Week in security: Accelerator woos Aussie infosec innovators; businesses admit 2018 compliance unlikely
- 17 July, 2017 10:07
Cybersecurity pundits have been talking about strategies to boost cooperation amongst the various elements of the industry to reach common goals around information protection. Yet while there are signs of new cybersecurity cooperation – including US president Donald Trump’s subsequently-revoked plans to partner with Russia to form an “impenetrable Cyber Security unit” – a recent ITU analysis found that Australia is falling well behind its peers when it comes to fostering cybersecurity cooperation.
An encouraging sign of local cooperation came with the launch of CyRise, a Melbourne-based accelerator for cybersecurity startups that is now accepting applications for choice packages of commercial and financial support. There’s no telling how many of the companies will be involved in putting the ‘smart’ into ‘smart cities’ but the accelerator’s CEO believes Aussie infosec startups have what it takes to dance with the big boys – as long as someone tells them the dress code.
In the short term, corporate security protections will likely benefit from just a bit more cooperation inside the business. Educating employees about phishing is one part of the effort, while some suggest that you can even use WannaCry to bolster the effectiveness of awareness programs. But even the best-intentioned efforts can go awry – as became clear when a disgruntled former employee caused mayhem for his ex-employer using off-the-shelf infosec tools.
Adding to the pressure on CSOs: new figures suggest that a majority of businesses concede that they’re unlikely to meet the deadlines for new compliance requirements coming into effect next year.
Some security-industry pundits were taking a closer look at the Common Vulnerabilities and Exposures (CVE) Program, which some say is falling behind and needs all the help it can get from a new model for vulnerability tracking.
This has left many vendors ratcheting up their vulnerability-finding efforts through other means – such as a partnership between Atlassian and Bugcrowd that will see the software giant use the latter company’s crowdsourced-debugging services to encourage security researchers to report bugs.
Microsoft released its first security update for the HoloLens AR headset, while Google was applying artificial intelligence techniques to help human reviewers more readily pick up Android apps that demand far too many access permissions from their users.