The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here are six things you need to know this week:
1. The growing power of quantum computing leads to social, environmental, and security risks.
As the power of quantum computing grows, organizations have to consider both the benefits and the risks. Forbes Technology Council highlights how industries and societies could face significant risks with the rise of quantum computing and why we should be concerned. Some of these risks include:
- All encryption methods will become useless in the face of quantum computing.
- Web interactions will be at risk due to the ability to crack cryptographic keys quickly.
- Quantum computing could be used maliciously in warfare causing information asymmetry between opponents.
- Data that is currently encrypted can be stolen now with the intent of decrypting it in the future with quantum computers.
To learn about the risks of quantum computing check out the full article here.
2. The UK, Canada, and Singapore join forces to secure IoT devices.
The UK, Canada, and Singapore have joined forces to improve IoT device security to protect consumers and the economy against large-scale cyber attacks. In their joint statement, the governments highlight the benefits and the risks associated with IoT devices.
This partnership comes in response to the increased attacks to critical infrastructure by Russia beginning in the Spring of 2022 that impacted Ukrainian communications and German wind turbines.
Cybersecurity alliances like this IoT security partnership will be vital to protecting against cyber threats and attacks now and in the future.
Read the full statement and more about this alliance here.
3. Keyfactor CSO Chris Hickman talks with EM360 Podcast about where machine learning trends are heading and why companies need to care about them.
Hickman highlights that organizations have spent increased time securing human identities in their organizations, but now they must shift their attention to how they plan to secure and manage their machine identities, especially with the move to the cloud and zero-trust initiatives.
However, organizations are struggling with identity management because, according to Hickman, they “have very little understanding of where all of these credentials and identities live within the organization.” This issue, coupled with the increasing number of identities required to do business, leaves teams looking for ways to ease their identity burdens through automation and centralization while also enabling scale.
He shares the following steps to solve these issues:
- Figure out what the problem is in your organization and do a complete inventory.
- Assign ownership of credentials and build cross-functional teams.
- Gear policies and practices to the reality of machine identities.
- Look to automate.
Listen to the full episode for more information about securing machine identities here.
4. Suspected Chinese state-sponsored actor has breached a digital certificate authority.
Billbug, a suspected Chinese state-sponsored actor, has been linked to an attack and subsequent breach of a digital certificate authority and the government and defense agencies in several South East Asian countries.
Symantec researchers note in their report that, “The targeting of a certificate authority is notable, as if the attackers were able to successfully compromise it to access certificates they could potentially use them to sign malware with a valid certificate, and help it avoid detection on victim machines. It could also potentially compromise certificates to intercept HTTPS traffic.”
Read more about these attacks in Dark Reading.
5. Keyfactor Command 10 introduces a new workflow builder and native EJBCA integration
On Thursday, Keyfactor announced the general availability of Keyfactor Command 10, bringing more flexibility and an improved user experience to the Keyfactor Command platform. Here are three notable features and improvements:
- Integrate natively with EJBCA – Keyfactor Command now plugs directly into EJBCA, creating one integrated solution for issuing and managing certificates.
- Operate with agility – Automation makes creating and following processes for enrollment and revocation simpler to configure with a new visual layout.
- Provide more governance – The addition of the ability to define enrollment values and policies on a template-by-template basis ensures certificates are enrolled efficiently, allowing security teams to enforce governance more easily.
Learn more about Keyfactor Command 10 here.
6. Forbes Global 2000 Companies that have only adopted less than half of all domain security measures open themselves up to high security risks.
In its recent report, domain registrar CSC shared that 3 out of 4 Forbes Global 2000 Companies have implemented less than half of all domain security measures, including registry lock, DNS redundancy, DNS security extensions, and certificate authority authorization.
Failure to implement these measures leaves these companies at risk for malicious, imposter domains that look like their domains. Companies must prioritize both securing legitimate domains while also monitoring for malicious domains.
Some recommended tools to help protect your company include domain-based message authentication, reporting, and conformance (DMARC), certificate authority authorization (CAA), and DNS security extensions (DNSSEC).
Read more about domain security measures here.
Need to catch up on last week’s headlines? Read them here.