13347481263?profile=RESIZE_180x180“This is a National Security Threat,” says Kymberlee Price.  Ransomware is doing more to change the security landscape than the last 20 years of Secure Development Lifecycle, DevSecOps, Zero Days, Breaches, or any corporate memo.  Pair this with predatory pricing models from software vendors that sell security features as add-on products in premium or enterprise tier licenses, and you’ve got a perfect storm that hits small and medium sized businesses (SMBs) the hardest.

In this hard-hitting talk, Ms. Price reveals the technical chaos facing the US’s largest employment sector: SMBs.  With restricted budgets, a lack of expertise, no access to consumer reports by which to clearly compare products, and a SaaS industry that makes basic security features like SSO a premium add-on, many businesses remain easy pickings for threat actors in a rapidly expanding crimeware landscape.[1]

Why should we care about this, is it really a national threat, and what can a bunch of security engineers do about it?

13347481461?profile=RESIZE_584xLink to Video: https://youtu.be/cmsBUq1vcxc

About the Author - Kymberlee Price is a dynamic engineering leader and public speaker known for developing high-performing multidisciplinary teams responsible for the security and integrity of software products, services, and infrastructure. A recognized expert in the information security industry, she has extensive experience in product security incident response and investigations, coordinated vulnerability disclosure and bug bounties, Secure Development Lifecycle (SDL), and Open Source Security strategy. Kymberlee speaks regularly at conferences around the world and is currently on the content review board for Black Hat USA and LocoMocoSec.

About LABScon - This presentation was featured live at LABScon 2024, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLabs.

This article is shared at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  Red Sky provides indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://register.gotowebinar.com/register/5378972949933166424

[1] https://www.sentinelone.com/labs/labscon24-replay-let-them-eat-cake-secure-by-upgrade-software-is-a-national-security-threat/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!