CYBER THIS WEEK – NOV 5, 2023
Conquering Cyber Risk Management as a Transformational CISO
Now is the time for CISOs to step out from their technical ivory tower. By approaching cyber risk with a business risk mindset, they can bridge the gap between security needs and enterprise objectives.
Conquering Cyber Risk Management as a Transformational CISO (informationweek.com)
When least privilege is the most important thing
In the ever-evolving realm of information security, the principle of Least Privilege stands out as the cornerstone of safeguarding sensitive data. However, this fundamental concept, emphasizing limited access to resources and information, has been progressively overlooked, placing our digital ecosystems at greater risk.
When least privilege is the most important thing | CIO
To Improve Cyber Defenses, Practice for Disaster
If you’re not already using crisis simulations as a key part of incident preparation and response, it’s time to start stress-testing personnel and protocols to help teams develop skills and readiness for difficult situations.
To Improve Cyber Defenses, Practice for Disaster (darkreading.com)
Deciphering the evolving threat landscape: security in a 5G world
As we navigate the complexities of the digital age, one fact remains resolute: network security is an ongoing necessity, and it’s a task that cannot be shouldered by a single person or organization alone.
An evolving threat landscape: 5G security – Ericsson
Protecting Critical Infrastructure: Enhancing OT Security
IT has been prioritized in cybersecurity, while OT has been left to manage its own security under the supervision of industrial managers who may lack essential cybersecurity expertise.
Protecting Critical Infrastructure: Enhancing OT Security (forbes.com)
Backup administrators under fire as ransomware threats evolve
Venerable backup administrators are doing the best they can, but they’ve got big targets on their backs. Preparing them to deal with the ever-evolving threat landscape, placing proper control on access to backup data, ensuring anomaly detection can spot compromised backup activity in both data and administrator behavior and arming them with tools to leverage autonomous data management will go a long way toward shielding them from of the enemy’s arrows.
Backup administrators under fire as ransomware threats evolve | Security Magazine
Why Some Companies Skip Vulnerability Management
Ultimately, a security strategy that is solely reactive is only half of a strategy. Proactively identifying weaknesses before they are exploited can avoid a huge, costly debacle down the road. Vulnerability Management may not be the sexiest thing in cybersecurity, but it is the foundation on which your strategy should be built.
Why Some Companies Skip Vulnerability Management – Digital Defense
CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT
The Forum of Incident Response and Security Teams (FIRST) on Nov. 1 formally published CVSS 4.0 that touts finer granularity for base metrics and also gears them for operational technology (OT), industrial control systems (ICS) and the Internet of Things (IoT).
CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (scmagazine.com)
Data loss prevention vendors tackle gen AI data risks
The problem is that many public AI platforms are continually trained based on their interactions with users. This means that if a user uploads company secrets to the AI, the AI will then know those secrets — and will spill them to the next person who asks about them.
Data loss prevention vendors tackle gen AI data risks | CSO Online
Could a threat actor socially engineer ChatGPT?
What gives threat actors an advantage is the expanded attack landscape created by LLMs. The freewheeling use of generative AI tools has opened the door for accidental data leaks.
Could a threat actor socially engineer ChatGPT? (securityintelligence.com)