LinkedIn
Most applications have vulnerabilities. Our analysis for our annual State of Software Security report this year found that among 130,000 apps, 76 percent had at least one security flaw. In addition, half of security findings are still open 6 months after discovery.
Our research also unearthed some surprising - and promising - data surrounding ways to nurture the security of your applications, even if the nature is less than ideal.
During this session, key questions we aim to answer will include:
What leads to this state of software security? Is it nature or nurture?
Is it the attributes of the app that the developer inherits - it s security debt, its size - or is it the actions of the developers - how frequently they are scanning for security or how security is integrated into their processes?
Diagram shows how ransomware operators incorporate the SystemBC malware into an attack. (Source: Sophos)
Several recent ransomware attacks, including those involving Ryuk and Egregor, have used a commodity malware variant called SystemBC as a backdoor, security firm Sophos reports.
First uncovered by security firm Proofpoint in August 2019, SystemBC works as a network proxy for concealed communications and as a remote access Trojan, or RAT, that allows threat actors to deploy additional commands and scripts to infected Windows devices and to gather data.
While researchers have tracked SystemBC over the years, the Sophos report finds that its creators have added new features, which ransomware operators and their affiliates are taking advantage of to deploy their crypto-locking malware.
Co-Founder and CEO, Cloudvisory
Lisun Kung, started Cloudvisory 6 years ago to address the challenges associated with multi-cloud security visibility, compliance and governance. With more than 20 years of expertise in security audit, risk management and compliance, Lisun took the challenge to solve the issues associated to multi-cloud security visibility, compliance and governance. As a member of Team FireEye, Lisun is now responsible for leading Cloudvisory s product.
Prior to Cloudvisory, Lisun was Founder and President of TruLogica, an Identity Management Solution, where he set the vision and strategic direction for the company. Trulogica was acquired by Hewlett Packard in 2004. Before moving to Texas in 2000, Lisun served as VP of Technology at Chase Manhattan Bank for seven years in New York, where he led the Internet architecture, security and engineering efforts at the bank. Prior to Chase, Lisun led the software development team at Telecomet, a subsidiary of KDDI America, f
Andrew Levine (left), partner, Debevoise & Plimpton LLP; Vincent Walden, managing director, Alvarez and Marsal
To improve compliance efforts, organizations can turn to a number of technologies, including data analytics. Vincent Walden, managing director at Alvarez and Marsal, and Andrew Levine, partner, Debevoise & Plimpton LLP, share their views on making the most of automation and integration tools. “The pandemic saw increased use of data analytics for data monitoring by compliance teams, Walden says. As compliance and audit teams could not pay site visits, data analytics went a long way in risk assessment.”
Levine adds: “There is an increased reliance on data as a critical tool for mitigating risks. We need to understand how to use that data on a regular basis to understand changing risk profiles.
LinkedIn
From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations risk management capabilities. But no one is showing them how - until now.
Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 - the bible of risk assessment and management - will share his unique insights on how to:
Understand the current cyber threats to all public and private sector organizations;