CYBER THIS WEEK – NOVEMBER 27, 2022
CISO considerations for data privacy & compliance in 2023
Today’s enterprise security leader needs to ensure they have a comprehensive understanding of the ever-changing privacy risk landscape and continually assess their security posture to ensure all applicable privacy laws and regulation have been considered
CISO considerations for data privacy & compliance in 2023 | Security Magazine
Know thy enemy: thinking like a hacker can boost cybersecurity strategy
Putting on a red hat and trying to understand the motivations, expectations, behaviors, and goals of bad actors can be a key part of a solid cybersecurity plan.
Know thy enemy: thinking like a hacker can boost cybersecurity strategy | CSO Online
Why Operational Technology Security Cannot Be Avoided
From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially increased, and attackers most frequently target the manufacturing industry.
Why Operational Technology Security Cannot Be Avoided (securityintelligence.com)
A Boiling Cauldron: Cybersecurity Trends, Threats, And Predictions For 2023
Phishing, insider threats, business email compromise, lack of skilled cybersecurity workers, and misconfigurations of code have been common trends throughout the past decade. They still will be trends in the coming year, but other factors and developments will also permeate a precarious cybersecurity ecosystem.
A Boiling Cauldron: Cybersecurity Trends, Threats, And Predictions For 2023 (forbes.com)
How Tech Companies Can Slow Down Spike in Breaches
The technology industry is challenged to maintain a strong defense against a constantly evolving threat landscape. Today’s attackers are changing their TTPs to be more subtle, to evade detection, and to cause more damage. It’s up to defenders to protect the workloads, identities, and data their business relies on.
How Tech Companies Can Slow Down Spike in Breaches (darkreading.com)
Your Guide to Assessing Cybersecurity Risks before They Harm Valuable Assets
An organization’s core business goals and the information technology assets required to achieve those goals must be identified to conduct a cybersecurity risk assessment. The next step is to determine which cyberattacks might harm those assets, how likely they are to happen, and what kind of effects they might have—in other words, to provide a comprehensive picture of the threat environment for a given set of business goals
Digitalisation and cyber risk: Do banks have their heads in the cloud?
As the financial sector grows increasingly digitised, both cyber and data risks have developed in tandem, with the need to proactively combat such threats becoming paramount for financial institutions.
Digitalisation and cyber risk: Do banks have their heads in the cloud? (globalbankingandfinance.com)
This forgotten open-source web server could let hackers ‘silently’ gain access to your system
Despite being discontinued in 2005, the Boa web server continues to be implemented by different vendors across a variety of IoT devices and popular software development kits (SDKs). Without developers managing the Boa web server, its known vulnerabilities could allow attackers to silently gain access to networks by collecting information from files
Cybercriminals strike understaffed organizations on weekends and holidays
Cybercriminals don’t take breaks when it’s convenient to defenders. While many professionals are working for the weekend, threat actors can exploit time off as a weakness and strike when organizations are understaffed and significantly less prepared to detect and respond to attacks.
Cybercriminals strike understaffed organizations on weekends and holidays | CIO Dive
Ransomware-attackers-dont-take-holidays-2022.pdf (cybereason.com)
Five defence-in-depth layers to implement for business security success
Defence-in-depth is a simple enough idea, similar in concept to the tightly-ranked Roman centuries of the ancient world, with the next line of soldiers awaiting any enemy that hacked their way through the front rank. We can apply this (albeit less violently) as a cybersecurity strategy to protect the most sensitive data at the heart of any organisation’s IT environment.
Five defence-in-depth layers for business security success (information-age.com)