Cybersecurity Chronicles | December 11, 2023
Week in Headlines
COMPLIANCE - Evidence Handling Guide to Delay SEC Reporting
The FBI’s Handbook of Forensic Services outlines safe, efficient methods for collecting, preserving, packaging, and shipping evidence, and details forensic examinations performed by the FBI’s Laboratory Division.
VULNERABILITIES - Log4J, A Lingering Cybersecurity Threat
The Log4j vulnerability continues to pose threats as exploitation attempts remain high. Despite new fixes, its long-term effects are just beginning to unfold.
TRANSPORTATION - Transit System Under Cyber Siege
The Central Virginia Transit System has been hit by a cyberattack, disrupting operations and raising concerns about data security.
GOVERNMENT - Fed Agencies Breached Via Adobe Exploit
Hackers have exploited a vulnerability in Adobe ColdFusion to breach US government agencies, raising serious cybersecurity concerns.
INTERNET - Former Security Chief Raises Alarm
Former Twitter security chief, Peiter Zatko, alleges major security deficiencies at Twitter, threatening user privacy and national security.
PHISHING - New Russian Cyber Actor Unmasked
The UK’s NCSC reveals Star Blizzard , a Russian cyber actor linked to the FSB, is behind spear-phishing attacks worldwide. The advisory provides insights into the Snake malware used and offers mitigation strategies.
HEALTHCARE - Proposed New Cyber Requirements for Hospitals
The United States Department of Health and Human Services (HHS) has proposed new cybersecurity requirements for hospitals, aiming to enhance data security and patient safety amid rising cyber threats.
Insights & Expert Perspectives
RISK MANAGEMENT - SMBs Under Siege: Rise in Malware-Free Attacks and BEC Scams
Huntress’ SMB Threat Report examines the cyber threats facing Small and Medium-sized Businesses (SMBs). The report reveals that 56% of incidents are effectively “malware-free,” indicating a shift in adversary tactics.? Evidence of the dynamic nature of cyber risk and the need for an adaptive cyber posture for not just large enterprises any longer.
The report also shows that a substantial 65% of incidents involve threat actors exploiting Remote Monitoring and Management (RMM) software. Interestingly, a majority of 60% of ransomware incidents are from unknown or “defunct” strains (defunct strains would be considered "classics" if it were music or a car).
This report offers important insights into the trends, patterns, and behaviors of attackers and how they are specifically tailored to SMBs due to a lack of preparedness, or resource allocation to defend themselves.
Insights: As a business leader, you are constantly looking at ways to adjust your business strategy as it relates to management decisions and operational practices.? This report provides more evidence that organizations of all sizes, but SMBs in particular need to move to (or elevate) a holistic approach to cyber risk and integrate with enterprise risk management to be able to defend against and react to cyber-related threats.
Human error continues to be the leading genesis of cyber risk, and email continues to be a weakness for all companies.? That weakness makes it an effective method for attackers to gain access to your data.? We always insist on clients implementing continuous security awareness and education programs as it is a low cost as a first line of defense.
Finally, continuously audit and improve deficiencies found in your security by monitoring and measuring activities in your network.? If you have a trending analysis with this monitoring, you can visually see the improvements over time as evidence.? This will also validate your investments and you can measure your ROI.
COMPLIANCE - The Ultimate Insider Guide To Navigating The New SEC Cyber Rules
In this previously recorded LinkedIn Live Event, Stanley Li and special guest expert Alex Sharpe shared ideas, tips, and tricks to efficiently navigate the new SEC Cyber Rules due to start enforcement in December 2023.
Discover how these changes will impact your roles and next moves, including:
领英推荐
Learn how Alex is advising his clients to rise to this challenge as he shares his 20+ years of experience in the field.
RESILIENCE - Malicious Cyber Activity Against Operational Technology (OT): What You Can Do Today
Alex Sharpe writes about the rise in malicious cyber operations from the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) following armed incursions into Israel by Hamas. The IRGC is targeting organizations using components manufactured by Israeli companies, particularly those using Unitronic’s Vision Series programmable logic controllers (PLCs). The article emphasizes the real-world impact of cyber incidents, such as disruptions in water supply, which can render other sectors ineffective. It also mentions the National Cyber Security Strategy released by the Office of the National Cyber Director, which aims to shift responsibility to product vendors.
INSIGHTS: As the cyber landscape evolves, and with it, the nature of threats we face. If you’re a leader for your organization, you should be looking to how your company can become adaptive in its cyber resilience. These 3 things you can do that are in line with Alex's article: ?
Remember, cybersecurity is not just about protecting information - it’s about safeguarding your way of life.
Ways We Can Help You
Elevate Your Cyber Risk Cognizance
Get a Fast and Comprehensive Risk Assessment
Our fully automated Security And Risk Assessment (SARA) performs as an auditor to provide an unbiased audit of your technical and risk controls.
Contact Netswitch for more info.
Attend a LinkedIn Live Event
We host regular LinkedIn Live Events to provide insights to elevate your cognizance.
Our intent is to facilitate communication and collaboration among stakeholders - Business Executives, Technologists, and Governors – to achieve alignment of technical controls to meet GRC objectives and improve processes to meet both.
Keep up to date about future events by following Netswitch.
Signup for Our "Quick Start" Pilot Program
Know your risk level in cybersecurity and governance at NO COST.
To find out more just contact Netswitch on LinkedIn for more info. and we'll get a Demo Scheduled
Join Our CyberRisk Governance Group
Consider joining risk professional peers in the fast-growing LinkedIn group specifically about CyberRisk Governance.
The aim of the group is to help technologists, risk & compliance managers, and business leaders better manage their CyberRisk.
Would you like to join us?
Here's the link: https://www.dhirubhai.net/groups/13991569
DISCLAIMER: Any articles, information, or links are provided by Netswitch for reference only. While we strive to keep the information and links correct and safe, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, or related graphics contained on the destination website. Any reliance you place on such information is therefore strictly at your own risk.