Cybersecurity Newsletter

You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.

NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

• Cyber Bits & Bytes
• Early Warning - Trend: How, When, and Why You Need to Measure Your Cybersecurity for Leadership
• Featured Article - How An Identity Platform Drives Real Business Value in Thwarting Cyber Threats
• Cyber Quote - Mark Lynd on Incident Response Planning
• Free Cybersecurity Resources - eBooks, tools, apps & services
• Trending Story - 3 reasons to consider adopting AI cybersecurity tools
• Cybersecurity News Highlights
• Cyber Scam of the Week - Scams Related to the Turkey-Syria Earthquake
• Social Posts of the Week

Cyber Bits & Bytes

US authorities seize servers for Hive ransomware group - Read more in this Guardian article

City of Oakland declares state of emergency after ransomware attack reported in Bleepin Computer. "Oakland has declared a local state of emergency because of the impact of a ransomware attack that forced the City to take all its IT systems offline on February 8th. Interim City Administrator G. Harold Duffey declared a state of emergency to allow the City of Oakland to expedite orders, materials and equipment procurement, and activate emergency workers when needed."

10 steps every business can take to avoid a cybersecurity breach, from Venture Beat

Russian hackers are trying to break into ChatGPT, says Check Point is the title of a really good read on ZDNet. In the article points out that this is one of a number of ongoing efforts to compromise the language bot, threats that could lead to highly targeted phishing attacks. AI-derived phishing attacks??? Not good!

Early Warning

Trend: How, When, and Why You Need to Measure Your Cybersecurity for Leadership

This is a growing movement that I am seeing on the ground with our customers regarding being able to justify, measure and validate their cybersecurity spending.  It is primarily to ensure that the increasing amounts of money being spent on cybersecurity produces the intended result and delivers the intended return on investment.

Here is an article excerpt from a CSO Online article written by Steve Durbin: "A core pillar of a mature cyber risk program is the ability to measure, analyze, and report cybersecurity threats and performance. That said, measuring cybersecurity is not easy. On one hand business leaders struggle to understand information risk (because they usually are from a non-cyber background), while on the other, security practitioners get caught up in too much technical detail which ends up confusing, misinforming, or misleading stakeholders.

In an ideal scenario, security practitioners must measure and report cybersecurity in a way that senior executives understand, find useful, satisfy curiosity, and lead to actionable outcomes."

Given the news cycle's fascination with cybersecurity, the increasing threats, and the need for better cybersecurity it is increasingly important to be able to quantify and qualify the spending and provide data and analytics to leadership on the results.

Featured Original Article

How An Identity Platform Drives Real Business Value in Thwarting Cyber Threats

You can’t just build a perimeter and expect to thwart modern cyber threats. In the same way, you can’t rely on yesterday’s security measures to protect your organization from data breaches and compliance failures in today’s challenging environment. Any company that wants to protect its data must consider that most attacks are executed through internal or compromised accounts.

Recent research from the Identity Defined Security Alliance (IDSA) has revealed that 79% of organizations have experienced an identity-related security breach in the last two years. Therefore, enterprises need innovative solutions and strategies that accurately identify, track, and monitor user behavior and activities to identify unusual or abnormal occurrences.

This ability is just one of many reasons that companies need to employ a comprehensive identity platform to thwart cyber threats. This article will discuss why identity platforms like SailPoint are crucial for businesses today to produce real business value by protecting against modern threats.

The Cyber-Attack Threat Has Skyrocketed

In 2022, organizations around the globe will face a far more challenging cybersecurity environment as attacks and breaches become more sophisticated and destructive, even using artificial intelligence. This alarming evolution that affects or will affect nearly all businesses coupled with the rapid digital transformation of almost every organization globally has dramatically increased the attack surfaces and the number of threat vectors for organizations big and small. The truth is most organizations have spent money, time, and resources on preventing and detecting and not enough on foundation technologies like identity and incident response leaving them vulnerable and at high risk.

Many leading organizations and leadership are thinking about cybersecurity differently and now assume they will be hit at some point. Thus, increasing the market for technologies and cyber frameworks like the cloud, identity security, zero trust, machine learning, NIST, privileged access management, threat intelligence, etc. This trend will continue throughout 2022 and beyond as the stark reality is that these nefarious activities are not decreasing but rapidly increasing as the bad actors continue to profit.

Identity security is an area where more attention and spending are needed. According to a Verizon Data Breach Report, 80% of data breaches result from poor or reused passwords. Despite all the awareness about cyber security risks, successful attacks, and breaches continue.

A reason for this is that while many organizations know they should invest in identity security and other foundational technologies, they continue to rely on solutions and strategies created for a different era, long before the pandemic, remote work, and more essential compliance requirements. With yesterday’s tools and solutions, they cannot successfully protect their organizations from today’s cyber threats. Further complicating matters is that, in most cases, a lack of visibility into end-user behavior and activities is causing many of these breaches to be missed or understated, further damaging their organization.

Securing the Hybrid Cloud Model

In order to be successful, identity security strategies need to move from an on-premise model to the cloud. When you’re dealing with identity data and sensitive information, you want to make sure that all of your information is secure, in other words, encrypted both at rest and in transit.

Read more from the original post

Cyber Quote

Free Resources

• eBook: "9 Things Leaders Should Know About Cyber Insurance"

• CISA Releases ESXiArgs Ransomware Recovery Script

• SANS Security Policy Templates

• Web Security Academy - Free, online web security training

• CISA - Free Cybersecurity Tools and Services

Trending Story

3 reasons to consider adopting AI cybersecurity tools

AI is instrumental in responding to cyberattacks when paired with cybersecurity best practices — and it helps with security decision-making.

VentureBeatCaleb Merriman, Deltek

Other Bytes

5 biggest risks of using third-party services providers

Here’s how outsourcing business services to a third-party provider might present risk to security, reputation, and regulatory compliance.

CSO OnlineLinda Rosencrance

Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps

Find out how to achieve the perfect balance between DevOps and security teams for a safer and more efficient software development process.

The Hacker NewsFeb 15, 2023The Hacker News

Cyber Scam of the Week

Scams Related to the Turkey-Syria Earthquake

Last week, two earthquakes occurred in Turkey and Syria. Unfortunately, cybercriminals often use crises to get your attention and manipulate your emotions. Cybercriminals have already begun exploiting this event to try to scam you and steal your sensitive information.

In the coming weeks, we expect to see an influx of phishing attacks referencing this recent event. Cybercriminals may send phishing emails with links asking you to donate money or view “exclusive” videos relating to this news. Clicking these links could allow cybercriminals to steal your sensitive information or install malware on your device.

Follow the tips below to stay safe from these types of scams:

Avoid making donations to unknown users. If you would like to donate to support a cause, donate directly through a trusted organization's website.
Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively.
Stay informed by following trusted news sources. If you see a sensational headline, research the news story to verify that it’s legitimate.

This Cyber Scam is provided by our sponsors: Netsync & KnowBe4

Cybersecurity Social

Just a couple of interesting social posts

Did someone forward this email to you? Awesome! You can sign up here and not miss a week of the Morning Boot curated cybersecurity newsletter from Mark Lynd

You received this email because you signed up on our website, attended one of our events, or made a purchase from us. If you do not wish to receive this newsletter anymore, you can unsubscribe here.