Cybersecurity Newsletter


facebook logo  twitter logo  linkedin logo  mail icon

You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.

Thank you from Mark Lynd - #1 Ranked Global Security Thought Leader

NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

  • Cyber Bits & Bytes
  • Early Warning - Misconfiguration and vulnerabilities biggest risks in cloud security
  • Featured Article - A Leader’s Guide to Incident Response
  • Cyber Quote - Cybersecurity is a Journey
  • Free Cybersecurity Resources - eBooks, tools, apps & services
  • Trending Story - 4 strategy game-changers for finding cybersecurity talent
  • Cybersecurity News Highlights
  • Cyber Scam of the Week - Email Scams from University Domains
  • Social Posts of the Week

Cyber Bits & Bytes

Microsoft: Over 100 threat actors deploy ransomware in attacks Read more in this Bleepin Computer article

According to this article from Info World by David Linthicum titled:"The downsides of cloud-native solutions", while cloud-native development is having a great run of popularity and growth, complexity and vendor lock-in are the trade-offs for agility and reliability.

Exclusive: CISA releases new K-12 cybersecurity game plan, per a Axios article by Sam Sabin. The nation's cyber defense agency has drafted up a plan for schools to beef up their cybersecurity operations in a highly anticipated report.

Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing is the title of a really good read in this Security Week article. In the article it points out no one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base

Early Warning

Misconfiguration and vulnerabilities biggest risks in cloud security: Report

Article Excerpt: "The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig.

While zero trust is a top priority, data showed that least privilege access rights, an underpinning of zero trust architecture, are not properly enforced. Almost 90% of granted permissions are not used, which leaves many opportunities for attackers who steal credentials, the report noted.

The data was derived from an analysis of more than seven million containers that Sysdig customers are running daily."

You can read more of this article.

Featured Original Article

Original article by Mark Lynd titled: "A Leader’s Guide to Incident Response".

A Leader’s Guide to Incident Response

Incident response is an important part of protecting an organization from security incidents. It involves identifying, assessing, and mitigating the impact of a security incident. Cybersecurity incidents can cause significant damage to the organization's operations, reputation, and finances. But, by ensuring an incident response plan is in place will help reduce the impact of the incident and minimize financial and reputational losses. It can also help the organization quickly return to normal operations and meet compliance requirements.

The Benefits of Incident Response are Strong

One of the main benefits of incident response is that it helps organizations reduce the negative effects of security incidents. Having a plan in place and teams ready to respond quickly can reduce the financial and reputational damage of an incident.

Another advantage of incident response is that it helps speed up the return to normal operations. By having a strategy and trained response teams, businesses can quickly recover from an incident and return to normal. This helps reduce the impact on customers and other stakeholders, and minimizes disruption.

Incident response can also help companies meet compliance requirements and maintain their reputation. By having a response plan in place, companies can show that they are protecting sensitive information and following the rules. This helps them protect their reputation, maintain the trust of customers, and keep their good name.

The following incident response steps are a real-world variation of the common steps used by the SANS Institute and others:

Stage 1 - Preparation

Being properly prepared for a cybersecurity incident means having a clear plan for how to handle the incident and making sure that all stakeholders, such as IT, legal, and executive management, know their roles and responsibilities prior to the incident. This also means you need to set up clear lines of communication and determine who has the power to make decisions in case of an incident.

Having a clear plan for how to handle security incidents can help an organization handle them better. The incident response plan should be reviewed and updated often to make sure it stays relevant and effective. This includes making a list of possible incident scenarios, figuring out the right response for each scenario, and giving different teams and people specific roles and responsibilities.

It is also important to test and do drills on a regular basis to test the incident response plan and determine gaps, then revise accordingly. These drills can help make sure that everyone knows their roles and responsibilities and instill confidence in leadership and the incident response team that their incident response planning is effective in finding, responsive and minimizes and the effects of a security incident.

Stage 2 - Identification

Since time is of the essence and the longer an incident goes undiscovered, the more damage it is likely to inflict, having good visibility is essential for proper incident identification. In order to promptly find and identify security incidents, it is crucial to have monitoring and detection capabilities. Systems for detecting intrusions, security information and event management (SIEM) programs, and other security instruments are frequently included in these capabilities.

During the identification process it is crucial to collect as much data and information about the incident as possible to properly determine an incident’s severity and help specify the right course of action, This includes determining which applications, systems, and data are affected, as well as any potential effects it may have on the company brand and operations.

Documenting all incident-related information, including the incident's time and date, the systems and data affected, as well as any other pertinent information, is crucial at this point. This information is essential to figuring out what caused it.

Stage 3 - Containment

The containment stage is critical to preventing the incident from spreading and causing further damage. Properly containing the incident can entail powering down impacted systems, disconnecting them from the network, or other steps to further isolate the event. The objective of the containment stage is to lessen the impacts of the incident while maintaining the evidence for further investigation in the future.

Containment is a crucial step in incident response because it can stop an incident from spreading to other systems and doing further harm. It is also important, so your team can implement measures to prevent the incident from recurring in the future, such as blocking IP addresses, locking down accounts or disabling devices that were used in the attack. These measures can help prevent the attacker from continuing to exploit any of these vulnerabilities and causing further damage.

Step 4: Eradication

After the incident has been contained, the emphasis switches to eliminating the incident's cause. This could entail uninstalling malware or other harmful code, fixing security flaws, or taking other measures to get rid of the threat.

Eradication involves removing the incident's root cause and restoring the afflicted systems to a known-good state. This may entail uninstalling malware, decrypting data, fixing security flaws, or taking other measures to get rid of the threat.

It's crucial to completely clean the impacted systems and make sure there is no malware or other malicious programs on them. To make sure that all malware has been eliminated, it may be required to re-image the afflicted systems or running them a thorough scan.

Implementing efforts to stop similar occurrences from happening again is also crucial. This may entail putting in place additional security controls like intrusion detection systems, more security training or use a more advanced security framework like Zero Trust.

Step 5: Recovery

After the incident has been contained and eradicated, the focus shifts to recovery. This may entail repairing damaged systems and data and resuming regular business operations. Prioritizing the restoration of critical systems and data is crucial, as is coordinating with other stakeholders like executive management, legal, and IT to prioritize recovery.

Before notifying leadership and communicating the resumption of normal business operations to the rest of the business, it's crucial to verify that all systems and data have been properly recovered and that all appropriate security controls have been put in place. This may entail conducting various recovery procedures, re-imaging impacted systems, or restoring via backups. The recovery process can be one of the longer stages time wise during incident response.

Step 6: Post-Incident Review

The final step in incident response is conducting a post-incident review. This can entail reviewing the incident response plan and procedures, determining where gaps exist, identifying where improvements can be made, updating the incident response plan, and communicating the modifications with stakeholders and leadership.

To make sure that revised incident response plan and procedures are compliant and that any necessary reporting requirements for cyber insurance and the authorities are satisfied, it is also crucial to review and evaluate any pertinent laws, regulations, or industry standards. This may entail going over incident response guidelines and policies as well as any legal or regulatory obligations for notice and reporting of incidents.

Tested Incident Response is Critical to Rapid Recovery

A crucial component of cybersecurity is incident response, which can assist organizations in reducing the effects of security incidents and swiftly getting back to normal business activities.

Organizations need to ensure that leadership and all stakeholders are aware of their roles and responsibilities and confirm a revised, tested and actionable incident response plan is in place.

Regular incident response drills, training, proper resources for the incident response team, effective communication, ongoing monitoring, and threat intelligence are all crucial elements of incident response and readiness.

Organizations can be better equipped to respond to security incidents, stop them from inflicting substantial damage, and resume normal operations more quickly by following these procedures and routinely evaluating and updating incident response plans.

Read original post

Cyber Quote

Bruce Schneier quote on his concerns about cybercrime

Free Resources

Trending Story

4 strategy game-changers for finding cybersecurity talent
Some CISOs are shaking up their staffing plans to address the challenges of recruiting, hiring and retaining cybersecurity workers – and finding success in their moves.

Other Bytes

Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Breach Corporate Email Accounts
Hackers abused Microsoft’s “Verified Publisher” accounts to create malicious OAuth apps as part of a vicious scheme aimed at infiltrating organization
Cisco study: Network teams look to SDN, automation to manage multicloud operations
Cisco’s hybrid cloud report details the key challenges that network operations teams face in supporting diverse enterprise workloads.

Netsync Ad for Security Services

Cyber Scam of the Week

Email Scams from University Domains

Most universities provide students with email addresses from the university’s official domain. For example, a student's email address could be firstname[at]harvard[dot]edu. Since these email addresses use real university domains, cybercriminals try to gain access to student email accounts so they can use them for their own malicious purposes.

To start the scam, cybercriminals use social engineering to gain access to a student's email account. If they are successful, the cybercriminals will send you a phishing email from the stolen email address. The university email address makes the email appear more legitimate. The email states that some messages are being blocked from your inbox and provides a link to a spoofed login page. If you click this link and enter your login credentials, cybercriminals can use your login credentials to access your sensitive information.

Don’t let a university email scam trick you. Follow the tips below to keep your sensitive information safe:

Even if the sender’s email address is from a trusted domain, the email could be fake. Cybercriminals can gain access to trusted domains to make their scams more believable.

When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.

Never click a link in an email that you aren’t expecting. If the email claims that you have an account issue, log in to the organization’s website directly to verify the claim.

This Cyber Scam is provided by our sponsors: Netsync & KnowBe4

Cybersecurity Social

Just a couple interesting social posts

Did someone forward this email to you? Awesome! You can sign up here and not miss a week of the Morning Boot curated cybersecurity newsletter from Mark Lynd

You received this email because you signed up on our website, attended one of our events, or made a purchase from us. If you do not wish to receive this newsletter anymore, you can unsubscribe here.

Questions, Suggestions & Sponsorships? Please email: