CYBER THIS WEEK – JANUARY 29, 2023
Why Your Board of Directors Should Focus On Building Your CISO’s Self-Resilience
When the role of security leaders is more important than ever, recruiting and retaining a highly skilled CISO is a tough challenge. Fifty-three percent of CISOs have been in their role for two years or less, and this high turnover, coupled with the talent shortage, puts organizations at high risk of cybersecurity failure.
Why Your Board Of Directors Should Focus On Building Your CISO’s Self-Resilience (forbes.com)
Threat actors are using remote monitoring software to launch phishing attacks
Malicious actors are using remote management and monitoring software to launch phishing attacks against federal employees. The lure aims to get the targeted workers to link to malicious domains in order to steal money from the targeted victims. However, authorities warn the same tactics could be used by APT actors in order to gain persistence within a network.
Threat actors are using remote monitoring software to launch phishing attacks | CIO Dive
Protecting Against Malicious Use of Remote Monitoring and Management Software | CISA
How passkeys are changing authentication
Passkeys are a kind of passwordless authentication that is seeing increasing focus and adoption. They are set to become a key part of security in the coming years
How passkeys are changing authentication | CSO Online
CISOs identify cloud migration as a top business objective
Cloud migration was universally identified as one of those top business objectives. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing and new compliance requirements — all within constrained budgets.
CISOs identify cloud migration as a top business objective | Security Magazine
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
Vulnerability management ought to be a cornerstone of connected product security, widely recommended in 30 cybersecurity guidance initiatives including the IoTSF’s IoT Security Assurance Framework. Straightforward reporting of security issues is essential for security lifecycle maintenance
5 Big Pros and Cons of ChatGPT for Cybersecurity
With OpenAI’s ChatGPT, both the positive and negative uses of the technology seem to have been taken up a notch. And when it comes to cybersecurity, there’s now mounting evidence that the AI-powered chatbot could be a powerful tool both for hackers and cyber defenders.
https://www.crn.com/news/security/5-big-pros-and-cons-of-chatgpt-for-cybersecurity
How 2022 changed the course of cyber risk management
From Log4J to the Russian invasion of Ukraine, the events of 2022 have demonstrated that cyber incidents are a very real threat to the functioning of critical services, and one that needs to be taken seriously. Exiger’s Bob Kolasky reviews the biggest cyber risk trends from 2022, and what this will mean for the year ahead.
How 2022 changed the course of cyber risk management | Security Info Watch
Companies Struggle with Zero Trust as Attackers Adapt to Get around It
The zero-trust approach to security promises to reduce threats and make successful attacks less damaging, but companies should not expect that implementing zero-trust principles will be easy or prevent most attacks.
Companies Struggle With Zero Trust as Attackers Adapt to Get Around It (darkreading.com)
Seven Ways Cyber Attackers Bypass MFA – And How To Stop Them
Multi-Factor Authentication (MFA) has rapidly become a common component of identity security, with organizations scrambling to enroll users and their devices in an attempt to curb account takeover. While MFA may be organizations’ preferred digital defense against these attacks, in reality, it is often not enough. Even MFA can be circumvented by modern identity attack techniques.
Seven Ways Cyber Attackers Bypass MFA – And How To Stop Them – CPO Magazine
Battle of the breach: Prioritizing proactive ransomware defense
CISOs looking to apply advanced thinking to ransomware defense can integrate new processes and tactics as they formulate their cybersecurity strategies.
Battle of the breach: Prioritizing proactive ransomware defense | Cybersecurity Dive