Curated cybersecurity news
summary for facility management professional, building owners and IT professionals who are interested in building security and Facility IT.
What is new in April, 2023 in Cybersecurity?
U.S. launches secure software push with new guidelines
A big group of international agencies gives a how-to on secure-by-design, secure-by-default. The “principles and approaches” document, which isn’t mandatory but lays out the agencies’ views on securing software, is the first major step by the Biden administration as part of its push to make software products secure as part of the design process, and to make their default settings secure as well. Read More
Understanding AI’s Role in Cybersecurity Beyond the Hype
The term ‘AI’ has often become something of a buzzword in recent years, and many product vendors and organizations misunderstand or misrepresent their use of the technology.
Speaking on day one of the RSA 2023 Conference, Diana Kelley, CSO at Cyberize, said that it is important to evaluate the role of these technologies accurately, as it can lead to unrealistic expectations that have potentially “serious consequences,” including in cybersecurity. Learn More
Google brings generative AI to cybersecurity
There’s a new trend emerging in the generative AI space — generative AI for cybersecurity — and Google is among those looking to get in on the ground floor.
At the RSA Conference 2023, Google announced Cloud Security AI Workbench, a cybersecurity suite powered by a specialized “security” AI language model called Sec-PaLM. An offshoot of Google’s PaLM model, Sec-PaLM is “fine-tuned for security use cases,” Google says — incorporating security intelligence such as research on software vulnerabilities, malware, threat indicators and behavioral threat actor profiles. Read more
Discussion Draft of the NIST Cybersecurity Framework 2.0 Core
NIST is updating the Cybersecurity Framework (CSF) which is widely used to help organizations better understand, manage, reduce, and communicate cybersecurity risks. This recently released CSF 2.0 Core discussion draft identifies the potential Functions, Categories, and Subcategories (also called cybersecurity outcomes) of the NIST CSF 2.0 Core.
This draft Core is preliminary and is intended to increase the overall transparency of the CSF update process, while also provoking discussion about improvements to potential changes to the CSF. Progress updates about NIST’s CSF 2.0 effort, as well as ways to engage, FAQs, and resources can be found on the NIST CSF 2.0 webpage. Read more
Shifting Cybersecurity To A Prevention-First Mindset
Cybersecurity threats are continuously evolving as hackers constantly seek new ways to infiltrate organizational networks. There has been a transition over the years from the castle-and-moat approach of perimeter defense to a focus on detection and response, with organizations investing heavily in EDR (endpoint detection and response), MDR (managed detection and response), XDR (extended detection and response), and other security tools to detect and respond to potential threats. However, as cyberattacks become more sophisticated, it seems like a prevention-first philosophy might be the better approach. Read More
Why Cybersecurity Is a Critical Component of ESG Frameworks
Environmental, social, and governance (ESG) frameworks are becoming increasingly popular among businesses and investors worldwide. These frameworks are designed to provide a standardized, measurable approach to evaluating a company’s performance in terms of its environmental and social impact, as well as the effectiveness of its corporate governance practices.
As more companies adopt ESG frameworks, they are discovering that cybersecurity must be an essential component of their strategy. Learn More
