The Infosec Archives 01.07.2022 - V5
?? Brendon Rod ??
IAM Resilience Evangelist ?? | Startup Afficionado ?? | Go-to-market Architect ??
Hey friends,
Welcome back to the Infosec Archives first edition of 2022!
Theme of the week?
Cybersecurity predictions! (and of course some more Log4j)
And now... Let's?dive in?as they say. ??
?--------------------
News:??
FTC to pursue companies that expose customer data due to not patching Log4j
Agency warns it will use its full legal authority against companies that fail to take reasonable steps against the Log4j vulnerability.
#2
I came across this article by Einat Meyron which summarizes nicely the top 10 cybersecurity trends and forecasts for 2022.
1.???Cyberattacks?will continue and even increase.
2.???They will become more?sophisticated, more?violent?and more?frequent.
3.???Specifically, Business Email Compromise (BEC) attacks will also become more precise and advanced, through social engineering that will help the malicious actors study the organization’s habits.
4.???The wind beneath the wings of cyberattacks will be?AI, which makes the task of identifying the attacks and their origin even more complicated.
5.???We’ll see many more combined ransomware?attacks.
6.???We’ll also see attacks whose first step is?data theft, in order to profit from selling.
7.???The abovementioned attacks will be affected by threats directed at the?company’s executives, about disclosure of personal and professional information.
8.???We’ll see many more?shutdowns of systems?and system backups, caused by Distributed Denial-of-Service (DDoS) attacks.
9.???As far as ransom attacks are concerned, the most dramatic element is the?supply chain. The complex process which involves many different interfaces might just be the window?through which threat actors attempt an attack.
10.?Cryptojacking?will exploit vulnerabilities which have not yet been patched or updated.
--------------------
Career Advice: ??
I hope that in this year to come, you make mistakes. Because if you are making mistakes, then you are chasing dreams, trying new things, learning, living, pushing yourself, changing yourself, & changing your world.
It means you are doing things you've never done before, but more importantly, that means you're doing something. 99% failures are the result of never starting.
So that's my wish for everyone and my wish for myself. Make new mistakes. Make glorious, amazing mistakes. Make mistakes you’ve never made. Don't freeze, don't stop, don't worry that you won’t be good enough, whatever it is: that class you want to take, that career change you are contemplating, that business you want to start, that cert you want to go after, that love interest you want to ask out, or asking that person to be your mentor. You know exactly what that thing is for you. Whatever it is you're scared of doing, just do it!
Make your mistakes in 2022 and forever.
You will either find success, growth or maturation on the other side of those mistakes...maybe even all three.
--------------------
?Infosec Wisdom: ??
领英推荐
When is it okay to lie?
Security questions.
You know those annoying ones about what street you grew up on, what is your first pet name?
Most of these answers can come up in conversations, ether in person or online communication.
Lie, make something up, but don't put the truth down.
Also, don't forget what you made up....
?--------------------?
Mentorship/Education: ????
12 HOURS of Free Ethical Hacking Training! We've released the entire first half of our best-selling Practical Ethical Hacking course for free on YouTube. Learn Linux, Python, and Hacking all with no strings attached.
Amazing field to break into and what better time than now? Come learn to hack as your New Year's resolution :)
?--------------------
Cybersecurity Heroes Podcast: ???
In order to get cyber insurance, companies have to fill out long questionnaires to show they’re taking important security steps.
With every passing year, these questionnaires get more complex, and companies have a harder time making sense of them. As a result, many don’t get the coverage they need.
One of the things the security community can do is identify the top priority actions that companies need to do to reduce impact, instead of leaving them feeling overwhelmed and under-protected.
Kirsten Bay, CEO of Cysurance, talked to us about the steps the cybersecurity industry can take to improve the process and what companies can do to make sure they’re getting the right policy for them.
Catch all the links to the episode below or search for #CyberSecurityHeroes in your favorite podcast player.
Apple:??
Spotify:?
p.s
If you enjoy the show, follow/subscribe and we would love a rating or a review on Apple so more people like you can find it!
--------------------
Meme of The Week ??
?
--------------------
That's a wrap for this week's Infosec Archives, see you again next week. ??
Brendon
?? AI Governance Advisor ?? Non Executive Director ?? Reduce Cyber Risk ?? Protect Privacy ?? Peace of Mind
2 年Hi ??Brendon, I like the newsletter. Thanks for publishing. If I may add to the "When is it OK to lie" section: I always suggest to my students to use a password manager to generate long strings random characters (passwords) and use those to answer the security questions instead of the real answers. Then store those generated strings in the password manager under the comments section in the password entry for the website that they are answering these questions for. Obviously I assume they are using a password manager to store the username/password for the website in the first place! :-)
Cyber Resilience ★ Reduce the impact of cyber attack & business cyber risks. Upgrade cyber security culture ★ Advocate for CISOs ★ Speaker ★ Powerlifting??? ★ ??
2 年OMG ?? I'm so honored. So glad you liked it. Thank you ??
Chief Information Security Officer | Board Advisor | Podcast Host | Forbes Tech Council | Keynote Speaker | Instructor
2 年Pretty cool getting a place on your list...cheers to 2022!