The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.
National cybersecurity strategy leaves some experts wanting
Last week, the White House unveiled a nearly 40-page document outlining the country’s National Cybersecurity Strategy. The strategy outlines five pillars that range from infrastructure to foreign partnerships.
Though the strategy hints at better collaboration between government, public, and private sectors, as well as the development of products that are secure by design, some experts felt that the document wasn’t particularly substantive. They claim the language is vague, especially regarding the quantum transition.
But things may accelerate as spring deadlines approach for federal agencies to submit their inventories of cryptographic systems and cost estimates for transitioning to post-quantum. Fierce Electronics has the full lay of the land.
City of Oakland falls victim to ransomware attack
The City of Oakland declared a state of emergency last month after hacker group PLAY stole and encrypted years of confidential files and data. The files contain volumes of personal information like social security and driver’s license numbers, as well as records that include confidential information about police investigations.
A month later, it appears the city did not comply with the group’s demands, as several city services were taken offline and a substantial amount of the stolen data has been publicly made available online.
It’s a cautionary tale for municipalities that are behind the curve on their security posture, and the situation is ongoing. To catch up, head over to InfoSecurity Magazine.
New report highlights the risks of open-source software
Open-source software has become a key resource for development teams, but as usage expands, so do the vulnerabilities that come with it. A new report from Endor Labs identifies the top 10 open-source software risks, from untracked dependencies to license risks.
The study analyzed nearly 2,000 software packages and found that 95% of application vulnerabilities could be traced back to a transitive dependency created when a developer employed an open-source component.
Open source isn’t going anywhere, but as application security continues to shift left toward developers, they need to understand the issues at play. Check out DevOps.com for the top 10.
Education will be key to driving post-quantum innovation in the private sector
In a column for InfoSecurity Magazine, (ISC)² CISO Jon France gives an overview of the state of quantum and the near- and long-term risks at play.
The top risk is the theft of national secrets and classified information, which can be stolen now and decrypted later. In the private sector, France says communications and internet platforms will lead the charge to ensure the interoperability of systems and protect the deployed infrastructure.
From there, upgrading the cyber workforce’s understanding of quantum will be key to developing new solutions to complex quantum problems. InfoSecurity Magazine has the full opinion here.
Deloitte’s Chief Futurist predicts the next big trends
With this year’s Deloitte Tech Trends report hot off the press, the key themes that have emerged are trust, flexibility, and simplicity. ERP Today sat down with Deloitte’s Chief Futurist Mike Bechtel to talk about how the landscape may be shifting.
Betchel reflects on hiring “serial specialists” as opposed to 10x engineer unicorns, the ethical pitfalls of AI, the enterprise potential of blockchain technology, and more.
The future Betchel sees coming is full of promise. The whole interview is available at ERP Today.