Cyber News Roundup: Cybersecurity talent runs deep in Portland

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Portland continues to be a hotbed of talent for the cybersecurity market. Companies like PKI Solutions and Galois are well known throughout the cybersecurity industry for their innovative solutions and call the Rose City home. You can add Twistlock to the mix. Earlier this year, the company moved its headquarters from San Francisco to Portland to tap into the growing talent base of cybersecurity experts in the area. This week the company announced a round of new investment to the tune of $33 million dollars led by Iconiq Capital.

According to TechTribune, “Twistlock is the leading provider of container and cloud native cybersecurity solutions for the modern enterprise. From precise, actionable vulnerability management to automatically deployed runtime protection and firewalls, Twistlock protects applications across the development lifecycle and into production. Purpose built for containers, serverless, and other leading technologies – Twistlock gives developers the speed they want, and CISOs the control they need.”

As the Oregonian noted, the new round of funding adds to the recent uptick in funding for Oregon companies. In the past few months Puppet raised $42 million, RFPIO raised $25 million, Bumped raised $14.1 million, real estate crowdfunding site CrowdStreet raised $8 million, and Jama Software sold an unspecified stake in the company for $200 million.

The company was founded three years ago and, with the move to Portland, it now has offices in San Francisco, New York and Israel. The new office is the former office of Puppet, formerly Puppet Labs.

Be prepared

You may recognize that simple, short phrase because it’s the motto of the Boy Scouts. For cybersecurity professionals, it’s something they live every day.

Everyone remembers when they were in school that a few times a year there would be a fire drill or, if you grew up in California, an earthquake drill. Every company should have a plan of attack when it comes to cybersecurity.

CSO Magazine’s How to make cybersecurity incidents hurt less suggests that companies should regularly run tabletop exercises which involve addressing a hypothetical cybersecurity breach and working as a team to find a solution to patch the breach and minimize or even prevent damage. These exercises “are a useful way to gauge how effective a company’s current security strategy currently is and help them determine how they can achieve their short-term, medium-term, and long-term security goals.”

Getting the security team involved in tabletop drills is important since it helps provide an overarching view of a company’s entire security setup. Four steps are recommended:

  1. See the attack
  2. Correlate the attack
  3. Stop the attack
  4. Remediate the attack

In addition, it’s recommended that teams run penetration tests which involves hiring a hacker to try to break into your company’s systems. This helps expose weak points in your network that you might not otherwise realize are vulnerable.

Just the fax, ma’am

It seems like every few months we hear about a security breach that scares us to death. Whether its Target or Experian, most people see these breaches as a result of clever sleuthing by highly skilled hackers who can penetrate advanced security systems. However, as a recent article in Fortune noted, it may be a lot easier for hackers to break into corporate systems than you think.

“Using only a phone line and fax machine, researchers at Check Point Research were able to gain access to every computer connected to a Hewlett Packard all-in-one printer. They sent a fax of malicious code disguised as an image file to the printer, which then stored the file, allowing researchers access to the entire network.”

Fortunately, HP did fix their all-in-one printers, but similar types of faxes to other vendor’s printers may still suffer from the same issue.

Cyber Oregon partner blog post of interest