Cybersecurity Awareness Month '24 Sunsets, While Cyber Threats Continue to Rise
In this edition of Cyderes Intel, we’re arming you with the biggest takeaways from Cybersecurity Awareness Month 2024, and how to continue to maintain your organization's cybersecurity posture.
Rethinking Security Awareness Training: Beyond the Basics
Generic Cybersecurity Awareness Training is No Longer Sufficient
Article contributed by Mark Watkinson
Security in our digital world is changing as businesses evolve. The way we access and use technology is completely different than it was just five years ago, and it's not IT driving the change, it's the business itself.
Gartner? report that by 2025, 75% of employees will be accessing, changing, or making technology often without IT knowing, up from 41% in 2022. This means IT and cybersecurity teams are losing control over what technology is being used.
Giving away control or democratizing technology is great for business agility and progress, however, we must ensure we can guide and support this safely.
Cybersecurity often feels like a roadblock for users instead of a way to stay safe. Boring awareness programs that focus on compliance tick boxes are seen as a hassle.
Organizations must adopt a more comprehensive approach that recognizes the unique needs and challenges of their users. Effective security training should not only inform but also empower individuals to make secure choices in their daily activities.
Missed the NIS2 Compliance Deadline?
Protect Your Organization and Achieve NIS2 Compliance
The NIS2 Directive is transforming the cybersecurity landscape, placing greater emphasis on executive management and risk management.
At Cyderes, we understand the challenges you face and are here to ensure your organization meets the directive’s stringent requirements seamlessly.
Market Recommendations for Selecting a DFIR Partner
Gain insights to understand the DFIR market, evaluate trends, refine requirements, identify market players, and choose the best partner for your organization.
Delays in response to cybersecurity incidents - from malicious software, compromised identities, or compromised systems - can mean intolerable damage to finances, systems, operations, and even corporate reputations. The details of each response in each environment are unique; there is no one-size-fits-all approach.??
领英推荐
Organizations make significant investments in cybersecurity tools, platforms and vendors to defend their perimeter. But cyber professionals, C-suite executives and boards also know they need to be prepared, night and day, for the possibility of a successful cyber-attack.
The difference maker in those moments of crisis is timely, rigorous and strategic Incident Response (IR). This is why choosing the service provider or vendor is extremely crucial as that will greatly determine whether an organization survives a crisis or is thrown off the deep end.?
Gartner? has put together a Market Guide for Digital Forensics and Incident Response Retainer Services, which provides insights that’ll help SRM leaders understand the DFIR market, evaluate trends, refine requirements and identify market players, making it easier to choose the best partners for their organization.?
SOC Convos: U.S. Joins International Action Against Infostealers
RedLine and META Infostealers stole information from millions of victims around the world; U.S. complaint charges developer and administrator; U.S. law enforcement seizes infrastructure.
The Department of Justice, alongside international partners from the Netherlands, Belgium, and Eurojust, have disrupted RedLine and META Infostealer, two highly prevalent infostealers responsible for targeting millions of computers worldwide.
This coordinated effort, known as Operation Magnus, led by the Joint Cybercrime Action Taskforce (JCAT) and supported by Europol, involved seizing domains, servers, and Telegram accounts associated with the malware operators.
Aimed at stealing sensitive information like usernames, passwords, financial details, and authentication cookies, RedLine and META are part of a decentralized Malware as a Service (MaaS) model that enables affiliates to buy and deploy the malware in their campaigns.
Infostealers, such as RedLine and META, use phishing, malvertising, fraudulent software downloads, and malware sideloading for distribution, often relying on themes like COVID-19 or fake Windows updates.
The malware is marketed and sold on cybercrime forums and Telegram channels, where customers receive updates and support. Data collected from infected devices includes millions of credentials, financial information, and cryptocurrency addresses, though not all stolen data has been recovered.
Additionally, U.S. authorities have unsealed charges against Maxim Rudometov, identified as a key developer and administrator of RedLine, charging him with fraud, conspiracy, and money laundering.
Thank you for being part of our cybersecurity community!
Please leave your comments and share this knowledge with your network.
Together, we can stay one step ahead of the cyber threats we all face.?
To our secure future,??
The Cyderes Team?