Cybersecurity Institute News Roundup 30 Sep 2024

Welcome to this week’s Cybersecurity Institute News Roundup, a weekly overview of the some of the most interesting news and articles that have caught our attention recently from across the cybersecurity industry. In this week’s roundup we check in on guidance to protect against Active Directory attacks, add four more countries to an anti-spyware initiative, prepare for the rapid growth of digital identity wallets, remind financial institutions that prioritizing fraud protection adds consumer competitive advantage, boost payment protection with VISA’s planned AI acquisition, ask what experiences could a fledgling CISO learn from, and inject some common sense into password hygiene.

?

With Microsoft Active Directory (AD) a favored target of bad actors, Five Eyes (the alliance of cybersecurity agencies from the US, UK, Canada, Australia, and New Zealand) has published guidance for enterprises to help detect and mitigate AD cyberattacks:

https://www.cyber.gov.au/sites/default/files/2024-09/PROTECT-Detecting-and-Mitigating-Active-Directory-Compromises.pdf

?

Since its inception in March, 21 countries have now joined the US led coalition to prevent the proliferation of spyware including the recent addition of Austria, Estonia, Lithuania, and the Netherlands:

https://www.bankinfosecurity.com/4-more-eu-nations-join-us-led-initiative-to-counter-spyware-a-26348

?

As private and public sector digital identity initiatives continue to mature, the adoption of digital identity wallets is poised for rapid growth. Gartner estimates half a billion users by 2026, with Goode Intelligence predicting 1.5 billion users by 2029:

https://www.biometricupdate.com/202409/half-a-billion-will-regularly-use-digital-identity-wallets-within-2-years-gartner

?

69% of consumers prioritize fraud protection when selecting a financial institution, with almost one third making this their top selection criteria:

https://www.pymnts.com/news/security-and-risk/2024/69-of-consumers-prioritize-fraud-protection-when-picking-a-bank/

?

In related news, VISA announced its intention to buy AI company Featurespace to boost its fraud detection and risk scoring capabilities. With AI-powered cyberattacks including deepfakes and synthetic identities intensifying in financial services, it’s no surprise this sector is looking to AI to help fight AI:

https://www.bankinfosecurity.com/visa-acquires-ai-leader-featurespace-for-payments-protection-a-26394

?

When it comes to the trials and tribulations of bring a CISO, there’s often not much of a substitute for experience. That said, it doesn’t always have to be your own experience, as demonstrated in this article, in which CISOs reflect on their careers and offer advice that could have helped them early on:

https://www.csoonline.com/article/3526638/10-things-cisos-wished-they-knew-from-the-start.html

?

Although there is a growing movement to abandon passwords for more secure passwordless alternatives, the pesky security format is here to stay for some time still, along with the various rules about their creation. NIST is proposing to add some common sense to the process and bar some of the most nonsensical password rules:

https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/

?

Be sure to share your thoughts on these stories in the comments and let us know what articles have caught your eye recently?