At the convergence of digital transformation, an industry-wide focus on SASE, and the effects of the continuing COVID-19 pandemic, there are key forces that security practitioners need to be aware of and operate within. This is the second blog in a series of three detailing these forces and how security leaders and practitioners can adapt to them in a digitally transforming, SASE-enabled world. This blog covers the forces of Organizational Culture and Adversaries and Threats.

On September 29, 2020, the U.S. Department of Defense (DoD) released an interim rule titled Assessing Contractor Implementation of Cybersecurity Requirements (Defense Federal Acquisition Regulation Supplement (DFARS) Case 2019-D041). The rule amends the DFARS, and at the same time, implements the DoD Cybersecurity Maturity Model Certification (CMMC) program.

When we talk about training security analysts, you probably immediately think about earning certifications such as CFCE or OSCP. This year’s Devo SOC Performance ReportTM found that among survey respondents who don’t consider their SOC to be a high performer, only 31% of those organizations have a defined program for training analysts. While practical skills are vital in the SOC, they’re not the end-all, be-all of reaching the next career level.

Scalper bots, also known as inventory hoarding bots, are the bots that thrive on supply and demand. These malicious bots are used to target merchandise that is typically in high demand or limited supply, buying it and selling it on for a tidy profit. The key thing here, is that scalper bots can make purchases extraordinarily quickly, much faster than any genuine user can.

No one could have predicted how 2020 would unfold, particularly for the retail industry. While some high street stores, including major brands, have been forced to close, other retailers have navigated surges of consumers heading online and fueling the eCommerce industry like never before. The holiday period is vital for retailers, with trading figures from November to December able to make or break a businesses’ annual profit margin.

DevSecOps allows organizations to deliver applications at a high velocity using iteration and automation to better serve customers. Velocity is one of the pillars of DevSecOps. Through the magic of automation, DevSecOps teams can achieve impressively short timespans between when developers make changes in code and when those changes are deployed.

Someone you don’t know walks into your office and sits down at a computer. Maybe that computer is a corporate desktop assigned to a mid-level manager or to a member of your IT department. Maybe it’s a personally owned laptop used by a contractor. That unknown person plugs a USB dongle into that computer, installs some software (typing in the correct password, if requested), runs that software, and walks away. No problem, right?

Cyber threats are a feature of our everyday digital life. Most of us have been the victim of one of these attacks, even if we are unaware. The larger hacks make it into the public consciousness, like Equifax, Ashley Madison, Capital One, and more, but we rarely hear from Silicon Valley tech companies. While not infallible, companies like Twitter or Facebook are still not held to strict standards for customer safety.

One of the major improvements that the avionics industry is undergoing is an Internet of Things (IoT) upgrade. And this is inevitably affecting how airlines approach aircraft safety. From the beginning, safety has been paramount to the aviation industry. But while it is a welcome innovation, the incorporation of IoT devices in aircraft comes with attendant challenges that are not unrelated to cybersecurity risks. Safety for aircraft no longer rests upon physical security.

Emerging digital IT paradigm shifts like Hybrid IT, Multi-Cloud, Microservices & Containerization, Serverless, Software Defined Datacenter etc. are creating compelling new opportunities for IT leaders. However, these same paradigm shifts have also led to a drastic increase in monitored assets, numerous operational tools, and exponential growth of operational data.