The countdown is on to Keyfactor Tech Days     | Secure your spot today!

Digital Trust Digest: This Week’s Must-Know News

Industry Trends

The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.

hands typing on a computer with a large icon of a red padlock overlaid
Icon Icon

Attackers leak private keys for MSI products

Last month, ransomware group Money Message announced it had infiltrated MSI and stolen sensitive company files, including source code. When MSI refused to pay the ransom, the group posted the stolen assets on its website on the dark web.

An analysis of the leaked files confirmed they contain private code signing keys for MSI’s firmware across 57 products. In the wrong hands, these keys could be used to sign malware disguised as MSI updates, thus avoiding most antivirus systems. In any case, delivering new signing keys will be complicated because doing so will still require using the stolen ones. 

MSI is the latest casualty of a lack of security in the software supply chain. For the full fallout, PC Mag has you covered.

Icon Icon

IBM unveils post-quantum tools to secure business and government data

At its annual Think conference in Orlando, IBM unveiled a new set of tools and capabilities designed as an end-to-end, quantum-safe solution for businesses and government agencies in the post-quantum future.

In addition to tools that help locate cryptographic assets and compile dynamic cryptography inventory, IBM released its first blueprint that helps organizations prepare for quantum. The IBM Quantum Safe Roadmap helps organizations understand their cryptography usage, analyze their cryptography postures, and remediate issues. 

Post-quantum migration will be a huge endeavor. To start formulating your strategy, read more at CSO Magazine.

graphic illustration of Matrix-style computer characters with an atomic icon in the middle
blue circuitry with the ChatGPT logo in the center
Icon Icon

AI, ChatGPT, and identity security’s critical human element

Some claim that the advent of ChatGPT is as transformative as man’s discovery of fire, while others feel the AI explosion has been heavily over-hyped. A new opinion piece in CSO Magazine considers the potential advantages of AI in the context of security. 

What AI can do: automate tasks like log file analysis and threat trend mapping, as well as help produce comms materials that resonate with business stakeholders and build program support.

What it can’t do: Bring to bear human cognitive reasoning, nuance, and first-hand experience. 

Of course, the future needs both. After all, malicious actors are taking advantage of AI, too. To see how the good guys can win the AI battle, check out the full piece at CSO Magazine.

 

 

Icon Icon

State-sponsored attackers now the largest cyber concern for the public sector

In a new report commissioned by SolarWinds, public sector organizations from the federal to the local levels ranked foreign nation-state attackers as their biggest concern. Between the war in Ukraine and headline-grabbing attacks on schools, healthcare, and infrastructure entities, it’s easy to see why. 

Behind foreign threats, respondents noted that bad digital hygiene within the organization, budgetary restraints, and IT complexity contributed to sub-par security postures. Many agencies are turning to zero trust to stay secure. Even organizations without a formal zero-trust strategy still model their approach according to zero-trust principles. 

One thing is clear: organizations are being proactive. For more about their next steps and biggest barriers, check out NextGov’s rundown

graphic illustration with binary code and an overlay of the world map
photo of man presenting in front of charts and graphs on a screen
Icon Icon

Business leaders can’t afford to ignore cybersecurity anymore

A new survey from Delinea shows a disconnect between business leaders and security teams. Only 37% of respondents said their company’s leadership has a solid understanding of cybersecurity’s role as a business enabler. 

Over half of the respondents felt that their organization’s leadership only considered cybersecurity as a compliance or regulatory issue, or did not view cybersecurity as a business priority at all. The disconnect comes with several negative consequences, from increased successful cyber attacks to delays in strategic decision-making. 

What will it take for the C-suite and board level to get cybersecurity, and what will happen if they don’t? Help Net Security has the answers