The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.
Transatlantic Tech and Trade Council tackles misinformation, new tech
In its fourth year, the US-EU Transatlantic Trade and Technology Council met to discuss ways to disrupt foreign misinformation campaigns, drive innovation, and define the responsible usage of new technologies.
The council specifically focused on AI, 6G, quantum, and online platforms. The council will continue utilizing its 2022 roadmap for evaluating trustworthy AI tools while adding three new focus groups for developing risk management tools. Participants also discussed Chinese and Russian misinformation campaigns targeted at Latin American and African nations, along with ways to help other nations establish stronger digital infrastructures.
Cross-national discussions about technology can be exciting and hint at future opportunities. To learn more, NextGov has you covered.
CISOs must prepare to lead the charge in mitigating quantum threats
Quantum computers will easily break today’s common encryption methods, exposing our critical systems to attackers and nation-state actors. While governments worldwide are working to develop quantum-resistant algorithms, private sector entities should be forging their own roadmap for making the quantum transition.
Making the quantum upgrade will take a phased approach, and CISOs should take steps now to assess their current state, bring their security policies up to date, and develop a post-quantum vision.
According to Security Magazine, it’s as easy as 1-2-3. Head over to Security Magazine to see how to start preparing for “Q-Day.”
Can Software Bills of Materials secure the software supply chain?
President Biden’s 2021 cybersecurity executive included what seems to be a very simple ask: mandatory software bills of materials (SBOMs) that specify the code components used in new software. This transparency would more quickly reveal vulnerabilities and allow them to be patched or updated faster.
But no tech company wants to expose the tech behind their products. Apple, Amazon, Cisco, Google, IBM, Microsoft, and others have asked the Office of Management and Budget to discourage mandatory SBOMs until there is a better understanding of how they should be provided.
The SBOM project is proceeding slowly, and it may be years before it shows success. To see why it’s so complicated but perhaps so necessary, check out Security Week’s deep dive.
SEC proposes expansive new batch of cybersecurity requirements
The Securities and Exchange Commission (SEC) recognizes cyber attacks as a huge threat to markets, investors, and businesses. The SEC is taking significant steps to mitigate this risk by requiring companies to make robust disclosures of cyber incidents and set preventative protections in place.
The SEC listed three cybersecurity initiatives that seek to mitigate cybersecurity risk, better inform investors about registrants’ cybersecurity postures, and enhance advisor disclosures and governance relating to cyber risks. This comes after an active year of cybersecurity projects and enforcements that have resulted in fines for some of the biggest names in the financial industry.
All of this holds big implications for companies. The Wall Street Journal has tips for staying ahead of them.
In wake of regulations, businesses invest in identity security
In its new report, the Identity Defined Security Alliance (IDSA) found that identity-related incidents are up from last year. 90% of organizations reported an identity-related incident in the past 12 months.
However, less than half of teams reported that leadership understands identity and security risks, and 29% said they only receive support from leadership after an incident has already occurred. As digital identities continue to explode and identity becomes a more central focal point of security, teams face significant barriers to implementing a preventative approach.
The report is clear: more identities mean more incidents. Security Magazine helps paint the full picture.
Subscribe to The Source, Keyfactor’s identity-first security newsletter, to get helpful resources and insightful perspectives from cybersecurity leaders delivered to your inbox every month.