Skip to content

Cybersecurity Insights with Contrast CISO David Lindner | 8/30/24

    
Cybersecurity Insights with Contrast CISO David Lindner | 8/30/24

Insight #1: North Korean IT spies

The threat of state-sponsored cyber espionage is real and evolving. Recent reports reveal North Korean IT professionals are using stolen identities and advanced tactics to infiltrate private companies. These "spies" are not just seeking employment, but are actively engaged in espionage and illicit revenue generation for North Korea. This poses a significant risk to businesses, as these individuals can gain access to sensitive information and intellectual property. It's a wake-up call for all security leaders to strengthen hiring and vetting processes, incorporating advanced techniques to detect these imposters. 

 

Insight #2: The vulnerability disclosure dilemma

The vulnerability disclosure process is supposed to be a collaborative effort between security researchers and vendors. However, reality is often far from ideal. Misaligned expectations, poor communication and even attempts to bury vulnerabilities create a frustrating and potentially dangerous situation for CISOs. We need more transparency and better collaboration between researchers and vendors to ensure that CISOs have the information they need to protect their organizations. 

 

Insight #3: Two-factor authentication: Not invincible

Two-factor authentication (2FA) is widely considered a crucial security measure. However, as this article demonstrates, 2FA is not foolproof. Cybercriminals are constantly developing new techniques to bypass 2FA, such as SIM swapping, phishing attacks and exploiting vulnerabilities in authentication apps. The key takeaway? While 2FA is still an important layer of security, it's crucial to understand its limitations and implement additional security measures, such as strong passwords, security awareness training and regular security audits.  

David Lindner, Chief Information Security Officer

David Lindner, Chief Information Security Officer

David is an experienced application security professional with over 20 years in cybersecurity. In addition to serving as the chief information security officer, David leads the Contrast Labs team that is focused on analyzing threat intelligence to help enterprise clients develop more proactive approaches to their application security programs. Throughout his career, David has worked within multiple disciplines in the security field—from application development, to network architecture design and support, to IT security and consulting, to security training, to application security. Over the past decade, David has specialized in all things related to mobile applications and securing them. He has worked with many clients across industry sectors, including financial, government, automobile, healthcare, and retail. David is an active participant in numerous bug bounty programs.