The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here are five things you need to know this week.
Security automation is key to staying ahead of threats
In RedHat’s 2023 Global Tech Outlook report, security ranked as the top IT funding priority. Automation will be key to scaling security without scaling costs. After all, attackers are automating, too.
The good news: security automation can fairly easily piggyback off of other automated workflows like CI/CD pipelines. For high-governance industries, security automation can also be extended to compliance use cases to lower the overall complexity around both areas.
Automation has long been a priority for the rest of your organization. The Enterprisers Project has more on why it should be a priority for security, too.
Russia targets Ukraine with “WhisperGate” malware
WhisperGate, a malware that disguises itself as ransomware, was used by a Russian-linked attacker back in January of last year. The group has also acted against NATO states in North America and Europe.
WhisperGate is a feint within a feint. It poses as a legitimate Microsoft Office file, then poses as ransomware when activated, only to render files irrecoverable, even if the ransom is paid — all while exfiltrating tons of data.
The digital battlefield is heating up between Ukraine and Russia. TechCrunch has the full WhisperGate deep dive.
Public and private sectors work to pursue quantum computing
Quantum computing does math in a whole different way compared to traditional binary operations. Moving to a post-quantum world will mark a drastic update to the very plumbing of the digital world as we know it.
Public key cryptography is no exception. One emerging challenge in developing quantum-resistant methods is that they must be effective against not only the quantum machines of the future but also against the classical computers we use today.
It’s wildly complex, challenging, and exciting. The Federal News Network spoke to Scott Crowder, vice president for Quantum Adoption at IBM, on the state of quantum evolution.
Quantum may heighten the regulatory landscape around security
One factor in the quantum equation is that of compliance regulations. Many data breaches we see today reveal that organizations tend to hold data beyond its regulatory retention period, which presents an unnecessary risk in a steal-now-decrypt-later threat environment.
The stakes of non-compliance in a post-quantum world will be much higher. We can expect to see regulations discouraging organizations from using conventional encryption methods that are vulnerable to quantum attacks.
The implications are big. To see just how big, Forbes talked to Leonard Kleinman, Field Chief Technology Officer (CTO) & Evangelist, Cortex, Palo Alto Networks.
NIST looks to standardize cryptography algorithms to secure IoT devices
On Tuesday, NIST announced that Ascon, a group of cryptographic algorithms, would provide lightweight cryptography for miniature technologies in healthcare, infrastructure, and other key industries.
Securing small devices is challenging due to their limited resources. The algorithms will enable authenticated data encryption and hashing.
This announcement concludes the selection and evaluation process that NIST’s Lightweight Cryptography Team began in 2018. For the full story, head over to ExecutiveGove.
