Cybersecurity Newsletter

newsletter
facebook logo  twitter logo  linkedin logo  mail icon

You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.

Thank you from Mark Lynd - #1 Ranked Global Security Thought Leader

NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

  • Cyber Bits & Bytes
  • Early Warning - Study - The increasing number of endpoint security tools overwhelms users and leaves devices vulnerable.
  • Featured Article - 5 Top Benefits of Threat Intelligence in 2023
  • Cyber Quote - Rusty Kennington, CIO at Henry Corp.
  • Free Cybersecurity Resources - eBooks, tools, apps & services
  • Trending Story - Foreign states already using ChatGPT maliciously
  • Cybersecurity News Highlights
  • Cyber Scam of the Week - Clone Phishing Scams
  • Social Posts of the Week

Cyber Bits & Bytes

Why large U.S. universities are blocking TikTok right now - Read more in this CyberTalk.org article

Here are several trends for public sector in 2023 in this article from Federal news Network by Sean Frazier titled:"Public Sector Technology Trends in 2023: Less on Zero Trust and More on CX.

ALERT: CISA Releases ESXiArgs Ransomware Recovery Script for victims, from the Cybersecurity & Infrastucture Security Agency

5 mysterious new malware that could burn your business is the title of a really good read on CyberTalk.org. In the article it points five new mysterious kinds of malware that are affecting organizations.

Early Warning

Study - The increasing number of endpoint security tools overwhelms users and leaves devices vulnerable.

A new study is validating what I am seeing on the ground with our customers regarding the dangers of IT management and security tools, not only for endpoints, but in general. Too many consoles, too many alerts and too many notifications actually reduce the visibility for many organizations because they do not have the people or time to follow-up on all of them. Even severity prioritization is not going to solve this issue. For many this means turning to a platform solution that consolidates all these activities and helps organize, prioritize and increase visibility dramatically, which has a positive impact on the team and organization's ability to remediate many of these issues before they become an painful incident. This is even more important for endpoint, as it impacts the end-users devices that are used to drive business for the organization. Therefore, it requires a delicate and thoughtful approach and touch.

Here is an article excerpt from a CSO Online article written by JonGold: "Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group.

Between the ongoing influence of remote work and IoT, the number and diversity of devices that have to be managed by endpoint security tools is on the rise. As a consequence, the number of available tools to manage them has also risen.

An ESG survey of 380 security professionals in North America, commissioned by cybersecurity company Syxsense, showed that companies using larger numbers of different tools to manage their endpoints had larger proportions of unmanaged endpoints, compared to those with fewer. Put simply, the complexity of the current-day device environment is leading to worse security, according to the research."

Given the IT and cybersecurity labor shortage it is more important than ever to consider a management and security tools consolidation. Not only will you save on your spend (licensing, training, maintenance, etc...), but it can have a very positive impact on your overall environment and security visibility and improve your team's ability to protect your organization. Sounds like a great project to work on and complete in 2023.

Featured Original Article

Original article by Mark Lynd titled: "5 Top Benefits of Threat Intelligence in 2023".

5 Top Benefits of Threat Intelligence in 2023

It is concerning to see how many businesses out here are not making use of threat intelligence or threat hunting to ensure they have identified and understand the truly relevant threats they need to plan, protect and be ready to respond too. It is literally the best way to ensure your cybersecurity spend is aligned with your target cybersecurity posture and acceptable risk.

Threat intelligence is a critical component of effective cybersecurity for businesses of all sizes. It involves the collection, analysis, and dissemination of information about potential threats to an organization, with the goal of helping the organization prepare for and defend against those threats.

Let's explore the five top benefits of threat intelligence for businesses.

Proactive defense against potential threats: One of the primary benefits of threat intelligence is the ability to proactively defend against potential threats. By gathering and analyzing information about the tactics, techniques, and procedures (TTPs) of malicious actors, businesses can better understand the types of threats they may face and implement appropriate controls and defenses to protect against those threats. This can include implementing technical controls such as firewall rules and intrusion detection systems, as well as strengthening policies and procedures and educating employees on how to recognize and report potential threats.

Prioritization of resources and efforts: With so many potential threats facing businesses today, it's important to prioritize resources and efforts to ensure that the most pressing issues are addressed first. Threat intelligence can help businesses understand the specific threats facing their organization and allocate resources accordingly, ensuring that valuable time and resources are not wasted on less pressing matters.

Improved incident response: In the event that a business does experience a cyber attack, having access to relevant threat intelligence can significantly improve the organization's incident response efforts. By understanding the TTPs of the attackers, the business can more effectively track and remediate the attack, minimizing the damage and getting back to business as usual as quickly as possible.

Compliance with industry regulations and standards: Many industries have specific regulations and standards in place to ensure that businesses are taking appropriate measures to protect against cyber threats. By leveraging threat intelligence to stay informed about relevant threats and implementing appropriate controls, businesses can meet their compliance obligations and reduce the risk of regulatory fines or legal action.
Enhanced reputation and customer trust: In today's digital age, cyber attacks can have significant consequences for businesses beyond just the technical impacts. Reputation and customer trust can be seriously damaged if a business experiences a significant cyber attack. By leveraging threat intelligence to proactively defend against potential threats, businesses can protect their reputation and build customer trust by demonstrating their commitment to cybersecurity.

In summary
Threat intelligence is a valuable tool for improving cybersecurity in businesses of all sizes and will ensure you security spend is right-sized for your organization. By gathering and analyzing information about potential threats, businesses can proactively defend against those threats, prioritize their resources and efforts, improve incident response, meet compliance obligations, and enhance reputation and customer trust. By leveraging threat intelligence, businesses can better protect themselves and their assets against the ever-evolving landscape of cyber threats.

If you haven't made any investments in threat intelligence or threat hunting, then take action in 2023 and improve your security posture and reduce your risk.

Read original post

Cyber Quote

Bruce Schneier quote on his concerns about cybercrime

Free Resources

Trending Story

Foreign states already using ChatGPT maliciously, UK IT leaders believe
Most UK IT leaders are concerned about malicious use of ChatGPT as research shows how its capabilities can significantly enhance phishing and BEC scams.
CSO OnlineMichael Hill

Other Bytes

Five Data Fundamentals to Quash Cyber Crime
For cyber criminals there’s never been a happier time - and for the rest of us a riskier time - than now, with constantly growing data footprints and operational disruption escalating the potency of cybercrime. Whilst we are only through the first few months of 2022, we have already had several warn…
TechNativeadmin
Massive ransomware attack targets VMware ESXi servers worldwide
Cybersecurity agencies globally — including in Italy, France, the US and Singapore — have issued alerts about a ransomware attack targeting the VMware ESXi hypervisor.
CSO OnlineApurva Venkat
Netsync Ad for Security Services

Cyber Scam of the Week

Clone Phishing Scams

Organizations often use email to send important information to their customers. If an organization sends out an email that’s missing information, they may send you a follow-up email. Now, cybercriminals are using a technique called “clone phishing” to imitate these follow-up emails and manipulate you.

To start the scam, cybercriminals hijack an email account from a legitimate organization. They use the hijacked account to find an email that was previously sent to you and clone it. To make the clone email look like a typical follow-up email, the cybercriminals add text that claims the original email was missing an attachment with urgent information. If you download the attachment in the clone email, you won’t receive important details about the original message. Instead, you’ll download malware that allows cybercriminals to steal your sensitive information.

Follow the tips below to stay safe from clone phishing scams:

Don’t trust that an email is legitimate just because it was sent through a trusted email address. Cybercriminals can use stolen email addresses to make their scams more believable.
Watch out for a sense of urgency in messages that you receive. Phishing attacks rely on impulsive actions, so always think before you click.
Never click a link or download an attachment in a message that you aren’t expecting.

This Cyber Scam is provided by our sponsors: Netsync & KnowBe4

Cybersecurity Social

Just a couple interesting social posts

Did someone forward this email to you? Awesome! You can sign up here and not miss a week of the Morning Boot curated cybersecurity newsletter from Mark Lynd

You received this email because you signed up on our website, attended one of our events, or made a purchase from us. If you do not wish to receive this newsletter anymore, you can unsubscribe here.

Questions, Suggestions & Sponsorships? Please email: mark@marklynd.com

💌 Subscribe to Mark Lynd

Join a growing community of more than 130,000 friendly readers. Every Sunday I share actionable productivity tips, practical life advice, and high-quality insights from across the web, directly to your inbox.

Thank you for subscribing!
Please check your inbox for a link to confirm your email address.

© Relevant Track, LLC. 2023.