Content by Michael Novinson

Taking the Fight to the Enemy With Offensive Cybersecurity

Michael Novinson  •  May 4, 2023

Offensive security is transitioning from traditional penetration testing to a more continuous, technology-led approach, says Aaron Shilts, president and CEO at NetSPI. The security posture of organizations is constantly changing, making a point-in-time pen test less effective.

How Startups Can Help Protect Against AI-Based Threats

Michael Novinson  •  May 4, 2023

The enterprise adoption of AI-based large language models has created a new attack surface for adversaries to exploit, said Thomvest Ventures principal Ashish Kakran. A hacker who gains access to or tampers with the data that's been used to train the large language models could wreak a lot of havoc.

5 Critical Controls for ICS and OT Cybersecurity Strategy

Michael Novinson  •  May 4, 2023

IT and OT security are more different than most realize. IT focuses on digital systems and data, and OT concerns itself with physical systems and their interconnectivity, said Dragos CEO Robert Lee. The stark differences between IT and OT security are laid bare around vulnerability patching.

Reduce Cost and Security Complexity by Ditching Legacy VPN

Michael Novinson  •  May 3, 2023

Continued reliance on legacy VPNs hinders remote work performance and fails to provide users or organizations with zero trust security protection, said Netskope's Sanjay Beri. Companies often start by augmenting their VPNs to enable zero trust network access before moving to full replacement.

Embracing Collective Protection to Thwart Bot-Based Attacks

Michael Novinson  •  May 3, 2023

Bots have become an important tool for modern cybercrime. A bot is used somewhere in the attack cycle in more than three-quarters of security incidents. HUMAN Security co-founder and CEO Tamer Hassan called account takeover "the gateway drug to all other forms of fraud and abuse."

XDR for ChromeOS: What Does It Mean for the Cyber Industry?

Michael Novinson  •  May 3, 2023

CrowdStrike has focused on bringing its extended detection and response technology to users with less expensive devices such as Chromebooks by adding support for Google's ChromeOS. The pact will give CrowdStrike clients greater visibility into the security posture and compliance of ChromeOS devices.

Why Gaining Visibility Into Cyberthreats Is a Big Challenge

Michael Novinson  •  May 3, 2023

A top challenge businesses face is the lack of knowledge about what digital assets they have, making it difficult to protect them, respond to attacks, and collect evidence. External threat intelligence and attack surface management are colliding as companies look to respond effectively to threats.

Artificial Intelligence and the SOC: A Match Made in Heaven

Michael Novinson  •  May 3, 2023

Artificial intelligence and machine learning are used extensively for detecting threats, but their use in other areas of security operations is less explored. One of the biggest opportunities for AI and ML in cyber is around investigating potential security incidents, said Forrester's Allie Mellen.

Protect Small Business Inboxes by Shedding the Email Gateway

Michael Novinson  •  May 3, 2023

Business email compromise, end-user education, forensic archiving and recovery can be confounding to SMBs that lack the resources for a traditional secure email gateway. The rise of cloud-based email offerings means that SMBs can now get the same level of email protection without using a gateway.

Strengthening Cybersecurity for Organizations Without a SOC

Michael Novinson  •  May 3, 2023

The lack of a dedicated security operations center can make it difficult for small organizations to benefit from security tools. To streamline security, it's crucial to have a user-friendly interface and experience that is easy to comprehend and understand, said Malwarebytes CEO Marcin Kleczynski.

Artificial Intelligence and the Talent Shortage in Security

Michael Novinson  •  May 3, 2023

AI is a tool for augmenting humans rather than replacing them, and AI is far from surpassing human capabilities on a scalable level. Although AI can generate realistic images and believable text, it still has a long way to go in detecting anomalies, said Kyle Hanslovan, CEO of Huntress.

The New Investment Frontier: Defending AI Models, Algorithms

Michael Novinson  •  May 3, 2023

Artificial intelligence and machine-learning technology is vulnerable to cyberattacks due to a lack of security around the models themselves, said Mark Hatfield, founder and general partner at Ten Eleven Ventures. How do we identify and fix the potential risks of misuse that come with AI?

Why Modernizing Defenses for OT Networks, Operations Is Tough

Michael Novinson  •  May 2, 2023

Critical infrastructure attacks during 2022 focused primarily on Eastern Europe and Ukraine given fears of reprisal from attacking the U.S., said Optiv CEO Kevin Lynch. The amount of OT security investment needed to defend against adversaries is bigger than what many organizations can handle today.

Moving Zero Trust Conversations Beyond the CISO to the Board

Michael Novinson  •  May 2, 2023

CISOs have gone from complaining that they don't get enough time and attention from the board of directors to presenting to the board every quarter, said Zscaler CEO Jay Chaudhry. Conversations with CIOs or boards tend to focus on what architectural changes can be made to reduce business risk.

The Most Pressing Security Needs of the SMB and Midmarket

Michael Novinson  •  May 2, 2023

Small and midsize businesses need proactive measures to ensure security just as much as any large organization. But challenges abound for SMBs as they struggle with a smaller staff and budget constraints, making them more vulnerable to cyberattacks, said SonicWall President and CEO Bob VanKirk.