🚀Join us this week in the FREE Webinars and explore the fields of tech!You will find the answers to all your questions at our webinars.

▶️ April 18, 11 AM PT — Most In-Demand IT Jobs 2022: Become a Software Tester
▶️ April 19, 11 AM PT — Career in Tech from Scratch: Become a QA Engineer
▶️ April 19, 1 PM PT — Your First Remote Job in Tech Sales with Zero Experience
▶️ April 21, 11 AM PT — Most In-Demand IT Jobs 2022: Become a Software Tester
▶️ April 25 — Manual QA course. First free lesson!
▶️ April 25 — Tech Sales course. First free lesson!
▶️ April 25 — Systems Engineer course. First free lesson!

Special offer for all participants!

https://crst.co/6WZ9e

Guest Contributor

Cybersecurity and what it means to the food safety professional
April 14, 2022 by Guest Contributor
In 2021 the United States of America experienced cybersecurity ransomware attacks on industry i.e., the Colonial Oil Company and Pilgrim’s Pride of JBS. Does your IT department and top management have your critical food safety and supply data protected from hacking?  The 2022 Food Safety Summit will provide the latest input from some of the leading experts of the federal government, the cybersecurity industry, and universities to define threats and preventive controls.  
Frank Cilluffo, Director of the McCrary Institute at Auburn University, will provide a real world characterization on the cyber threat for the U.S. and its relevance to the food industry. Food and agriculture are critical infrastructures and are responsible not only for the food supply, but also for the production and distribution of non-food farm products such as fiber, oils, and services such as watershed protection, as well as the production of animal feed.  Both sectors have consolidated over the past two decades. The food chain is highly complex and must therefore continually guard against cascading effects, which can cause disruptions to cross interlocking support critical infrastructures, such as the power grid and water/sewage. In this way, a cyber-event can rapidly become a power grid event, which in turn rapidly becomes a food systems and water event — all at the speed of electrons across the cyber web.
As the food and sgriculture sectors become more digitally connected and automated, new sources and types of evolving threats are sure to occur.  Our nation’s adversaries are increasingly more sophisticated. Of particular concern are the kinds of threats that can be brought to bear by malevolent actors, below the threshold of actual warfare. Food and agriculture sectors need to become both more vigilant and self-reliant. Recent ransomware and other types of cyberattacks have made clear that our nation’s adversaries consider the food and agriculture sectors as a target of opportunity for exploitation. Food safety, food defense and cyber security are now inextricably intertwined and will have to be dealt with comprehensively through robust planning and resilient operations.  In this way our food supply can continue to remain the safest, most diverse, and abundant food supply possible.
Joshua Corman, former Chief Strategist for the CISA COVID Task Force, Cybersecurity, and Infrastructure Security Agency (CISA) Department of Homeland Security, will address “Cybersecurity and the risk it presents to the food industry, especially regarding food safety.” During the past 18 months, we’ve seen successful hacking compromises of: the water we drink, the food we put on our tables, the oil and gas that fuels our cars and our homes and the timely availability of patient care — during a pandemic.  He will review recent cybersecurity exposures and compromises to the sector — including food safety, supply chains, agri-tech, manufacturing, water, and other critical dependencies to the nation’s food supply. We will also discuss some recent and upcoming legislation, regulations, and standards — so that this community is best prepared to understand and integrate some uncomfortable truths. Since so many in this sector are “Target Rich; Cyber Poor,” he will also outline the free and/or tax-payer-funded services and publications regarding pragmatic starting points — to meet you where you are and help you to identify and buy down risk.
Dr. John Spink, Director and Assistant Professor at Michigan State University, will provide an overview of the cybersecurity threat and current ISO 22000 standards. In 2018 the ISO 22000 standard was updated to acknowledge “external issues” including “cybersecurity and food fraud.” But what is cybersecurity?  Why is cybersecurity included in the same concept as food fraud? Do they intend to present two separate topics of cybersecurity and food fraud or both together in cybersecurity and food fraud? Does it matter? The ISO 22000 direction builds upon ISO 28000 Supply Chain Security, ISO 27000 Information Security and the specifically ISO 27032 Cybersecurity.  
Craig Henry, Food Safety Consultant for Intro Inc., will moderate the two-part workshop on May 10 at the Food Safety Summit taking place at the Donald E. Stephens Convention Center in Rosemont, IL. The first part of the workshop is set for 12:30 p.m. – 2:30 p.m. with presentations from the various speakers.  The second part of the session is set for 3 p.m. – 5 p.m. with a question and answer session with the full panel of cybersecurity experts.  For more information, visit http://www.foodsafetysummit.com. 
(To sign up for a free subscription to Food Safety News, click here)

This Cybersecurity Startup Aimed At Taking Down VPNs Is Now Worth $400 MillionTwingate’s founding team are (from left): Alex Marshall, chief product officer; CEO Tony Huie; and … [+] Lior Rozner, chief technology officer.TwingateIn the eyes of Twingate CEO Tony Huie, only one company in the world has successfully implemented the cybersecurity approach of the future: Google. After a series of cyberattacks by Chinese hackers in 2009, the tech giant built from scratch a “zero trust” security system. Instead of giving users access to Google’s internal services based on the network—in some cases, a virtual private network, or VPN—to which they connected, the approach authenticates users’ identities and devices.Twingate hopes to help more companies follow Google’s path, and the rise of remote work has offered early promise to its idea. On Thursday, the Redwood City, California-based startup announced a $42 million raise led by Bond Capital that valued it at $400 million. The Series B round includes participation from existing backers 8VC, SignalFire and Jeffrey Katzenberg’s WndrCo, which together incubated the startup three years ago. Bond’s Jay Simons becomes a board observer; but the company’s board remains limited to two seats: Huie and WndrCo managing partner Sujay Jaswa. “I think about it as keeping it tight and nimble, particularly for like a company of our stage. Board construction is something you build over time,” Huie says.Zero trust has a simple premise, says Huie: “Should this user, on this device, with this context about them, be able to access whatever they’re trying to access?” When he and cofounders Alex Marshall and Lior Rozner were brainstorming the company in 2019, the concept had already been around for decades. Hundreds of IT and security experts they spoke to were largely in agreement that this was the future of cybersecurity. But building the tech to support the concept is easier said than done. “Google spent four years and, by my estimation, probably hundreds of millions of dollars to build an internal solution,” Huie says.Twingate offers the first steps to help companies set up a “zero trust” system, foremost by removing the need for users to connect to VPNs. Instead, the software checks for the identity of a user based on markers—for example, the device being used, IP address and location—and integrations with verification apps like Okta and OneLogin. “The predominant way companies have thought about securing themselves is to assume everyone’s in an office and invest in infrastructure to make the office environment bulletproof,” Huie says. VPNs did not figure heavily into that thinking, but a shift to remote work has necessitated more employees connecting to their company’s network from home, making the user experience clunkier—and increasingly prone to cyberattacks.The product originally launched in October 2020, around the time Twingate raised its last funding round, and demand has continued to increase, Huie says. Neither Huie nor his investors would share the startup’s revenue, but Katzenberg said it was growing at a “very, very strong trajectory” after having amassed about 250 customers in its first year of business. “The launch has been around small and medium businesses,” Katzenberg says. “We’ve got a handful of customers that are enterprise scale, but we haven’t gone yet to the world of companies with multiple tens of thousands of users.” Customers include tech companies like Cameo and Blend, but also Hollywood studio Miramax and a number of city governments, Huie says.MORE FOR YOUCanva Raises At $40 Billion Valuation — Its Founders Are Pledging Away Most Of Their WealthCanvas Raises $50 Million To Make It Easier For Companies To Hire Diverse TalentStartup Near Space Labs Raises $13 Million To Launch More Mapping Balloons Into The Stratosphere“I think a company like Twingate is eventually going to win the Facebooks and Atlassians and Microsofts because there should be a technology that does more simply and elegantly what even the most sophisticated companies are trying to do on their own,” says Simons, who was president of Atlassian before he joined Bond. To get there, Huie thinks the path forward is to continue to concentrate on product development. He’s optimistic that Twingate has an added appeal to customers by combining security with the “product and design DNA” that he and cofounder Marshall picked up from working at Dropbox. “Product-led growth has not manifested in security,” he says. “My view is this industry needs as much of that approach as any software category.”One of Huie’s top priorities with the product is to build out Twingate’s automated controls—for example, an IT administrator can limit access to an app like Elastic to a certain set of users or specific time of day. By unifying these parameters in Twingate, Huie hopes that in the long term, his company’s “zero trust” approach can introduce more user-oriented security measures. “You can actually go think about things like getting rid of passwords because you’ve got all these other factors that suddenly become much more secure than relying on a password,” he says.

Five Key Cybersecurity Preparedness Actions in Response to White House WarningsRecently released cybersecurity advisories have been warning of the increasing cybersecurity threats to all organizations regardless of size. Last month, the White House echoed those sentiments and released a statement about the potential impact to Western companies from Russian Government-linked threat actors. The Cybersecurity & Infrastructure Security Agency (CISA) added to the President’s statement saying that “we should consider every sector vulnerable”, and recommends all organizations adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.Given this increased risk and potential impact, the CompliancePoint Cyber Security Team recommends that the following items be verified and actions taken, if needed, to increase your organization’s cybersecurity readiness and awareness.1. Review and test your cyber incident response plan. Ensure the crisis response teams are updated with main points of contact for a suspected cybersecurity incident and that roles/responsibilities within the organization, including technology, communications, legal and business continuity are clearly defined.2. Verify access controls and environments are in place to protect your most valuable data. This should include enabling alternative access methods to these environments, including multi-factor authentication solutions.3. Review your Log retention policy. Secured offline log data is one of your most important tools for detecting both attacks and analyzing the level of compromise in the event of an attack. This does not only include typical system logs but also DNS logs, user command line logs and application logs.4. Verify and test long-term and short-term backups. While short-term backups have always been accepted as a means to recover systems, companies should also be looking at long-term backups of their sensitive systems if the short-term backups are compromised. Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyber attack.5. Increase employee security awareness. Well-trained staff and employees are the most effective defense mechanisms against a cyber breach. Communicate with your employees to increase their security awareness and reinforce the escalation paths should an issue arise.In our experience responding to cyber incidents, we have found a direct correlation between the time it takes to react to an attack and the cost associated with recovering from one. By implementing the measures covered above, you will increase your organization’s ability to respond to a cybersecurity incident swiftly and efficiently.

Design a site like this with WordPress.com
Get started