Cybersecurity Insights with Contrast CISO David Lindner | 4/12/24

Insight #1

I was at the Kernelcon conference last week and heard that Gen AI is going to wreck development because there will be more vulnerabilities than ever. In the same breath, I heard that Gen AI is going to fix more vulnerabilities faster. Can it be both?

Insight #2

Following the July 2023 Microsoft Exchange Online intrusion by the Chinese state group Storm-0558, the Cyber Safety Review Board (CSRB) has slammed Microsoft’s security practices. Securing enterprises is really, really hard, but I think the suggestions provided to MS — four Microsoft-specific recommendations, plus 21 recommendations on cloud cybersecurity practices, audit logging, digital identity standards, cloud service provider (CSP) transparency, victim notification processes, and security standards and compliance frameworks — make a ton of sense. Those recommendations will take time to work through, though. More transparency will be required, and it will get worse before it gets better.

Insight #3

It’s 2024. If you’re in security and don't know that intelligence agencies are trying to infiltrate businesses, you’re missing a major threat vector. As the U.S. Department of Justice (DOJ) is painfully aware — check out last month’s indictment of seven individuals over charges of computer intrusions and conspiracy to commit wire fraud — nation states are playing what some call a long game when it comes to infiltrating the infrastructure of individuals, governments and organizations alike. You may not think it applies to you today, but it sure could tomorrow.