The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.
The downside of layoffs that no one is talking about
As massive layoffs sweep the tech industry, newly let-go employees can cause havoc. Admins can lock organizations out of their own IT environments, employees can steal and sell valuable data, and security engineers can create back doors into the network, to name a few risks.
With all the talk about securing vendors and the software supply chain, it’s easy to forget insider threats. However, according to a report from DTEX Systems, 12% of employees take sensitive intellectual property when they leave their role.
The solution? A mix of empathy and org-wide security hygiene. CSO Online can show you exactly what steps to take.
AI’s impact on identity security
The advent of ChatGPT has led to an explosion of AI use cases, from planning vacation itineraries to producing content. In identity security, AI and machine learning (ML) offer the potential for streamlining processes and surfacing actionable insights for efficiency.
For example, machine learning can enable the system to recommend access permissions throughout an identity’s lifecycle, from the initial request to ongoing micro-certification campaigns. AI can better detect anomalies and suspicious activities in real time, allowing security teams to improve response time.
We’re just scratching the surface of these technologies, and there’s no going back. To dig deeper, check out the full story on Innovation News Network.
Leaked files show ransomware group’s depth of access to Western Digital’s systems
Digital storage giant Western Digital announced in early April that a service outage was caused by a cyber attack later claimed by ransomware group Alphv/BlackCat. The group has also claimed responsibility for the attack on U.S. payments provider NCR.
Alphv/BlackCat has released screenshots of video calls, emails, and internal documents discussing the attack, along with invoices, dev tools, confidential communications, and other tools used internally by the company. If Western Digital doesn’t meet their demands for payment, the group has promised to sell the company’s intellectual property, which includes firmware, code signing certificates, and sensitive customer information.
Just how deep was the group able to penetrate Western Digital’s systems? Catch up on Security Week.
Going multicloud? Prepare for these new challenges
Multicloud strategies are the direction in which the wind is blowing. It makes sense; various cloud providers bring different advantages to bear, and reliable, uninterrupted service is becoming high-stakes.
But managing even a single-cloud strategy takes considerable maintenance. To understand the added complexity of multicloud strategies, Forbes asked 17 members of its Forbes Technology Council what to look out for. In addition to Keyfactor CTO Tim Shorter’s advice on machine identities, experts discussed the risks of data fragmentation, integration and compatibility, reliable tenant access, and more.
Mo’ clouds, mo’ problems? Decide for yourself with the full rundown from Forbes.
On World Password Day, experts say strong passwords aren’t enough
A 12-character password takes 62 trillion times longer to brute force than a mere six-character password — but passwords should be the first line of defense, not the only line of defense.
While VPNs and password vaults have become standard methods for staying secure, they’re falling out of fashion. While VPNs have proven difficult to scale, popular password managers like LastPass and Norton Lifelock have fallen victim to attacks in recent years.
But passwords, in general, may be going extinct. Passkeys, which utilize cryptographic keys instead of passwords, may be poised to take their place. To decode the future of credentials, head over to Tech Radar.
Subscribe to The Source, Keyfactor’s identity-first security newsletter, to get helpful resources and insightful perspectives from cybersecurity leaders delivered to your inbox every month.