Cyber Risk Governance Insights | September 23, 2024
WEEK IN HEADLINES
CRITICAL INFRASTRUCTURE - Workers Offered Dream Jobs
North Korean cyberespionage group UNC2970 has been using fake job offers to lure employees in critical infrastructure sectors. The goal is to deliver malware and gain access to sensitive systems, posing significant risks to national security.
INSIGHT:?The most cost-effective way to protect your organization from cyber threats is through Security Awareness Education (SAE). Educating employees about cyber risks, similar to workplace safety hazards, reduces their likelihood of becoming a digital risk.
NATIONAL SECURITY - Country Warns Citizens Amid Rising Tensions
China has urged its citizens to be vigilant against cyberattacks allegedly originating from Taiwan. This call to action comes amid increasing geopolitical tensions between the two regions. The Chinese government emphasizes the importance of cybersecurity awareness and proactive measures to safeguard personal and national data.
INSIGHT: By implementing Zero Trust Architecture (ZTA) you could significantly enhance your security threats like these, and while ZTA can be a large undertaking, involving substantial resources; the benefits would create a more resilient defense against unauthorized access and lateral movement within the network.
CONSTRUCTION - Firms Exposed to Threat From Industry Software
A significant vulnerability in Foundation Software’s accounting platform has put numerous construction firms at risk. The flaw allows attackers to exploit the system, potentially leading to data breaches and financial losses. Immediate action is required to patch the software and secure sensitive information.
INSIGHT: First of all, install the patches that were released. Now, while this is a Software Security issue and the responsibility of the developer through better security audits of itself, there are things you can do to reduce your risk from this and other software you rely upon - has your organization done a Business Impact Analysis (BIA)?? Does it have a Incident Response (IR) Plan?? Have you tested your backups and Continuity Plans?? If not, consider doing so, these are things that should be done and can be without a lot of outside consulting, as you are the experts of your organization and how it operates.
EDUCATION - Calculators Needed to Add Up Skyrocketing Costs of Ransomware
A recent report finds a rapidly rising cost associated with ransomware attacks for educational institutions. The average expense of addressing these attacks has surged, emphasizing the need for robust cybersecurity measures in schools to protect sensitive data and minimize financial losses.
INSIGHT: Have a better backup plan.? Regularly backing up data and storing it offline, you can ensure you have secure copies of your data. This allows for quick recovery in the event of a ransomware attack, without needing to pay a ransom, thereby minimizing financial and operational impacts.? Get back to work, and deal with the theft later.
SOCIAL MEDIA - Grieving Families Exploited Via Facebook
Scammers are creating fake Facebook groups that offer live streaming of funeral services, tricking grieving families and friends into providing credit card information. These fraudulent groups exploit the emotional vulnerability of users, highlighting the need for stronger security measures on social media platforms.
INSIGHT: For users, a reminder… Not everything on the interweb is real or true.? As for FB, improve you verification of group admins, FB can also review sensitive content more thoroughly, and improve user reporting tools.
GOOD NEWS - ‘Ghost’ Encrypted Messaging Platform Shutdown
Europol, in collaboration with law enforcement from nine countries, successfully dismantled the “Ghost” encrypted messaging platform, which was widely used by organized crime groups for activities such as drug trafficking and money laundering. This takedown marks a significant victory in the fight against cybercrime and organized criminal networks.
?
INSIGHTS & EXPERT PERSPECTIVES
The Cyber Resilience Blueprint: 5 Lessons Shared
Stanley Li and Sean Mahoney were recently privileged to have hosted Steven-Paul Walker MBA, CISA, CGEIT, CICA to discuss how the recent Patelco Credit Union cyber-attack provides lessons for other financial institutions and how they can extract crucial lessons to fortify your organization's cyber resilience.?
Drawing from his extensive background in operational risk, internal controls, and payment system platforms, Steve provided actionable insights for financial institutions of all sizes.? He also shared his expertise on cyber resilience in the financial services industry. The conversation covered the importance of business impact analysis, risk assessment, and the challenges of justifying cybersecurity investments to C-suite executives and board members. Walker emphasized the need for formalization in risk management processes and highlights the benefits of the OCC's regulatory approach for credit unions. The discussion also touched on emerging technologies and their potential impact on financial institutions' risk profiles and profitability.?
Takeaways:
If your interested accessing more insights to elevate your cyber resilience, please join the Cyber Risk Governance Community
Risk Management - REDUCTION
CISA: Infrastructure Plagued by Low Hanging Fruit Vulnerabilities
A recent Cybersecurity and Infrastructure Security Agency (CISA) report reveals that critical infrastructure sectors are plagued by basic cybersecurity lapses, such as phishing and default passwords. These vulnerabilities make it easy for threat actors, including those linked to China, to infiltrate networks. The report emphasizes the urgent need for improved cybersecurity practices to protect vital systems.
The report find common cybersecurity lapses, such as phishing and the use of default passwords, have left critical infrastructure sectors vulnerable to attacks by global threat actors.
Key Highlights:
Sector-Wide Trends: similar weaknesses are prevalent across various critical infrastructure sectors, suggesting a need for industry-wide improvements in cybersecurity practices.
Common Vulnerabilities: many critical infrastructure sectors share common vulnerabilities, such as phishing, valid accounts, and default credentials.
Attack Path Analysis: CISA provides a detailed analysis of a sample attack path, showing how cyber threat actors can exploit these vulnerabilities to compromise systems.
Mitigation Recommendations: The report emphasizes the importance of implementing secure-by-design principles and addressing misconfigurations to enhance security.
Actionable Remediation: CISA offers prioritized remediation recommendations based on the risk of compromise, helping organizations to focus on the most critical vulnerabilities.
INSIGHT: Focus on the following, so any organizations - even yours - can significantly bolster your cybersecurity defenses.
By focusing on these three actions, you can significantly improve your cybersecurity defenses and your overall cyber resilience, making you a better company and safer vendor and/or customer.
Netswitch Sharpen Your Cyber Edge with Netswitch
Master Compliance & Minimize Risks:
Deepen Your Knowledge:
Don't wait.
Contact Netswitch Technology Management today to take control of your cyber risk.
?Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.
Advisor | Guide | Storyteller
2 个月The job opportunities in critical infrastructure could be a game changer for many.