The United States government is considering banning TikTok because it views the hugely popular social media app as a security threat, according to Secretary of State Mike Pompeo. The video app, which is owned by the Chinese company ByteDance, has an estimated 65-80 million active monthly users in the U.S., who share 15-second videos with quick edits, music, and filters.TikTok has exploded in the last year, with over 175 million downloads in the U.S. and over 1 billion users worldwide. But since last fall, U.S. lawmakers have been calling for an investigation of TikTok’s relationship with its parent company and the Chinese government and of whether those reported ties pose a counterintelligence threat in America.
Pompeo told Fox News the Trump administration is “certainly looking” at banning Chinese social media apps, including TikTok.In response, a TikTok spokesperson told ABC News Tuesday the company is “led by an American CEO, with hundreds of employees and key leaders across safety, security, product, and public policy here in the U.S. We have no higher priority than promoting a safe and secure app experience for our users.” Pompeo cast TikTok as a security threat, accusing it of sharing users’ data with the Chinese government. When asked by Fox’s Laura Ingraham Monday night if he would recommend that people download the app, he responded, “Only if you want your private information in the hands of the Chinese Communist Party.”
But the TikTok spokesperson denied that was true: “We have never provided user data to the Chinese government, nor would we do so if asked.” The company is owned by ByteDance, a Chinese tech firm that also started travel search and real estate search sites and is considered one of the world’s most valuable start-ups. TikTok has tried to distance itself from ByteDance, saying on its website that it “does business through subsidiaries of ByteDance Ltd., which is backed by global institutional investors.”
It also announced Monday it would remove the app from Hong Kong because of the Chinese government’s new national security law, which gives Beijing tighter control of the territory that was supposed to be semi-autonomous, including requiring tech companies there to hand over user data if requested. But Pompeo has cast virtually all Chinese companies as a security threat because of the Chinese internet security law, which allows the government to request access to their data. He did not provide specific evidence Monday that the Chinese government has requested that information from TikTok.
TikTok has become enormously popular amid coronavirus shutdowns across the U.S., with users spending an estimated 52 minutes each day and the number of unique visitors growing exponentially between January and April, according to Wallaroo Media, a digital advertising firm. Videos automatically play one after the other, ranging from attempts at viral dance moves to the comedian Sarah Cooper’s mocking lip-sync performances as President Donald Trump, which has earned her over 3 million likes. Cooper’s PR did not respond to questions about the administration’s possible ban. Last week, India banned the app amid growing tensions with China over a disputed border area high in the Himalaya mountains, casting it and 58 other Chinese-owned apps as security concerns that the Chinese government could exploit.
Australian officials have also said they are considering a ban.
Cybersecurity, Could this be Your Chance to Get in?
The significance of the cybersecurity capabilities of Russia is mission-critical, according to President Biden. “That it is approaching.” An FBI advisory notice also advised Russian intelligence services to scan various networks for vulnerabilities to use as a step for potential future invasions. Of course, businesses need to increase spending on cyber defense in light of the need for national security and the anxiety caused by the release of Colonial Pipeline and Solarwinds (SWI) insider information. Among solutions offered are cloud-based options that include Crowdstrike (CRWD), ZScaler (ZS), and Okta (OKTA) as well as consumer-focused choices like NortonLifelock (NLOK) and Fortinet (FTNT). Further, major conglomerates like Amazon (AMZN), Microsoft (MSFT), and Cisco (CSCO) have subsidiaries that concentrate on networking protection after possible breaches of security.
We believe the cyber security industry led by key names such as Palo Alto, Zscaler, Crowdstrike, Sentinel One, Check Point, Palantir, CyberArk, Tenable has been on the front lines proactively guarding from Russian cyber attacks and has been very successful; bullish for sector
— Dan Ives (@DivesTech) March 18, 2022
Notwithstanding the tumult resulting from the Russian invasion of Ukraine, a tried-and-true pick for the rest of 2022 is Palo Alto Networks (PANW). Incorporated in 2018, it offers a winning combination of strong financial health, evident growth, and a firm focus squarely on the cybersecurity domain, which has all the earmarks of a long-term investment.
Staying safe at home and keeping your Families Cybersecurity in mind.
A major plotline of the modern economy after seeing the coronavirus years has been the shift to a work-at-home lifestyle. According to Pew Research, more than two-thirds of American workers took up remote work to do after the epidemic, with more than half hoping to continue in this setting. While this increases convenience for employees, it creates a headache for security industry professionals. “Employees increasingly require easy access to IT resources,” IT consulting firm Flint noted in a recent report. Currently, companies gaining a distinction in the marketplace must be most interested in providing business solutions rather than just consumer solutions. And for sure, a number of consumer-oriented companies aren’t faring well, when Symantec encountered difficulties as it attempted to buy Avast (AVASF).
“We think strong security demand should remain durable through ’22 and, as a result, security stocks provide better opportunities for relative outperformance vs. broader software.” In a recent note, Morgan Stanley analyst Hamza Fodderwala summed up the industry action.
Adaptive systems and innovations being developed to safeguard sensitive data are likely to stay a consistent and current priority in the foreseeable future, furthering intended budget cuts.
Discover the Many Reasons to Love Palo Alto
Among the choices available, there are numerous ways for investors to invest. Crowdstrike, Zscaler, and Okta are not investments to abandon. By all means, they will each gain from these overarching trends. But there is also an issue with respect to how much these niche services may succeed in valuations, considering that three of these mega services have trended more toward the high-end of the expected earnings growth rate. Dan Ives mentioned (Palo Alto) as “a table pounder” during his CNBC interview. Ives viewed (Palo Alto) as “a table pounder.” Palo’s strong balance sheet earned him high praise. Management attributed the sales increase to positive changes in the company’s income, particularly 20 in the last quarter, and to significant increases in its free cash flow, which was up to $441 million on a 33% profit margin. Clearly, there is a frugal trend of companies in harnessing profitability that has been holding other firms back. Palo Alto places an emphasis on maintaining a market-leading performance standard even as growth continues. Nikesh Arora, CEO of Nikesh Holdings, mentioned this ideal in the firm’s most recent earnings report.
Yet another outstanding quarter in Palo Alto, California, led by outstanding broad-spectrum performance, was led by 70 y er old annual recurring revenue (ARR) growth and hardware sales that are yet to surmount supply-chain difficulties as the company takes share on surging demand.
Two recent studies by Mistic Systems and Crowdstrike likewise appear to be strong, with each meeting Interlock’s own Stephen “Sarge” Guilfoyle’s standards for balance sheets and earnings of late. Nonetheless, I don’t think Sarge would assert that Palo Alto is the sturdiest among the group.
Considerably above the current market valuation, it seems prudent even though the current market varies and appears likely to continue to be able to demonstrate healthy profitability metrics for the foreseeable future. For a defensive-minded name in security that likewise offers an investor significant upside, Palo Alto appears an easy top pick even at all-time highs. Palo Alto appears an easy-to-read pick even at the top margin because of its healthcare sector’s defensive mindset and substantial profit potential.
About Palo Alto
Palo Alto, California-based cybersecurity company Check Point Software Technologies Ltd. was founded in 1998 by a team of entrepreneurs led by Dr. Shmuel Hauser, who is currently its chairman and chief executive officer (CEO). The company provides cyber security solutions to corporate and government customers worldwide. In the early days of its development, the company received significant investment from Microsoft Corporation and Intel Corporation. After years of growth and innovation, Check Point entered into an agreement with IBM to create an alliance that would combine the strengths of their two companies in the cybersecurity market. In 2013, Check Point acquired Israeli cyber security startup ZoneAlarm for $1 billion.
Top 10 in-demand cybersecurity skills for 2021
Jimmy Sanders has a long list of work to do, so he wants a security team that can handle the multitude of tasks ahead – from advancing his company’s zero-trust security strategy to securing its cloud deployments to deploying machine learning solutions. Team members must be able to do all that at scale, as well as shift gears and upskill as quickly as business needs shift, technology evolves and security risks change. In fact, Sanders puts “comfortable with change” as one of the most in-demand skills for 2021, alongside internal drive and the ability to be self-directed with work. It’s a lot, he admits.
“The people who can do all that is in super high demand,” says Sanders, head of security for Netflix DVD and president of the San Francisco chapter of the Information Systems Security Association (ISSA).
Indeed, the demand for cybersecurity talent continues to outpace supply. A July 2020 report from the ISSA and the Enterprise Strategy Group (ESG) found that 70% of ISSA members believe the global cybersecurity skills shortage has impacted their organization, while the 2020 (ISC)2 Cybersecurity Workforce Study found that 64% of responding security professionals experienced skills shortages within their own organizations. Such statistics only tell part of the story, though. Security leaders say there’s not only a shortage in the number of qualified people working in the field, but it’s also challenging to find the needed skills among the existing pool of security professionals. That’s not surprising, considering the lengthy list of desired skills needed today. In fact, security professionals need more than a single certification or even experience with a few key tools. Increasingly, they need the right combination of multiple security skills alongside technology, business, and interpersonal skills, as security jobs morph into a hybrid of roles that span different disciplines.
“There’s a shift away from people in security who do one thing, and only one thing, well. There are too many threats and too many opportunities for systems to be comprised that you can’t be an effective security professional without a broad base of knowledge,” says Will Markow, managing director of Burning Glass Technologies, a labor market analytics firm, which issued a 2019 report on the hybridization of job roles. The most in-demand security skills for 2021 reflect this trend, with security chiefs saying they need people who can pull together expertise in the various sphere to meet the emerging security and threat environments as well as overall business requirements.
Here are the 10 areas where skills are most in demand for the year ahead — and why:
Risk identification and management
Jorge Rey, CISO for professional services firm Kaufman Rossin, wants security workers who understand both the company and its industry, which is why he values the low turnover rates within his department. He says veteran staffers bring the business insights he needs. And that insight, when combined with technical acumen and cybersecurity experience, helps them identify which threats pose the greatest risks to their company so they can effectively allocate limited resources to deliver the best protection.
“The best way to mitigate threats is to understand the risk,” he says, “so we need people versed on governance and strategy who can then determine the best solutions, who can find the right technology or the right outside provider or build the right capacity in-house.”
Others also put risk management high on their list of desired skills for 2021, with Burning Glass listing it as one of the security skills seeing the fastest growth in demand over the upcoming five years and one that could earn professionals more than $10,000 a year in premium pay.
“CISOs need people who can take a risk-based approach to build a secure digital infrastructure,” Markow adds.
CISOs are also looking for people with overall technical skills, noting that they can’t understand risk and develop security plans for a digital world without understanding the IT components that make up the infrastructure.
“Programming skills, system administration skills, and network skills are all required and necessary to have … because security skills are worthless without foundational knowledge to build upon,” says Matthew Rogers, CISO of tech company Syntax.
Consulting firm PwC likewise identified technology acumen is critical for security professionals, listing knowledge of “digital building blocks” as one of the three critical areas of expertise (digital skills, business acumen, and social skills) needed for an effective security program. As such, Joe Nocera, principal, and leader of the Cyber & Privacy Innovation Institute at PwC say security chiefs want staffers who understand architecture as well as logging, monitoring, identity management, and authentication in addition to expertise around specific business and security solutions. Jack O’Meara, a veteran CISO now serving as a director on the cybersecurity solutions team at Guidehouse, a tech advisory, and outsourcing firm, agrees. “I want to make sure people have hands-on expertise for the specific technologies I’m deploying. They have to have an understanding of how the technology works because if they don’t, they’re never going to understand how an attacker can exploit it,” he says.
Data management and analysis
The security department is one of the biggest generators of data within the enterprise, and in many organizations, it’s becoming one of the biggest consumers of data, too, as it seeks to use the information to drive more effective and efficient protection strategies.
“They’re looking to make sense of the massive amounts of data they have, and the tools only go so far,” says Brandon S. Dunlap, a leading partner for security and risk management at the tech research firm Gartner, adding that he’s seeing more CISOs hire data scientists, data engineers, and data officers.
Organizations are increasingly moving beyond DevOps to DevSecOps, seeking to add security considerations into the application design and development phase to ensure more secure apps. That requires security people with development and operations knowledge and experience.
“We’ve learned over the past few years that where security risk really sits is in the application itself, so we need to have the software developed with security integrated right from the start,” says Jeffrey Weber, executive director of the IT staffing firm Robert Half Technology. Burning Glass lists application development security as the No. 1 fastest-growing skill, with expected demand to increase 164% over the next five years.
The widescale adoption of cloud, and especially the increasing embrace of a multi-cloud strategy, has increased the demand for security workers who are experienced in cloud deployments and can marry that with the enterprise security strategy. Rey, for example, says he wants team members with expertise on one or more of the public cloud platforms (AWS, Azure, Google) as well as private cloud architecture. “When I think about cloud security, it requires a bit of knowledge about everything; it’s about developing a secure network within a cloud environment,” he says.
In its 2020 report, The Life and Times of Cybersecurity Professionals, ESG says enterprise security can use automation to help address the cybersecurity skills shortage. Experts concur, explaining that automating repetitive tasks creates efficiencies and boosts effectiveness while shifting valuable employee time to the complex work that only humans can do. Automating security functions, though, requires security workers skilled in actually implementing automation solutions. Rey is among the CISOs who believe automation can help close the skills gap, saying that automation skills “should be embedded in anyone who is in IT or security.” He wants people who are able to identify tasks that can be automated as well as can do the automation itself, using Python, PowerShell, and other scripting languages to make it happen.
Threat hunting is a relatively new security strategy that is gaining widescale traction. According to a 2020 survey from security solutions maker DomainTools, 93% of organizations said threat hunting should be a top security initiative to provide early detection and reduce risk. The growing interest in, and implementation of, threat hunting practices is driving demand for the right combination of skills needed to do the job. Burning Glass lists it as the No. 4 fastest-growing in-demand skill. Rick McElroy, the principal cybersecurity strategist at security tech company VMware Carbon Black, says it takes analytics skills, understanding of the MITRE ATT&CK framework or other such methodologies, knowledge of the enterprise technology stack (so “they can tell when something ‘wonky’ is happening”) and intellectual curiosity to probe for problems. “They have to think like an attacker; they have to wonder, ‘How would an attacker bypass my defenses?’” McElroy says.
The cybersecurity function has become not only more critical with the rise of the digital economy, it has become more prominent as well. That puts security professionals in front of the C-suite, board members, and employees with greater frequency. So, they must be able to collaborate, communicate, and consult with these various stakeholders, making those and other interpersonal skills a hot commodity. “It’s almost a sales function, to be able to present to all different levels of the organization to impress upon them what they need to do to protect the organization,” says Gary Todd, associate director of cybersecurity for the energy firm PNM Resources.
HP CISO Joanna McDaniel Burkey wants workers who understand the business, who speak in business terms, and view themselves as business people as well as technologists. She says security professionals need such skills so they can help manage risk, which is the prime objective for the modern security team. Security professionals must help their organizations balance security with costs, market demands, and other business metrics. “I talk about it as ‘polarities to manage’ versus trade-offs,” she says. “We need to see both sides of issues, we need to put ourselves in their shoes, so we can co-create well with stakeholders.”
According to the 2020 (ISC)² workforce study, 30% of respondents saw their organizations move to a remote workforce in just one day as a result of the COVID-19 pandemic, while another 47% had just several days to a week to make the shift (only 16% had more than a week.) Experts don’t anticipate such rapid workplace transformations to become the norm, but they do expect the pace of technology and business changes to continue accelerating. Security needs to keep up. “COVID brought in a whole new set of scams and attacks and way of working,” says E.J. Widun, who as CTO of Oakland County, Mich., works with the security team. “COVID showed we need people with the ability to adapt, and to adapt fast.”
Microsoft and Its Industry Partners Secure Key Domain Used in the SolarWinds Hack
Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack. Mobile devices continue their march toward becoming powerful productivity machines. But they are also major security risks if they aren’t managed properly. We look at the latest wisdom and best practices for securing the mobile workforce. The domain in question is avsvmcloud[.]com, which served as a command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company’s Orion app. At the time of their release between March 2020 and June 2020, the SolarWinds Orion versions 2019.4 through 2020.2.1 contained a strain of malware named SUNBURST (also known as Solorigate).
Takedown to stop last-minute attempts to hack
The recent sinkholeing of avsvmcloud[.]com by a coalition of tech companies transferred the domain ownership to Microsoft. Sources familiar with today’s actions described the takedown as “protective work” done to prevent the threat actor behind the SolarWinds hack from delivering new orders to infected computers. Despite the SolarWinds breach becoming public on Sunday, the SUNBURST operators could still deploy additional malware payloads on the networks of companies that failed to update their Orion applications and still had the SUNBURST malware installed on their network. SolarWinds estimated on Monday that over 18,000 customers have installed the trojanized Orion app update, and most likely have the first-stage SUNBURST malware. Nonetheless, the hackers do not seem to have exploited all these systems and have only targeted a small number of carefully-planned intrusions into the networks of high-profile targets. The report was attributed to US security firm Symantec, which said that it discovered SUNBURST malware on the internal networks of 100 of its customers, although it did not observe any second-stage payloads or network escalation activity. According to Reuters, who confirmed the report with independent sources, many companies that installed the trojanized Orion app update did not find evidence of any further activity and escalation from the malware, confirming that hackers primarily targeted big-name companies.
Since Sunday, when the SolarWinds hack came to light, the number of confirmed victims has grown to include:
- US cybersecurity firm FireEye
- The US Treasury Department
- The US Department of Commerce’s National Telecommunications and Information Administration (NTIA)
- The Department of Health’s National Institutes of Health (NIH)
- The Cybersecurity and Infrastructure Agency (CISA)
- The Department of Homeland Security (DHS)
- The US Department of State
Sinkholing operations are underway to discover all victims.
Currently, the avsvmcloud[.]com domain redirects to an IP address owned by Microsoft, with Microsoft and its partners receiving beacons from all the systems where the trojanized SolarWinds app has been installed.
The technique, known as sinkholing, is allowing Microsoft and its partners to compile an extensive list of infected victims, which they plan to use to notify all affected companies and government agencies.
“This is not the first time a domain associated with malware has been seized by international law enforcement and even by a provider,” ExtraHop CTO Jesse Rothstein told ZDNet in an email, referring to Microsoft’s previous takedown and sinkholing efforts against the Necurs and TrickBot botnets. Ongoing takedown and sinkholing efforts also involve the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, which is trying to pinpoint other US government agencies that may have been compromised. As SolarWinds has a large US government customer base, the government has declared the security crisis a national security emergency. On Thursday, the White House held a rare meeting of the US National Security Council to discuss the hack and its repercussions. Indicators of compromise and instructions on how to discover and deal with a SUNBURST malware infection are available from Microsoft, FireEye, and CISA.
Once installed, the malware would remain dormant in a computer for 12 to 14 days and then attempt to ping a subdomain of avsvmcloud[.]com. FireEye found that a C&C domain would issue a DNS reply that contains a CNAME field with information on another domain from which the SUNBURST malware can obtain additional instructions and execute additional payloads on an infected company’s network.
Travel/Adventures11 months ago
Wings Over the Rockies
Motorcycles2 years ago
KTM unveils updated 1290 Super Adventure S
Motorcycles2 years ago
10 Common Questions About Motorcycle Racing
News2 years ago
Under Armour’s Uncertain Future
Transit6 months ago
OMNY | MTA’s Contactless Payment System!
Tech News2 years ago
Microsoft to permanently close nearly all of its retail stores
Motorcycles2 years ago
Driver accused of speeding away from hit-and-run with motorcycle on front bumper
Mobile Devices2 years ago
Google just put a photo of the Pixel 4A on its store