Posted by Fred Bals on Friday, January 19th, 2018
Cybercriminals are expected to extend their threat deeper into ransomware and IoT. In a just-released report, Synopsys examines the four “tribes” of CISOs, and the characteristics of each. A link to the complimentary report is below. And with the GDPR going into force in just four months, businesses are scrambling for compliance.
All these cybersecurity stories and more in the January 19th edition of Open Source Insight.
via American Banker: As financial institutions experiment with new technologies, more are expected to adopt open-source software in place of commercial applications. This embrace of openness can — and, some experts say, should — go beyond peripheral tools and apps, to banks using open-source software for their core banking systems one day.
via Security Asia: According to the latest Synopsys report, open source components are now present in 96 percent of commercial applications. The average application had 147 different open source components — and 67 percent of the applications used components with known vulnerabilities.
via Open Access Government: Cyber adversaries will extend further into ransomware, OT systems and cryptocurrencies. The growing commercial utilization of IoT and OT systems means that, for the adversary, the value of breaching and controlling these types of systems is increasing.
via Synopsys Software Integrity blog: We recently sat down with Synopsys VP of security technology, Dr. Gary McGraw, to discuss his latest research effort. In addition to the annual Building Security In Maturity Model (BSIMM), Gary has set out to identify the ways in which CISOs approach their job role. The CISO project team, which included Sammy Migues and Dr. Brian Chess, interviewed 25 CISOs to identify approaches to the CISO role, characteristics of CISOs, and discriminators between types of CISOs and to establish a coherent model describing how CISOs organize and execute their work. Read the CISO report now.
via Data Center Journal: The Chief Information Security Officer (CISO) Report identifies four unique approaches to the CISO role called “tribes,” each with distinct characteristics. The study emphasizes how the four tribes differ in executing a security plan and what the tribes can learn from one another, providing insight for leaders looking to improve their security programs and advance their careers. Download a complimentary copy of the CISO Report.
via Infosecurity Magazine: Contained in a comprehensive Google Document, the research looks at the annual financial reports of the FTSE 100 and includes their turnover, profit after tax and what impact a fine of 4%, 2% or 1% of the turnover would look like. The research reveals that the company listed #1 on that day – Royal Dutch Shell – would see their entire annual profit wiped out if they were to face a 4% fine under GDPR. In fact, of the 100 companies listed, 34 would see their profit wiped out with a 4% fine, 19 with a 2% fine and 15 with a 1% fine.
via Synopsys Software Integrity blog (David Znidarsic): Do you allow a supplier’s goods and services to be acquired and used by your employees without the approval of your management? Certainly not any more. You’ve probably spent years applying better governance around the acquisitions made by Shadow IT. However, even before the emergence of shadow IT, your engineers have been making acquisitions from ungoverned suppliers: open source software authors.
via Synopsys Software Integrity blog: Now that a new year is upon us, we must remember that this is the year the General Data Protection Regulation (GDPR) supersedes Directive 95/36/EC. The new regulation will take effect May 25, 2018. In other words, this is the date by which organizations must be compliant.
Get the latest AppSec news and trends sent directly to you.