Online Training Special: Get an iPad Mini, Surface Go or $300 Off through July 10!

SANS Security Insights: Category - SANS Analyst

Nuclear Sector's Biggest Risk: Lack of Trained Security Pros

Recent OIG report aligns with new SANS OT/ICS Survey results

By Deb Radcliff, Creative Director, SANS Analyst Program

The biggest risk to nuclear energy sector security is lack of people trained in cybersecurity and risk management, according to a new report released by the U.S. Office of Inspector General (OIG) about the Nuclear Regulatory Commission's threat readiness. The OIG report was released at the same time SANS published the results of its OT/ICS Security Survey , saying pretty much the same thing.


Women Influence in InfoSec Is on the Rise (and That's a Good Thing)

If ever there was a year for women in InfoSec, it is 2019.

By Deb Radcliff, Creative Director,SANS Analyst Program

In May 2019 , when 125 women in IT security took their message to Washington during the third annual event coordinated by the EWF (Executive Women's Forum on Information Security, Risk Management & Privacy), I got to thinking: What influence do women truly have in InfoSec, and how does that influence impact the decision-making and policy-making processes?


Risks to Travel Apps Revealed in New Study

By Deb Radcliff, Creative Director, SANS Analyst Program

Those airline apps that make travel so convenient are also endangering sensitive customer data, according to a new study from Pradeo Lab that tested 50 airline security apps.

The report calls out numerous vulnerabilities that exposed data not only on networks, but also on users' actual devices.


Poisoning the Computing Supply Chain: Our New, Dark Reality

By Deb Radcliff, Creative Director, SANS Analyst Program

As a cybercrime writer for more than 25 years, I've asked some dumb questions, especially in my early days. Looking back now, however, those questions don't seem so stupid after all.

For example, in 2000, I asked a group of Cisco engineers, "Why don't we just change IP since that trust model is the source of most our problems?" They were incredulous, saying that IP would never change. But isn't that what IPV6 is?

But the most chilling stupid question I ever asked was, "What happens if my auto update turns out to be malicious?" For conjecturing this idea in my Hack of the Month column for Computerworld, I nearly got shouted off my pedestal as a columnist. "Updates will always be secure. They come from the vendors," my readers said.


Weaponized Vulnerabilities on the Rise

The term "weaponizing vulnerabilities" means to find and use vulnerabilities as part of the attack package.

By Deb Radcliff,Creative Director,SANS Analyst Program

The weaponization of common vulnerabilities found in pervasive systems is happening more often and faster than in the past, according to a RiskSense report published April 23. In the study, RiskSense reports a steep uptick in the number of weaponized exploits against flaws in the Adobe family of products, even as the number of actual vulnerabilities declined.