The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here are five things you need to know this week.
Quantum risks may drastically change the PKI landscape
From the White House last year: “A quantum computer of sufficient size and sophistication… will be capable of breaking much of the public-key cryptography used on digital systems across the U.S. and around the world.”
Quantum machines have the potential to disrupt the infrastructure of our economy, military, and way of life. But the possibilities for good are just as massive. It all depends on whether encryption technologies can stay a few steps ahead and how effective emerging legislation will be in setting standards that enable post-quantum success.
For more of a primer — and a cool explanation of how quantum computers even work — take a look at Silicon Republic’s new piece.
There’s a cloud hanging over your security posture
Complications of scale are catching up to the cloud. Organizations are seeing an explosion of data in their public cloud environments. The more corporate data stored in the cloud, the bigger the organization’s attack surface grows.
Hybrid cloud strategies, “shadow data,” and systems complexity all make it difficult to secure cloud environments. As always, visibility is critical, and it takes a security-conscious culture to scale cloud usage securely.
VentureBeat tells you what you need to know, and how to get ahead of cloud vulnerabilities.
Could the White House be doing more to prepare for quantum?
As the Biden administration turns to the private sector to gather best practices for a post-quantum world, experts can’t help but wonder if these speculative recommendations will hold water.
The Hill’s Matthew Mittelsteadt, a former IT project manager, suggests the White House is missing out on an opportunity to learn by experience. The federal IT landscape is broad and diverse, and provides a readymade lab to test post-quantum controls across several industry-specific contexts.
Should the government “embrace a role as a quantum-security guinea pig,” as Mittelsteadt suggests? Check out the full op-ed to decide for yourself.
GitHub gets got, kind of
Back in December, an attacker compromised a Personal Access Token and cloned repositories from GitHub’s Atom, Desktop, and other deprecated properties. The attacker exfiltrated a set of encrypted code-signing certificates, though GitHub says the certificates were password-protected and they have not detected any malicious use.
As a precaution, GitHub revoked the exposed certificates, invalidating some versions of Desktop for Mac and Atom. Desktop for Windows and Github.com were unaffected.
GitHub said certain versions of Desktop for Mac and Atom would stop working on Thursday. To see which versions were affected and to read more about the attack, head over to betanews.
Supply chain breaches bring more scrutiny from partners
The state of supply chain security is a nightmare. A new study, Close Encounters of the Third (and Fourth) Party Kind, found that 98.3% of organizations worldwide work closely with at least one third-party vendor who has been breached in the past two years. To add to the nightmare, over half of organizations have fourth-party relationships with hundreds of vendors who have also been breached.
To see how organizational security postures and the number of third-party vendors are inversely correlated, read more at Infosecurity Magazine.
