Cybersecurity Chronicles | July 14 2023
Netswitch Technology Management
Empowering cyber resilience with AI speed and precision. Netswitch: Real-time security insights and measurable ROI.
HEADLINES OF THE WEEK
HEALTHCARE?- Hackers Stole Data on 11 M Patients?
HCA Healthcare, Nashville, experienced a data breach where the information, including names, contact details, and appointment information, of approximately 11 million patients was stolen.?
SERVICES - Australian Infrastructure Company Hit with Cyberattack
Australian infrastructure services provider Ventia is currently dealing with a cyberattack, taking key systems offline to contain the incident. While an investigation is ongoing, no further details were provided.?
GOVERNMENT - A Caribbean Gem Loses Luster After Cyberattack?
The Ministry of Digital Transformation in Trinidad and Tobago was hit by a cyberattack, leading to disruptions in operations and the loss of court documents served electronically since June 30.?
MANUFACTURING - Supplier to Auto Industry Hit by Ransomware?
Denver-based manufacturer of transmission belts and fluid power products, Gates Corporation revealed suffering a ransomware attack in February. It exposed HR documents containing sensitive data of more than 11,000 individuals.?
Insights & Expert Analysis
DDOS ATTACKS - Simple Attack Now More Destructive & Common
Distributed Denial of Service (DDoS) attacks occur with greater frequency across all organizations. While large organizations often make headlines, it is important to recognize that even smaller organizations can fall victim to DDoS attacks.?
INSIGHT: Microsoft advises organizations to evaluate resilience against DDoS attacks and specifically recommends RedWolf, a user-friendly testing system.
However, you can DIY Prep by configuring your firewalls or routers to discard incoming ICMP packets and blocking external DNS responses (by obstructing UDP port 53).
You can enhance your defenses against certain DNS and ping-based volumetric attacks.?
NATIONAL SECURITY - WH Publishes National Cybersecurity Strategy Implementation Plan
Meant to ensure transparency and coordination, the National Cybersecurity Strategy Implementation Plan (NCSIP) details over 65 initiatives for combating ransomware and other cybercrime, building a skilled cyber workforce, and bolstering cooperation between governmental agencies.
INSIGHT: We must acknowledge two major concerns surrounding the WH National Cybersecurity Strategy: funding and utilization.?
The Administration's cybersecurity strategy demonstrates a commendable commitment to safeguarding the nation's digital infrastructure.?
However, the concern lies in whether the allocated funding will be adequate to meet the challenges posed by rapidly evolving IT demands and the growth of cyber threats.?
While the Administration has requested an increase in cybersecurity funding for FY24, (+23% over FY23), is there sufficiency??
And it’s not only the amount of funding but how effectively it will be utilized.
领英推荐
Continuous evaluation of the funding's adequacy and collaboration between the government and the private sector remains vital to the success of any strategy let alone one that protects our national security.
ZERO DAYS - MS Confirms 6 New Zero-Day Exploits
Microsoft just dropped an announcement of 132 security vulnerabilities. But wait, it gets juicier! Among these vulnerabilities, there are six that are actively being exploited as zero-day attacks. The urgency is real. If you're a Windows user, buckle up and update your system ASAP.
INSIGHT: The rise of cloud migration, allows a single zero-day attack to expose more connected organizations, making the stakes higher than ever before.
And while the volume of vulns and that there are 6 in one announcement seems (and is) significant, it is less a hair-on-fire concern than it had been.
Why? 4 reasons...
But all those positives rely upon you having made the right decision about your organization’s cyber resilience.
Elevate Your Cyber Risk Cognizance
SARA Delivers Automated & Accurate Risk Assessment
Our fully automated Security And Risk Assessment (SARA) performs as an auditor to provide an unbiased audit of your technical and risk controls.
Direct Message?Sean Mahoney?for More Information
Join Us for an Event
We host regular LinkedIn Live Events to provide you insights and elevate your cognizance.
The intent of our Events is to facilitate communication and collaboration among stakeholders - Business Executives, Technologists, & Governors – to achieve alignment of technical values to meet GRC objectives and streamline the processes to meet both goals.
Keep up to date on future events, but following Netswitch on LinkedIn.
https://www.dhirubhai.net/company/netswitch-technology-management/events/
Join Our CyberRisk Governance LinkedIn Group
Consider joining your risk professional peers in the fast-growing LinkedIn group specifically about CyberRisk Governance.
The aim of the group is to help technologists, risk & compliance managers and business leaders better manage their CyberRisk.?
Would you like to join us? Here's the link:?https://www.dhirubhai.net/groups/13991569
DISCLAIMER:?Any articles, information, or links are provided by Netswitch for reference only. While we strive to keep the information and links correct and safe, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, or related graphics contained on the destination website. Any reliance you place on such information is therefore strictly at your own risk.