to handle cyber warfare. Additionally, an increasing number of security leaders reported suffering a breach within the past two years — 52% this year, up from 49% last year and 39% in 2021. 

This year, the RSA Conference has adopted the motto “Stronger Together,” which reflects the challenge of a highly fragmented cybersecurity market. Building resilience, leaders say, will be a team effort. 

The Silicon Angle has the hookup on all things RSA. Head to their site to stay plugged in with real-time updates

 

 

Icon Icon

Report shows federal agencies suffer gaps in cybersecurity

From staffing to risk management to systems reform, government agencies have been working to harden their cybersecurity posture against emerging threats. However, the U.S. Government Accountability Office (GAO) developed a report that found multiple agencies were ill-prepared to protect important government data. 

The GAO flagged gaps in the Department of Energy’s plans to protect the electrical grid from malicious actors and highlighted that supply chain vulnerabilities have yet to be addressed. Additionally, the report found that the Cybersecurity and Infrastructure Security Agency (CISA) has not updated its 2015 strategy to address emerging threats, nor has it evaluated existing programs supporting the communications sector’s resilience.

The report is the third of four in a series of reports outlining the highest cybersecurity risks to the government. Security Magazine has the full rundown.

graphic illustration of a magnifying glass examining an error icon
photo of a section of the earth from space with a graphic illustration of a connected web across it
Icon Icon

An expired certificate causes Musk’s Starlink to go offline

On April 8, an expired ground station certificate caused several hours of downtime for Starlink, SpaceX’s network of internet satellites. Elon Musk, SpaceX’s CEO, took to Twitter to decry the outage as “inexcusable.” 

While the details are unknowable by anyone outside of SpaceX, experts suspect the certificate was tied to a specific internet application or service, thus having no impact on other apps or services with valid certificates. In this way, the expired certificate presented a single-point vulnerability. 

It just goes to show how difficult it can be to gain enterprise-wide visibility into certificates and their lifecycles. CyberNews has the full scoop.