STE WILLIAMS

Could these advanced technologies be putting user data at risk?

From unlocking your smartphone with your face to boarding a flight with your fingerprints, the use of biometric data for authentication is becoming commonplace. In both identity management and identity verification, biometric applications are making marked improvements over current security protocols.

Traditional methods of identity management, while effective, are often a bother for end users. Passwords are hard to remember, even with password management software, and multifactor authentication (MFA) can be inconvenient. Despite the appeal of using biometric data to authenticate, are these systems actually more secure than passwords and MFA? And, more importantly, could they put user privacy at risk?

The risks of using biometrics fall into a few categories, including data and network hacking, rapidly evolving fraud capabilities, biometric enrollment security, familiar fraud (that is, caused by a family member or friend), spoofed sensors, and sensor inaccuracy.

One of the greatest risks is data security. Biometric sensors produce digital maps of a body part, which are then used for future matching and unlocking. That digital map can be stored locally on some devices (such as an iPhone fingerprint sensor) or transmitted across a network to a central storage database. Locally held data is significantly better protected because it is never out of your control while in transit. Data in motion must be encrypted on its way to storage and then secured. In both transit and storage, the data is vulnerable, and hackers are fairly adept at breaking into either, particularly if the data isn’t encrypted.

There have been many data hacking events over the past few years that demonstrate the potential for losing control of the data. For instance, the June 2015 hack of the US Office of Personnel Management resulted in the loss of 5.6 million unencrypted fingerprints of current and former US government employees.

Data in Danger
Biometric data is also at high risk when the data is first recorded and when the data is being changed. During these times, the data is in danger because it can be altered from a single point of interaction. Within biometric enrollment events, the biometric system can be exposed to fraud during the sign-up process. It is essential that identity is clearly established during the enrollment process, or the entire system is compromised. Familiar fraud is similar, as it takes place during enrollment or during a change to the recorded data. In this event, a person “familiar” to the person being identified gets control of the device that is used to sign up and records his or her own data instead of the data of the actual account owner.

Though it might seem difficult to fool a biometrics sensor, history has proven otherwise. The evolution of both sensors and the methods used to spoof them is an arms race between sensor vendors and black-hat hackers. Early fingerprint sensors could be fooled by a small piece of Play-Doh or a Gummy Bear. Image and facial recognition sensors have been fooled (in a laboratory environment) by 3-D images or unique shapes that can make the sensor “see” something different than the actual face, or identify the face in the image as the correct individual.

Sensor accuracy is somewhat of a security risk, but perhaps even more a privacy issue. When a user enrolls in a biometric system, his or her information is likely recorded in a well-lit, stable, predictable environment. But in the recurring use of the sensor, the conditions will not be ideal, and will probably have degraded. This opens up some issues, ranging from the simple inability to access a system to the misidentification of an individual. In practice, these problems can have significant implications because government agencies use simple fingerprint identification and increasingly more sophisticated facial recognition (or other biometrics) for identification and criminal investigation.

The central issue is that biometric authentication technologies pose privacy and security concerns: once biometric data has been compromised, there is no way to undo the damage. For a compromised password, you simply change it; for a fingerprint, ear image, or iris scan, you’re stuck with the compromised biometric. You can, in some instances, change the biometric used, but even the ones that can be exchanged are limited. Biometric identifiers link the person to the system or activity in an explicit way. That’s fine when unlocking your mobile device with a fingerprint or facial scanner, but there are other linkages that individuals will not find comfortable; for example, when used to authorize credit or debit transactions, your purchase history is uniquely tied to you.

Ultimately, the simplicity and performance of biometrics still outweigh most of the security and privacy risks. We should expect biometric use to continue to expand. The collection, use, and security of biometric data, however, is so far fairly unregulated. In the EU, the General Data Protection Regulation (GDPR), which goes into effect in May, does address biometric data as one of a few “special categories of personal data.” With a few exceptions, the GDPR prevents the sharing of this data without express consent. In the US, however, there isn’t a clear federal regulation addressing biometric data; instead, use of biometrics is managed by a series of overlapping and contradictory laws from both federal and state agencies.

Today, the best protection in the US comes from some self-regulating guidelines developed by industry groups and government agencies. As use grows, biometrics must become more regulated or user privacy could be at risk.

Related Content:

• 6 Tips for Building a Data Privacy Culture
• Takeaways from the Russia-Linked US Senate Phishing Attacks
• Less than 10% of Gmail Users Employ Two-Factor Authentication

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Michael Fauscette is the Chief Research Officer at G2 Crowd, a leading review website for business solutions. Prior to joining G2 Crowd, Mr. Fauscette spent 10 years as an executive and senior analyst at technology market research firm IDC, where he led worldwide business … View Full Bio

Article source: https://www.darkreading.com/endpoint/biometrics-are-coming-and-so-are-security-concerns/a/d-id/1331536?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Bots run by shady websites are abusing the redirection functionality found in some US government websites to create thousands of phantom “pages” linking to unsavoury content.

Gizmodo reported on Tuesday that it had discovered the flaw on the Justice Department’s AmberAlert.gov website, an emergency broadcast system for sending alerts about suspected child abductions.

A website run by the US Justice Department and used to gather information about missing and abducted children is redirecting visitors to porn sites with names such as “schoolgirl porn” …

Naked Security can confirm that the flaw also exists on a plethora of other government websites too, including: a website operated by the US Congress, websites used to access important federal services and local government sites at the state and county level.

Gizmodo reports that “the Amber Alert site was repaired … efforts [are] underway to address any similar issues affecting other government domains”.

The government websites being abused in this way haven’t been hacked. No pages have been created – it’s just that the way the government sites handle page redirects makes it possible for an attacker to fool Google into thinking they have.

They likely do this in the hope it will improve their chances of being found in a Google search – either because there are multiple URLs for one page, or because it improves the attacker’s PageRank.

Simplistically, Google’s fabled PageRank algorithm treats links from one website to another as a “vote” for the site being linked to. The votes are weighted so that links from sites with a high PageRank are more valuable than links from sites with a low PageRank.

All other things being equal, the better your site’s PageRank, the better it will do in search results.

The attack works like this:

An attacker operating the website attacker.example creates a computer program to crawl the web looking for websites with an open redirect flaw (also known as unvalidated redirects or unvalidated forwards).

During its crawl it finds a government website, we’ll call it victim.example, with a vulnerable redirection page at victim.example/redirect.

The vulnerable redirection page takes a parameter, let’s call it url, that indicates which page a user should be redirected to if they click on or type the link. This allows the attacker to concoct a victim.example URL that will actually bounce users to a page on the attacker’s website:

http://victim.example/redirect?url=attacker.example/page-1.html

And the attacker isn’t limited to one URL. Each redirect is a unique URL that Google will treat as a separate page, so an attacker can generate URLs for every page on their website.

http://victim.example/redirect?url=attacker.example/page-1.html
http://victim.example/redirect?url=attacker.example/page-2.html
http://victim.example/redirect?url=attacker.example/page-3.html
...
http://victim.example/redirect?url=attacker.example/page-9999.html

Note that the victim’s site isn’t breached and no pages have been created on the victim’s site – all the attacker has done is discovered that they can make a URL with a victim.example domain.

Now they have to use that capability, somehow.

They could use the open redirect to create trustworthy-looking links that redirect to phishing pages, malware downloads or other dangerous content, and put those links in emails, tweets or other messages.

In this case though they want to get listed in Google search results so all they have to do is put the links somewhere Google’s web crawler will find them, such as their own website.

When the Google crawler visit’s the attacker’s site it finds a link to the victim.example redirection page. It follows the link and the page that it finds there gives the attacker two bites of the cherry:

1. The page includes a PageRank boosting link to a page on attacker.example
2. After a few seconds it redirects the Google crawler to the page on attacker.example

Google catalogues the content it finds on the attacker.example page under the victim.example URL it used to get there, leading to search results that look like this:

The lesson, as ever, is that any and all user input should be treated as hostile until it has been checked and sanitised.

If your website’s redirection code relies on a parameter that users can manipulate, have a good long think about whether that’s the right approach. If you’re sure it is, be careful to reject anything that doesn’t match the strict criteria for sites you’re happy to link to, using something like a closed list of friendly sites or pages.

You can add a belt to your braces and make it difficult for other sites to hijack your redirection code by forcing them to supply a nonce (a “number used once”) known only to your site, along with the URL they want to redirect to.

Follow @NakedSecurity
Follow @MarkStockley

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/WQZkbHwqFRw/

Booz Allen survey shows most organizations’ answer to the security skills shortage may be unsustainable.

RSA CONFERENCE 2018 – San Francisco – Invest in more expensive security technology, ask security pros to work longer hours, offer them more money, even train non-cyber employees to do some of the security tasks – those are all methods organizations use to address their shortage of skilled security staff. And according to a new report, they all rank higher on the priority list than providing training to help their security staff learn new skills. 

The national survey of 250 IT decision-makers, released today by Booz Allen and KRC Research, found that 83% of respondents have open cybersecurity positions to fill at their company, with 72% saying it is especially challenging to fill advanced roles like threat hunters and malware reverse engineers.  

In an interview with Dark Reading, here, Booz Allen vice president Anil Markose said, “You walk the show floor here [at the RSA Conference] and see, these products are getting more complicated. So the technical chops to use them,” are something companies must have, either on their own teams or through service providers.

“These findings are rooted in what Booz Allen has understood for quite some time – products alone won’t make organizations secure, tools are only effective when a skilled workforce is in place to use them,” said Booz Allen’s U.S. Commercial Lead, Bill Phelps, in a statement.

However, the report states, that organizations are using “short-term staffing fixes to protect their business, often making the problem worse. 

To address the shortage of skilled staff, respondents say their business prioritizes turning to tools and software (56%), training non-cyber employees (52%), and asking employees to work longer hours (45% percent). To be more competitive in the market for the best cybersecurity talent, respondents say they prioritize offering candidates the higher compensation (54%) and investing continuously in the latest cyber technologies (51%) over training and apprenticeship opportunities (35%) and paying for further education at colleges, universities or boot camps (34%).

Join Dark Reading LIVE for an intensive Security Pro Summit at Interop IT X and learn from the industry’s most knowledgeable IT security experts. Check out the agenda here.Register with Promo Code DR200 and save $200.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad … View Full Bio

Article source: https://www.darkreading.com/careers-and-people/firms-more-likely-to-tempt-security-pros-with-big-salaries-than-invest-in-training/d/d-id/1331605?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Dark Reading caught up with Microsoft’s Bret Arsenault to discuss intelligence, identity, and the need to leverage more diverse datasets.

RSA CONFERENCE 2018 – San Francisco – The need to simplify security drove Microsoft to break its strategy into three distinct parts: platform, intelligence, and partnerships. It was the importance of data that CISO Bret Arsenault focused on during an interview with Dark Reading this week at the RSA Conference. 

“Intelligence, in general, is a big differentiator in how we think about security now, versus what we could do five years ago or ten years ago,” Arsenault said. While Microsoft is securing everything in its Windows platform by default establishing partnerships in the public and private sector, it’s the company’s massive, diverse data store that’s shaping its strategy.

The effectiveness of artificial intelligence and machine learning, two of the biggest buzzwords circling the security industry (along with blockchain), heavily rely on data, Arsenault said. Threat intelligence became core to Microsoft’s plans fifteen months ago, following a $1 billion investment to integrate security across its products and services.

Throughout 2016, those funds went toward projects such as doubling the number of security execs and launching the Microsoft Enterprise Cybersecurity Group (ECG) and Cyber Defense Operations Center (CDOC). By the end of the year, Arsenault said, Microsoft had seen a shift away from the “spray and pray” approach to security and toward better detection and response, fueled by threat intelligence. The need for data has only intensified.

“What I know about artificial intelligence and machine learning is the accuracy of those things is very highly correlated to the amount of the data you have,” he explained. However, while the size of the dataset certainly matters – Microsoft’s data repositories more than double each year, he noted – even more important is the information’s quality.

Data Diversity vs. Inclusion

“A diverse workforce creates better products,” said Arsenault. “Diversity of data is equally, if not more important than the amount of data.”

Some companies mostly handle a single data type; he pointed to telecom companies, which primarily handle network traffic, as an example. Microsoft, with a large and varied portfolio of products and services, collects network data, device data, and identity data, Arsenault noted. The company has data on the one billion machines it updates each month. It gathers cloud data, which is pulled from Azure business services and varies across industries.

Yet it’s not enough to only be diverse, Arsenault pointed out. Having a rich set of data means little without inclusion, or putting it to practical use. “Diversity is interesting, but inclusion has created a whole new priority,” he added. Businesses often place more emphasis on diversity of data than inclusion.

Looking ahead, Arsenault touched on an idea that was top of mind for many security pros during RSA: the rise of cloud and disbanding of the traditional perimeter. As we operate in a client-to-cloud world, the idea of the network as a control point has eviscerated in its effectiveness, he explained. Now the most effective control point is users’ identities.

“You have to go really hardcore at the device piece, because the network is dissolving,” he said. One of Arsenault’s priorities is to eliminate passwords within Microsoft, where in the past year 66% of users log into Windows Hello for Business with biometrics or PIN. Employees are encouraged to shift away from passwords, which they are only required to change once a year.

Related Content:

• Securing Social Media: National Safety, Privacy Concerns
• First Public Demo of Data Breach via IoT Hack Comes to RSAC
• Microsoft to Roll Out Azure Sphere for IoT Security
• DHS Helps Shop Android IPS Prototype

Join Dark Reading LIVE for an intensive Security Pro Summit at Interop IT X and learn from the industry’s most knowledgeable IT security experts. Check out the agenda here.Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/microsoft-ciso-talks-threat-intel-data-inclusion/d/d-id/1331606?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

US social network data aggregator LocalBlox has been caught leaving its AWS bucket of 48 million records – harvested in part from public Facebook, LinkedIn and Twitter profiles – available to be viewed by anyone who stopped by.

Security biz Upguard wandered by on February 18, and found the publicly accessible files in a misconfigured AWS S3 storage bucket located at the subdomain “lbdumps.” There’s no evidence that anyone else stopped by for a peek, but it’s possible.

We’re told the S3 bucket contained a single 151.3GB compressed representation of a 1.2TB ndjson (newline-delineated JSON) file. The database describes “tens of millions of individuals,” we’re told.

Upguard, in a blog post on Wednesday, said it informed LocalBlox on February 28, and the bucket was secured later that day.

Poorly configured AWS S3 buckets have been an source of shame for Amazon Web Services and its users. Last year, the cloud platform giant introduced a tool to warn customers about insecure storage setups and earlier this year made the business version of the tool free, to avoid embarrassment by association.

Still, the problem persists and the forecast continues to look bleak. Last year, Gartner research VP said Jay Heiser predicted that through 2020, “95 percent of cloud security failures will be the customer’s fault.”

According to Upguard, the data profiles appear to have been collected from multiple sources. They include names, street addresses, dates of birth, job histories scaped from LinkedIn, public Facebook profiles, Twitter handles, and Zillow real estate data, all linked by IP addresses.

Some of the data, the security company suggests, appears to have come from purchased databases and payday loan operators. Other data points – associated with queries like pictures, skills, lastUpdated, companies, currentJob, familyAdditionalDetails, Favorites, mergedIdentities, and allSentences – appear to have been scraped through searches of Facebook.

LocalBlox has posted samples of its data profiles on its website.

“The presence of scraped data from social media sites like Facebook also highlights an important fact: all too often, data held by widely used websites can be targeted by unknown third parties seeking to monetize this information,” Upguard said.

Facebook CEO Mark Zuckerberg recently acknowledged “we believe most people on Facebook could have had their public profile scraped” by “malicious actors.”

Zuckerberg, testifying before Congress in the wake of the Cambridge Analytica scandal, insisted Facebook users have control over their data. From this case it looks more like no one has much control over it.

LocalBlox did not immediately respond to a request for comment. ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/04/19/48_million_personal_profiles_left_exposed_by_data_firm_localblox/

The Canadian hacker who helped Russian agents by breaking into more than 11,000 Yahoo email accounts could spend the next eight years behind bars, if American prosecutors get their way.

The case against Karim Baratov entered its sentencing phase this week as both sides submitted to a California federal district judge their proposals for how long the hacker will remain on ice. He was convicted last year on one count of conspiracy to commit computer fraud and eight counts of aggravated identity theft.

The defense, understandably, is seeking a much shorter term of 45 months.

Last year, Baratov plead guilty to the nine counts after prosecutors showed how, between 2010 and 2017, he compromised and re-sold credentials for more than 11,000 email accounts. Among the buyers were representatives of Russia’s FSB, who requested at least 80 specific accounts be hacked (Baratov has claimed he did not know his customers were FSB at the time).

Prosecutors argue that Baratov should receive a term of seven years and 10 months, citing the lavish lifestyle he flaunted online with the money he made hacking accounts.

Russian! spies! ‘brains! behind!‘ Yahoo! mega-hack! – four! charged!

READ MORE

“This is not a case of a teenager making an isolated mistake on the Internet out of curiosity. Rather, this is a case of the defendant making a profession out of breaking into the private lives of thousands of victims,” the prosecutors say in their proposal [PDF].

“The defendant setup, operated, and grew a criminal hacker-for-hire business that gave his customers the ability (and provided a layer of concealment for their identities) to commit a whole spectrum of additional crimes (e.g. against the victims’ dignity, finances, safety, privacy, or other interests).”

Baratov’s team, meanwhile, contends this was his first run-in with the law and he was in his teens for much of the alleged activity

“The Extenuating circumstances in the instant matter are plentiful. This is Mr Baratov’s first arrest. Additionally, Mr Baratov was under the age of 22 during the majority of the time that he hacked email accounts,” they argue [PDF].

“No prior contact with law enforcement combined with Mr Baratov’s young age weigh heavily in favor of a low culpability calculation.”

The defense is also raising the issue of jurisdiction. They claim that while he is charged for hacking targets within the US, most of his activity was against accounts located in Russia and hosted by foreign companies such as Yandex, meaning many of his crimes occurred outside of American jurisdiction.

Baratov is set to be sentenced by Judge Vince Chhabria on April 24. ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/04/19/yahoo_email_hacker_karim_baratov_sentence/

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products.

Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most of the Spectre/Meltdown processor design bugs in its products back in January. This update applies further fixes for Solaris versions 10 and 11.3.

Java was on the receiving end of patches for 14 CVE-listed vulnerabilities, including 12 that are remotely exploitable without user notification. Three of the flaws, CVE-2018-2825, CVE-2018-2826, and CVE-2018-2814 would allow either Applet or Java Web Start apps to either crash or take over Java SE.

Flash! Ah-ahhh! WebEx pwned for all of us!

READ MORE

Fusion Middleware got fixes for 39 bugs, including 30 that can be exploited remotely. These include CVE-2017-5645, a particularly nasty remote takeover flaw in several Fusion Middleware applications that can be exploited over an HTTP connection.

For Oracle’s MySQL, the update will see 33 patches for various flaws, two (CVE-2018-2761, CVE-2017-3737) of which are remotely exploitable. Oracle Database, meanwhile, will only need two patches: one for a JavaVM bug (CVE-2018-2841), and one for Oracle GoldenGate (CVE-2018-2832).

E-Business Suite will get 12 fixes, 11 for CVE-listed vulnerabilities that can be remotely exploited. Two of those, CVE-2018-2870 and CVE-2018-2871, are particularly nasty bugs that allow for what Oracle describes as “unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data.”

Oracle Financial Services Applications will get 36 vulnerabilities patched, 18 of those being remotely exploitable flaws. Peoplesoft received 12 fixes, including 8 that can be remotely exploited.

The enterprise software giant is advising admins to check their products for the patches and, if needed, test and install them as soon as possible. ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/04/19/oracle_whips_out_the_swatter_squishes_254_security_bugs/

To confidently validate the identity of mobile users without adding business-killing friction to login and on-boarding processes, Lea Tarnowski and Wendell Brown of Averon suggest leveraging the intelligence mobile carriers already have about their customers.

Article source: https://www.darkreading.com/using-carrier-intelligence-to-validate-mobile-user-identity/v/d-id/1331595?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Network Computing
Darkreading

SecurityFirst CEO Jim Varner explains how resellers and MSPs can work with their clients to ensure that all of their business-critical data everywhere can be kept safe from attackers and readily available for disaster recovery – even as threats intensify and digital assets are dispersed across multiple clouds.

‘);
}

‘);
}

Comments

Live Events

Webinars

More UBM Tech
Live Events

0 Comments

0 Comments

0 Comments

0 Comments

0 Comments

0 Comments

0 Comments

0 Comments

0 Comments

0 Comments

0 Comments

0 Comments

Cartoon

Latest Comment: Ed didn’t even bother – after all, it was only a 1000 bolivar note.

How to Cope with the IT Security Skills ShortageMost enterprises don’t have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.

Reports

[Strategic Security Report] Navigating the Threat Intelligence Maze

Most enterprises are using threat intel services, but many are still figuring out how to use the data they’re collecting. In this Dark Reading survey we give you a look at what they’re doing today – and where they hope to go.

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2017-0290Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within …

CVE-2016-10369Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version…

CVE-2016-8209Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

googletag.display(‘div-gpt-ad-961777897907396673-15’);

[close this box]
• Tweet This
• [close this box]



Article source: https://www.darkreading.com/protecting-data-anywhere-and-everywhere/v/d-id/1331599?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Given intensifying threats and limited infosec budgets, Endgame CTO Jamie Butler suggests that security leaders deploy tools that leverage machine learning, chatbots, and other technologies to make Tier 1/Tier 2 staff much more effective at stopping even relatively sophisticated attacks.

Article source: https://www.darkreading.com/addressing-the-skills-shortfall-on-your-infosec-team/v/d-id/1331600?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple