CISO Corner: Ivanti’s Mea Culpa; World Cup Hack; CISOs & Cyber Awareness – Source: www.darkreading.com

Welcome to CISO Corner, Dark Reading’s weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we’ll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We’re committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.

In this issue of CISO Corner:

How CISOs Can Make Cybersecurity Awareness a Long-Term Priority for Boards

Commentary by Shaun McAlmont, CEO, NINJIO Cybersecurity Awareness Training

Cybersecurity is far more than a check-the-box exercise. To create companywide buy-in, CISOs need to secure board support, up their communication game, and offer awareness-training programs to fight social engineering and help employees apply what they’ve learned.

CISOs play a vital role in building stakeholder support for cybersecurity across the company — including when it comes to earning long-term support for awareness training from their boards. Winning strategies include communicating cybersecurity concepts in an engaging and non-technical way, and showing board members that cybersecurity programs offer significant ROI.

This column lays out five ways that CISOs can show boards that it’s time to prioritize cybersecurity:

Read more: How CISOs Can Make Cybersecurity a Long-Term Priority for Boards

Related: CISOs Struggle for C-Suite Status Even as Expectations Skyrocket

Cybersecurity Threats Intensify in the Middle East During Ramadan

By Alicia Buller, Contributing Writer, Dark Reading

How security teams in the region fortify their defenses amid short-staffing — and increased DDoS, phishing, and ransomware campaigns — during the Muslim holy month.

The ninth month of the Muslim calendar is observed around the world, as followers take the time to reflect and practice fasting, and cybersecurity teams often operate with skeletal staffing. Ramadan is also a period where Muslim shoppers tend to up their spending on specialty foods, gifts, and special offers.

All of this also creates a perfect storm for bad actors to conduct fraudulent activities and scams. Endpoint-protection firm Resecurity has observed a significant increase in cyber malevolence during Ramadan, which began on March 10. The company estimates the total financial impact from these cyberattacks and cyberscams against the Middle East has reached up to $100 million so far during this year’s Ramadan.

Middle East-based companies can step up cybersecurity with extra vigilance and outsourced support amid shortened working hours and increased ecommerce activity.

“Many organizations proactively enhance their outsourced contracts during this period, particularly focusing on bolstering 24/7 security operations,” says Shilpi Handa, associate research director of security, Middle East, Turkey, and Africa (META) at IDC, adding that deploying a remote and diverse workforce is particularly advantageous during Ramadan as around-the-clock security shifts can be fully covered by a mix of Muslim fasters and non-Muslim staff.

Read more: Cybersecurity Threats Intensify in the Middle East During Ramadan

Related: Middle East Leads in Deployment of DMARC Email Security

Funding the Organizations That Secure the Internet

By Jennifer Lawinski, Contributing Writer, Dark Reading

Common Good Cyber is a global consortium connecting nonprofit, private sector, and government organizations to fund organizations focused on securing Internet infrastructure.

There’s no single entity responsible for maintaining and securing the Internet. Instead, that task falls upon a diverse group of organizations and individuals that preserve this public utility with little funding, or by subsisting on tight budgets. The stakes are incredibly high, but the amount of resources available for keeping this infrastructure secure falls short.

“Key components of the Internet are maintained by volunteers, nonprofits, and NGOs, and others who work with razor-thin budgets and resources,” said Kemba Walden, president of Paladin Global Institute and former US acting national cyber director. “Consider this: The underpinnings of our digital infrastructure, the infrastructure that enables civil society to thrive in our economy today and to grow, rest on a network of volunteers, nonprofits, NGOs and others.”

An initiative called Common Good Cyber is finding new ways to build adequate funding into law and policy, business policies and government, and other funding vehicles sufficient to meet the common need for cybersecurity. Ideas include creating joint funding organizations; federated fundraising for nonprofits; inventorying who is doing what to support the Internet’s infrastructure; and a hub or accelerator to provide resources to the groups securing the Internet.

Read more: Funding the Organizations That Secure the Internet

Related: Neglecting Open Source Developers Puts the Internet at Risk

How Soccer’s 2022 World Cup in Qatar Was Nearly Hacked

By Jai Vijayan, Contributing Writer, Dark Reading

A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says.

About six months before the 2022 FIFA World Cup soccer tournament in Qatar, a threat actor — later identified as China-linked BlackTech — quietly breached the network of a major communications provider for the games and planted malware on a critical system storing network device configurations.

The breach remained undetected until six months after the games, during which the cyber-espionage group gathered up an unknown volume of data from targeted customers of the telecommunications provider — including those associated with the World Cup and vendors providing services for it.

But it’s the “what else could have happened” that’s the really scary part: The access that BlackTech had on the telecom provider’s system would have allowed the threat actor to completely disrupt key communications — including all streaming services associated with the game. The fallout from such a disruption would have been substantial in terms of geopolitical implications, brand damage, national reputation, and potentially hundreds of millions of dollars in losses from the licensing rights and ads negotiated prior to the World Cup.

Read more: How Soccer’s 2022 World Cup in Qatar Was Nearly Hacked

Related: NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII

Microsoft Beefs Up Defenses in Azure AI

By Jai Vijayan, Contributing Writer, Dark Reading

Microsoft adds tools to protect Azure AI from threats such as prompt injection, as well as to give developers the capabilities to ensure generative AI apps are more resilient to model and content manipulation attacks.

Amid growing concerns about threat actors using prompt injection attacks to get generative AI (GenAI) systems to behave in dangerous and unexpected ways, Microsoft’s AI Studio is rolling out resources for developers to build GenAI apps that are more resilient to those threats.

Azure AI Studio is a hosted platform that organizations can use to build custom AI assistants, copilots, bots, search tools, and other applications, grounded in their own data.

The five new capabilities that Microsoft has added — or will soon add — are Prompt Shields, groundedness detection, safety system messages, safety evaluations, and risk and safety monitoring. The features are designed to address some significant challenges that researchers have uncovered recently — and continue to uncover on a routine basis — with regard to the use of large language models (LLMs) and GenAI tools.

“Generative AI can be a force multiplier for every department, company, and industry,” said Microsoft’s chief product officer of responsible AI, Sarah Bird. “At the same time, foundation models introduce new challenges for security and safety that require novel mitigations and continuous learning.”

Read more: Microsoft Beefs Up Defenses in Azure AI

Related: Forget Deepfakes or Phishing: Prompt Injection is GenAI’s Biggest Problem

Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed

By Jai Vijayan, Contributing Writer, Dark Reading

So far this year, Ivanti has disclosed a total of 10 flaws — many of them critical — in its remote access products, and one in its ITSM product.

Ivanti CEO Jeff Abbott this week said his company will completely revamp its security practices even as the vendor disclosed another fresh set of bugs in its vulnerability-riddled Ivanti Connect Secure and Policy Secure remote access products.

In an open letter to customers, Abbott committed to a series of changes the company will make in the coming months to transform its security operating model following a relentless barrage of bug disclosures since January. The promised fixes include a complete do-over of Ivanti’s engineering, security, and vulnerability management processes and implementation of a new secure-by-design initiative for product development.

How much these commitments will help stem growing customer disenchantment with Ivanti remains unclear given the company’s recent security track record. In fact, Abbot’s comments came one day after Ivanti disclosed four new bugs in its Connect Secure and Policy Secure gateway technologies and issued patches for each of them.

Read more: Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed

Related: Feds to Microsoft: Clean Up Your Cloud Security Act Now

Why Cybersecurity Is a Whole-of-Society Issue

Commentary by Adam Maruyama, Field CTO, Garrison Technology

Working together and integrating cybersecurity as part of our corporate and individual thinking can make life harder for hackers and safer for ourselves.

We are drowning in vulnerabilities: Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), at a recent Congressional hearing on Chinese cyber operations, said simply that “we’ve made it easy on” attackers through poor software design. But it will take a whole-of-society effort to reshape the market for cybersecurity to create technologies that are both high-performing and secure.

As CISA articulated in its Secure by Design initiative, secure coding by vendors is the first step to creating technologies that are both secure and usable. But businesses must realize, as Easterly put it, that “cyber-risk is business risk” by incorporating cybersecurity into all their business practices. In particular, by increasing the stature of CISOs and giving them holistic cybersecurity oversight of the entire business, particularly procurement decisions, companies can incorporate cybersecurity as an organic step in business processes.

Meanwhile, cybersecurity and IT professionals — two closely related but often clashing groups — must come together to build networks that are both secure and functional for their users. And, the final piece of a whole-of-society approach to cybersecurity is both the most difficult and the most critical: integrating cybersecurity into the day-to-day lives of citizens through things like multifactor authentication.

Read more: Why Cybersecurity Is a Whole-of-Society Issue

Related: NIST Wants Help Digging Out of Its NVD Backlog