In this episode of The Security Ledger Podcast (#92): Adam Isles of The Chertoff Group joins us to talk about the growing specter of software supply chain risk the recent trend of the US Government shooting down major tech acquisitions by Chinese firms. Also: with the RSA Conference * kicking off in San Francisco, we hear from two experts from LookingGlass, this week’s podcast sponsor, about how to make sense of the hot threat intelligence space.
Cisco Systems warned that companies need to do a better job monitoring IoT devices and third party software providers, as Internet of Things based botnets and supply chain attacks become more common.
In-brief: Corporate boards are bracing for lawsuits and increased government regulation related to cyber incidents such as hacks and data theft, according to a survey of board members conducted by New York Stock Exchange (NYSE) Governance Services and the security firm Veracode.
The Internet of Things (IoT) promises to revolutionize the way people live and work. But while the media’s attention is focused on high-profile Internet of Things firms like NEST, the smart-home products vendor that Google acquired for more than $3 billion last month, much of the innovation in IoT – at least in the consumer market – is a bottom-up, grass roots phenomenon. Quietly, the combination of ready-made components, point and click development environments and cloud based back end management tools has enabled an army of (mostly) novice developers to assemble novel, connected products for a public enraptured with the idea of using their mobile devices to control something — anything. At the same time, crowd-funding platforms like Kickstarter and Indiegogo have created a platform for products to get funded and distributed to hundreds, thousands or even tens of thousands of customers – once a monumental task. That’s great for the […]
One theme that frequently comes up in my conversations with experienced security veterans when we talk about security and “the Internet of Things” is the absence of what might be termed a “security culture.” That’s a hard term to define, but it basically describes a kind of organizational culture that anticipates and guards against online attacks. Certainly companies that have been selling software in any great number for any amount of time have had to develop their own security cultures – think about Microsoft’s transformation following Bill Gates Trustworthy Computing memo, or Adobe’s more recent about-face on product and software security. But that culture is lacking at many of the companies that have traditionally thought of themselves as ‘manufacturers’ – makers of “stuff,” but which now find themselves in the software business. Think General Electric (GE) or – even better – auto makers. A couple of months back, I had […]
