November 27, 2022 by cyberthisweek No CommentsUncategorized

CYBER THIS WEEK – NOVEMBER 27, 2022

CISO considerations for data privacy & compliance in 2023

Today’s enterprise security leader needs to ensure they have a comprehensive understanding of the ever-changing privacy risk landscape and continually assess their security posture to ensure all applicable privacy laws and regulation have been considered

CISO considerations for data privacy & compliance in 2023 | Security Magazine

Know thy enemy: thinking like a hacker can boost cybersecurity strategy

Putting on a red hat and trying to understand the motivations, expectations, behaviors, and goals of bad actors can be a key part of a solid cybersecurity plan.

Know thy enemy: thinking like a hacker can boost cybersecurity strategy | CSO Online

Why Operational Technology Security Cannot Be Avoided

From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially increased, and attackers most frequently target the manufacturing industry.

Why Operational Technology Security Cannot Be Avoided (securityintelligence.com)

A Boiling Cauldron: Cybersecurity Trends, Threats, And Predictions For 2023

Phishing, insider threats, business email compromise, lack of skilled cybersecurity workers, and misconfigurations of code have been common trends throughout the past decade. They still will be trends in the coming year, but other factors and developments will also permeate a precarious cybersecurity ecosystem.

A Boiling Cauldron: Cybersecurity Trends, Threats, And Predictions For 2023 (forbes.com)

How Tech Companies Can Slow Down Spike in Breaches

The technology industry is challenged to maintain a strong defense against a constantly evolving threat landscape. Today’s attackers are changing their TTPs to be more subtle, to evade detection, and to cause more damage. It’s up to defenders to protect the workloads, identities, and data their business relies on.

How Tech Companies Can Slow Down Spike in Breaches (darkreading.com)

Your Guide to Assessing Cybersecurity Risks before They Harm Valuable Assets

An organization’s core business goals and the information technology assets required to achieve those goals must be identified to conduct a cybersecurity risk assessment. The next step is to determine which cyberattacks might harm those assets, how likely they are to happen, and what kind of effects they might have—in other words, to provide a comprehensive picture of the threat environment for a given set of business goals

How to perform a cybersecurity risk assessment: Tools, frameworks, checklist and more (dataconomy.com)

Digitalisation and cyber risk: Do banks have their heads in the cloud?

As the financial sector grows increasingly digitised, both cyber and data risks have developed in tandem, with the need to proactively combat such threats becoming paramount for financial institutions.

Digitalisation and cyber risk: Do banks have their heads in the cloud? (globalbankingandfinance.com)

This forgotten open-source web server could let hackers ‘silently’ gain access to your system

Despite being discontinued in 2005, the Boa web server continues to be implemented by different vendors across a variety of IoT devices and popular software development kits (SDKs). Without developers managing the Boa web server, its known vulnerabilities could allow attackers to silently gain access to networks by collecting information from files

Microsoft warns: This forgotten open-source web server could let hackers ‘silently’ gain access to your system | ZDNET

Vulnerable SDK components lead to supply chain risks in IoT and OT environments – Microsoft Security Blog

Cybercriminals strike understaffed organizations on weekends and holidays

Cybercriminals don’t take breaks when it’s convenient to defenders. While many professionals are working for the weekend, threat actors can exploit time off as a weakness and strike when organizations are understaffed and significantly less prepared to detect and respond to attacks.

Cybercriminals strike understaffed organizations on weekends and holidays | CIO Dive

Ransomware-attackers-dont-take-holidays-2022.pdf (cybereason.com)

Five defence-in-depth layers to implement for business security success

Defence-in-depth is a simple enough idea, similar in concept to the tightly-ranked Roman centuries of the ancient world, with the next line of soldiers awaiting any enemy that hacked their way through the front rank. We can apply this (albeit less violently) as a cybersecurity strategy to protect the most sensitive data at the heart of any organisation’s IT environment.

Five defence-in-depth layers for business security success (information-age.com)

Comments are closed.