Here are three examples that are worth your attention. Oh, what could have been avoided.

Over the past three years, the second Tuesday of each month has turned into a hectic period of planning and remediation, driven by a 25% average annual growth rate in CVEs. Just last Tuesday, Microsoft revealed a critical TCP/IP remote code execution (RCE) vulnerability in the IPv6 stack, which has a CVSS score of 9.8 due to its criticality and ease of exploitation. For a more in-depth look, we recommend these resources.

In a never-ending effort to do their job and secure their environments, cybersecurity teams often bear the brunt of negative perceptions, labelled as the department of ‘No.’ “No” to admin privileges, “No” to personal devices, and “No” to connecting unapproved technologies. These repeated denials, although done with the best intentions, can stifle innovation and create frustration within organizations. This perception needs to change.

This week, the National Institute for Standards and Technology (NIST) released “Implementing a Zero Trust Architecture (NIST SP 1800-35)” for public comment. The guide is written by NIST’s National Cybersecurity Center of Excellence (NCCoE) in collaboration with 24 cybersecurity companies. Now in its fourth draft, NCCoE has opened up comments for this Zero Trust Architecture (ZTA) guide through Sept. 30, 2024, as part of a 60-day review cycle.