TAGITM Monthly
President's Message
As tempting as it is to title this month’s message "Psychological Tips from Scott," I’ll forgo that, but consider yourself warned. We are all motivated in different ways. Some of us are motivated intrinsically, meaning our motivation comes from within. We perform a task because it’s fun or challenging. Others are motivated extrinsically, which means we perform a task because we will be rewarded with something (money, promotion, etc.). Regardless of which type you are, there is a common need among us all: Feedback.
In the News
Business-minded security professionals can have significant impact on security success. "They have to have a sense of why we’re securing the business ... [I]f you don’t understand what you’re securing from a business perspective, how can you make that risk-based analysis?" asks Myrna Soto, chief strategy and trust officer at cybersecurity software firm Forcepoint. CISOs can cultivate those skills among their staff.
Sixty-three percent of employees surveyed by Lenovo in May say they feel more productive working from home (WFH), but many also cited downsides such as reduced personal connections with colleagues and trouble balancing work and home life and domestic distractions. CIOs offer their tips for keeping employees focused and productive.
Krebs on Security
With a mass shift to working from home, the increased use of corporate virtual private networks (VPNs) and elimination of in-person verification has led to a major voice phishing, or "vishing," campaign by cybercriminals. The FBI and the CISA issued a joint alert which includes suggestions that companies can implement to help mitigate the threat from these vishing attacks.
Security Intelligence
IBM’s team of hackers have discovered a vulnerability in Thales’ line of modules that enable mobile communication in IoT devices. They store and run Java code that often contain confidential information, and malicious actors can steal this information to control a device or gain access to the central control network. Potential areas of impact include medical devices and energy and utilities.
DevSecOps, which introduces security earlier in the life cycle of application development, is changing the state of application security. However data from several new industry reports show that risks remain, from the release of vulnerable code to problems with infrastructure-as-code templates.
Government agencies are collaborating more and more with technology providers to create smart cities that address each community’s unique needs. Increasingly connected data and devices means there are more opportunities to leverage technology to improve our communities.