Monthly Archives: March 2018

The Cybersecurity Industry Needs More Women And The Girl Scouts Take The Lead – Charles Leaver

Written By Kim Foster And Presented By Charles Leaver


It’s clear that cybersecurity is getting more international attention than ever before, and businesses are truly worried if they are training enough security professionals to satisfy growing security threats. While this issue is felt throughout the business world, lots of people did not expect Girl Scouts to hear the call.

Starting this fall, millions of Girl Scouts nationwide have the opportunity to earn cybersecurity badges. Girl Scouts of the U.S.A partnered with Security Company (and Ziften tech partner) Palo Alto Networks to create a curriculum that educates girls about the fundamentals of computer security. According to Sylvia Acevedo, CEO of GSUSA, they developed the program based on need from the ladies themselves to safeguard themselves, their computers, and their household networks.

The timing is good, considering that in accordance with a study launched in 2017 by (ISC), 1.8 million cybersecurity positions will be unfilled by 2022. Factor in increased demand for security pros with stagnant development for ladies – only 11 percent for the past few years – our cybersecurity staffing problems are poised to get worse without substantial effort on behalf of the industry for better inclusion.

Obviously, we cannot depend on the Girl Scouts to do all of the heavy lifting. Broader instructional efforts are a must: according to the Computing Technology Industry Association, 69 percent of U.S. ladies who do not have a profession in infotech pointed out not being aware exactly what opportunities were offered to them as the reason they did not pursue one. One of the great untapped opportunities of our market is the recruitment of more varied experts. Targeted curricula and increased awareness must be high concern. Raytheon’s Ladies Cyber Security Scholarship is a fine example.

To gain the benefits of having women invested in shaping the future of innovation, it is necessary to eliminate the exclusionary understanding of “the boys’ club” and keep in mind the groundbreaking contributions made by females of the past. Numerous folk know that the very first computer programmer was a woman – Ada Lovelace. Then there is the work of other well-known pioneers such as Grace Hopper, Hedy Lamarr, or Ida Rhodes, all who may stimulate some vague recollection amongst those in our industry. Female mathematicians developed programs for one of the world’s very first totally electronic general-purpose computers: Kay McNulty, Jean Jennings Bartik, Betty Snyder, Marlyn Meltzer, Fran Bilas, and Ruth Lichterman were simply a few of the first programmers of the Electronic Numerical Integrator and Computer system (much better referred to as ENIAC), though their essential work was not extensively recognized for over 50 years. In fact, when historians first discovered photos of the women in the mid-1980s, they mistook them for “Fridge Ladies” – models posing in front of the machines.

It’s worth keeping in mind that many think the very same “boys’ club” mentality that neglected the accomplishments of ladies in history has actually resulted in minimal management positions and lower incomes for modern-day women in cybersecurity, along with outright exemption of female luminaries from speaking opportunities at industry conferences. As trends go, omitting intense individuals with suitable knowledge from influencing the cybersecurity industry is an unsustainable one if we hope to stay up to date with the bad guys.

Whether or not we collectively take action to cultivate more inclusive offices – like educating, recruiting, and promoting females in greater numbers – it is heartening to see an organization associated with fundraiser cookies effectively inform a whole market to the fact that ladies are truly thinking about the field. As the Girls Scouts of today are given the tools to pursue a profession in information security, we need to expect that they will become the very women who ultimately reprogram our expectations of what a cybersecurity expert looks like.

Mac Computers Can Be A Threat To Your Security – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver


Do you have Mac computers? That’s fine. I also own one. Have you locked your Macs down? If you haven’t, your business has a potentially major security weak point.

It’s a misconception to think that Macintosh computers are inherently safe and don’t have to be secured against malware or hacking. Many believe Macs are undoubtedly probably more safe than Windows desktops and notebooks, due to the design of the Unix-oriented kernel. Definitely, we see fewer security patches issued for macOS from Apple, compared with security patches for Windows from Microsoft.

Less security problems is not zero defects. And safer doesn’t mean complete safety.

Some Mac Vulnerability Examples

Take, for instance, the macOS 10.13.3 upgrade, released on January 23, 2018, for the present variations of the Mac’s operating system. Like many current computers running Intel processors, the Mac was vulnerable to the Meltdown defect, which implied that destructive applications may be able to read kernel memory.

Apple needed to patch this defect – as well as numerous others.

For example, another problem could permit destructive audio files to execute arbitrary code, which might violate the system’s security integrity. Apple needed to patch it.

A kernel defect suggested that a destructive application may be able to execute random code with kernel advantages, providing hackers access to anything on the device. Apple needed to patch the kernel.

A defect in the WebKit library indicated that processing maliciously crafted web material may cause random code execution. Apple had to patch WebKit.

Another defect meant that processing a harmful text message may result in application denial of service, locking up the system. Whoops. Apple had to patch that flaw as well.

Don’t Make The Exact Same Mistakes as Customers

Numerous customers, believing all the hype about how wonderful macOS is, choose to run without security, relying on the macOS and its built-in application firewall to obstruct all manner of bad code. Bad news: There’s no integrated anti virus or anti malware, and the firewall program can just do so much. And lots of enterprises wish to neglect macOS when it concerns visibility for posture monitoring and hardening, and hazard detection/ hazard hunting.

Consumers frequently make these presumptions due to the fact that they do not know any better. IT and Security experts should never ever make the exact same mistakes – we should understand much better.

If a Mac user installs bad software, or includes a harmful internet browser extension, or opens a bad email attachment, or clicks on a phishing link or a nasty advertisement, their computer is corrupted – similar to a Windows computer. But within the enterprise, we need to be prepared to handle these issues, even on Macs.

What To Do?

What do you have to do?

– Set up anti-virus and anti malware on corporate Macs – or any Mac that has access to your organization’s material, servers, or networks.
– Track the state of Macs, much like you do with Windows computers.
– Be proactive in applying fixes and patches to Macs, again, similar to with Windows.

You should likewise eliminate Mac computers from your business environment which are old and cannot run the latest variation of macOS. That’s a great deal of them, since Apple is pretty good at keeping hardware that is older. Here is Apple’s list of Mac designs that can run macOS 10.13:

– MacBook (Late 2009 or newer).
– MacBook Pro (Mid 2010 or newer).
– MacBook Air (Late 2010 or more recent).
– Mac mini (Mid 2010 or newer).
– iMac (Late 2009 or more recent).
– Mac Pro (Mid 2010 or newer).

When the next version of macOS comes out, some of your older devices may drop off the list. They should fall off your stock also.

Ziften’s Viewpoint.

At Ziften, with our Zenith security platform, we strive to preserve visibility and security feature parity between Windows systems, macOS systems, and Linux-based systems.

In fact, we have actually partnered with Microsoft to incorporate our Zenith security platform with Microsoft Windows Defender Advanced Threat Protection (ATP) for macOS and Linux monitoring and hazard detection and response coverage. The combination allows clients to spot, view, investigate, and react to sophisticated cyber-attacks on macOS devices (as well as Windows and Linux-based endpoints) directly within the Microsoft WDATP Management Console.

From our point of view, it has constantly been necessary to provide your security groups self-confidence that every desktop/ notebook endpoint is protected – and thus, the enterprise is secured.

Believe it or not, 91% of enterprises say they have a number of Macs. If those Macs aren’t protected, and also correctly incorporated into your endpoint security systems, the business is not protected. It’s just that simple.