Reading this recent Wall Street Journal article about Apple’s push to drive adoption of their Vision Pro “spatial computers” in the enterprise got me thinking: Can VR headsets really make the leap from a cool gadget to a serious business tool? The potential is exciting—imagine the possibilities for collaboration and training. But then my security-focused brain kicked in. How do we manage the risks that come with introducing these powerful devices into the workplace?

Not too long ago, when I was designing, building, operating and defending networks, the government organizations I worked with were burdened with many tasks related to deploying a new capability. We needed to decide and plan how it would be assessed and authorized, deployed, maintained, operated, patched, defended and, of course, when and how to upgrade the capability. Assessment and authorization would take months, if not over a year, for a system or set of capabilities.

Credential theft is one of the most common methods used by cybercriminals to gain unauthorized access to an organization, according to Verizon’s 2023 Data Breach Investigations Report. Credential theft places organizations at a greater risk of data breaches, so steps must be taken to prevent it.

The stereotype of the government as a slow-moving behemoth is not ill-fitting, but when it makes adjustments and changes, it does so with deliberation and intent. An excellent example is the ongoing development and evolution of things like security standards. Technology moves much, much faster than the government can respond to or that even most businesses could adjust to without a significant investment or a time delay.

On April 12, 2024, Palo Alto disclosed a critical vulnerability identified as CVE-2024-3400 in its PAN OS operating system, which carries the highest severity rating of 10.0 on the CVSS scale. This vulnerability, present in certain versions of Palo Alto Networks’ PAN-OS within the GlobalProtect feature, allows unauthenticated attackers to execute any code with root privileges on the firewall through command injection.

Microsegmentation represents a transformative approach to enhancing network security within Kubernetes environments. This technique divides networks into smaller, isolated segments, allowing for granular control over traffic flow and significantly bolstering security posture. At its core, microsegmentation leverages Kubernetes network policies to isolate workloads, applications, namespaces, and entire clusters, tailoring security measures to specific organizational needs and compliance requirements.

Ransomware-as-a-service (RaaS) threat groups are placing severe and continuous pressure on the financial and government services sectors in Latin America, according to data compiled by the elite Trustwave SpiderLabs team. RaaS is where developers working for threat actors manage and update the malware while affiliates carry out the actual ransomware attacks.

A recent survey from Gartner forecasts that worldwide end-user spending on public cloud services will total $679 billion in 2024, and that number is expected to jump to $1 trillion in 2027. Businesses left and right are moving to the cloud. But as they make their move, the old ways of protecting data—like building a virtual wall around your data (“perimeter security”)—are proving inadequate.

In the increasing digitisation of essential services, governments worldwide have been enacting legislation to ensure the protection of vital systems. Australia is like no other, and as we in cybersecurity are all aware, the Security of Critical Infrastructure Act 2018 (SOCI Act) stands as a crucial piece of legislation aimed at safeguarding our nation.

Attackers predominantly use phishing attacks to steal and misuse user identities. A global Statista study on employee-reported malicious emails revealed that in the first quarter of 2023, 58.2% of malicious emails were credential theft attacks, 40.5% were impersonation attacks, and 1.3% were malware deliveries. Phishing attacks create a sense of urgency and panic in users, who, as a result, easily fall victim to them.