The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.
Attackers leak private keys for MSI products
Last month, ransomware group Money Message announced it had infiltrated MSI and stolen sensitive company files, including source code. When MSI refused to pay the ransom, the group posted the stolen assets on its website on the dark web.
An analysis of the leaked files confirmed they contain private code signing keys for MSI’s firmware across 57 products. In the wrong hands, these keys could be used to sign malware disguised as MSI updates, thus avoiding most antivirus systems. In any case, delivering new signing keys will be complicated because doing so will still require using the stolen ones.
MSI is the latest casualty of a lack of security in the software supply chain. For the full fallout, PC Mag has you covered.
IBM unveils post-quantum tools to secure business and government data
At its annual Think conference in Orlando, IBM unveiled a new set of tools and capabilities designed as an end-to-end, quantum-safe solution for businesses and government agencies in the post-quantum future.
In addition to tools that help locate cryptographic assets and compile dynamic cryptography inventory, IBM released its first blueprint that helps organizations prepare for quantum. The IBM Quantum Safe Roadmap helps organizations understand their cryptography usage, analyze their cryptography postures, and remediate issues.
Post-quantum migration will be a huge endeavor. To start formulating your strategy, read more at CSO Magazine.
AI, ChatGPT, and identity security’s critical human element
Some claim that the advent of ChatGPT is as transformative as man’s discovery of fire, while others feel the AI explosion has been heavily over-hyped. A new opinion piece in CSO Magazine considers the potential advantages of AI in the context of security.
What AI can do: automate tasks like log file analysis and threat trend mapping, as well as help produce comms materials that resonate with business stakeholders and build program support.
What it can’t do: Bring to bear human cognitive reasoning, nuance, and first-hand experience.
Of course, the future needs both. After all, malicious actors are taking advantage of AI, too. To see how the good guys can win the AI battle, check out the full piece at CSO Magazine.
State-sponsored attackers now the largest cyber concern for the public sector
In a new report commissioned by SolarWinds, public sector organizations from the federal to the local levels ranked foreign nation-state attackers as their biggest concern. Between the war in Ukraine and headline-grabbing attacks on schools, healthcare, and infrastructure entities, it’s easy to see why.
Behind foreign threats, respondents noted that bad digital hygiene within the organization, budgetary restraints, and IT complexity contributed to sub-par security postures. Many agencies are turning to zero trust to stay secure. Even organizations without a formal zero-trust strategy still model their approach according to zero-trust principles.
One thing is clear: organizations are being proactive. For more about their next steps and biggest barriers, check out NextGov’s rundown.
Business leaders can’t afford to ignore cybersecurity anymore
A new survey from Delinea shows a disconnect between business leaders and security teams. Only 37% of respondents said their company’s leadership has a solid understanding of cybersecurity’s role as a business enabler.
Over half of the respondents felt that their organization’s leadership only considered cybersecurity as a compliance or regulatory issue, or did not view cybersecurity as a business priority at all. The disconnect comes with several negative consequences, from increased successful cyber attacks to delays in strategic decision-making.
What will it take for the C-suite and board level to get cybersecurity, and what will happen if they don’t? Help Net Security has the answers.