The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.
Digital trust becomes high-priority among Asia/Pacific organizations
A new report from IDC shows that the importance of digital trust is increasing, as is the emphasis on customer faith in cybersecurity, data privacy, and responsible AI.
Christian Fam, research manager for IDC’s Asia/Pacific Cybersecurity Services, defined digital trust as the confidence users and customers have in creating a secure digital world. As cybersecurity incidents continue to plague large and small organizations alike, service partners will demand good security hygiene and cyber resilience.
The report covers hardware, software, services, and people in the security market. To see the full scope of the report’s findings, head over to IDC.
Quantum will change the entire data encryption game
If you’ve been keeping up with quantum, you know by now that quantum will break symmetric and asymmetric cryptography commonly used today — and that’s a problem.
Last year, NIST selected four potential quantum-resistant algorithms to adopt into its post-quantum cryptographic standards. Three are based on structured lattices, and the fourth uses hash functions. NIST will examine four more algorithms. Three of them are code-based, and the fourth is isogeny-based.
There are several alternatives to today’s most common cryptographic approaches. Tech Target has a great breakdown of these options and what NIST is considering.
NIST seeks participants in supply chain and DevOps security project
After headline-grabbing breaches of developer environments and exploitations of software supply chain vulnerabilities, NIST has initiated a project to apply a risk-based approach to these vulnerabilities.
The Software Supply Chain and DevOps Security Practices project aims to spotlight development practices, tools, and frameworks that could help address cybersecurity challenges. This type of project exemplifies the government-private sector collaboration outlined in the White House’s national cybersecurity strategy unveiled earlier this year.
Want to participate? Applicants have until June 14 to submit a letter of interest. Learn more about the project at ExecutiveGov.com.
U.S. pharmacy giant hacked, millions of patients’ data exposed
Pharmacy service provider PharMerica, which operates more than 2,500 facilities in the U.S., filed a data breach notification in March. An investigation showed that an unnamed third party had accessed its systems days before and stolen the personal information of nearly six million current and deceased individuals.
New-ish ransomware group Money Message took credit for the attack after stolen data appeared on its dark web leak site. This incident marks the most significant healthcare data breach thus far in 2023, followed by Regal Medical Group and telehealth startup Cerebral.
According to IBM’s 2022 Cost of a Data Breach report, the healthcare industry has had the highest average data breach cost for the past 12 years. Get the details on the attack at TechCrunch.
Must-knows about identity security in 2023
Research from Gartner and Verizon shows that the human element still plays a significant role in most breaches. Breaches at major companies like Chick-Fil-A, T-Mobile, MailChimp, and Activision directly resulted from human error.
More specifically, password hygiene is a huge culprit, so organizations are turning to other forms of authentication to validate user identity. Integrating AI and machine learning into the identity access management fabric can extend validation measures beyond credentials by assessing behavior and enabling adaptive access control policies.
Passwords may soon be out. RT Insights explores how organizations improve security and the user experience through a layered approach to identity security.