You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.
NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.
In this week's edition:
- Cyber Bits & Bytes
- Early Warning - Why PCI DSS 4.0 Should Be on Your Radar in 2023
- Featured Article - The Cybersecurity Secret in K12 that Nobody Talks About. Hint: It’s Incident Response
- Cyber Quote - Warren Buffett on his huge concerns about cybercrime
- Free Cybersecurity Resources - eBooks, tools, apps & services
- Trending Story - 15 email security risks and how to address them (2023)
- Cybersecurity News Highlights
- Cyber Scam of the Week - Single Sign-On Smishing
- Social Posts of the Week
Cyber Bits & Bytes
Microsoft hit by big outage: Xbox, Outlook, Teams down Read more about this outage in this Cybernews article
According to this article from Venture Beat by Taryn Plumb titled:"Why focusing on threats over tools can shrink your security stack", too many secuirty solutions can make it difficult to get a unified view of their security posture to defend against prioritized threats. By assessing or utilizing some form of threat analysis (think threat intelligence or threat hunting, etc...), and determining the actual threats for your organization, you can trim down your tool set to combat these threats accordingly.
Cease and Desist: Cybercriminals are Hiring Felons to Launch a Two-way attack on Critical Infrastructure, per a Cyber Express article. In the article they talk about how Cyberattacks on the critical infrastructure has been increasing at a rapid scale, and a some of this is due to cybercriminals hiring felons to launch a two-way attacks on critical infrastructure.
Veterans bring high-value, real-life experience as potential cybersecurity employees is the title of a really good read in this CSO OnlIne article. In the article it points out that Veterans come with a range of hard and soft skills acquired during their military service that often dovetail perfectly into a career in cybersecurity..
How To Reduce Rising Cyber Insurance Costs When You Have a Remote Workforce Read more in this illuminating Cyber Defence Magazine article by Raul Popa.
Why PCI DSS 4.0 Should Be on Your Radar in 2023
For any organization accepting online payment information, it is critical that they secure that data and keep it secure. The new version 4.0 of PCI DSS is out and will officially replace the PCI DSS 3.2.1 standard in March 2025. Giving businesses enough time to plan, transition, test and then move into production their support for Payment Card Industry Data Security Standard (PCI DSS) 4.0. This standard was created by leading credit card companies to establish guidelines and best practices for protecting consumers' information.
Businesses accepting credit cards and storing customers information should take these extra steps included in PCI DSS 4.0 to ensure their customer data is secure. and to stay ahead of the compliance curve.
You can read more of this article.
Featured Original Article
The Cybersecurity Secret in K12 that Nobody Talks About. Hint: It’s Incident Response
Note: Candidly, this article applies to most of public sector and definitely with higher education.
Too Many K12s Have No Incident Response
Effective incident response is essential for K-12 schools in order to improve their cybersecurity posture and prepare for cyber threats. These threats can range from simple phishing attacks to more sophisticated breaches of networks, applications and systems, and they can have serious consequences for K12 schools. By implementing a comprehensive incident response plan, schools and testing it regularly they can minimize the damage caused by these threats, get back to normal operations more quickly and reduce the risk for the school and district.
I meet with 50-60 K12s a year and discuss in detail and use a tabletop exercise to walk them thru the carnage and chaos they may face if not properly prepared. Additionally, I present to several hundred more at conferences and meetings and one thing I do almost every time is ask the following question: How many of you by show of hands have incident response? I have yet to see more than 10% raise their hands, it usually less than 5%. I then ask how many of those that raised their hands have tested and actionable incident response and nearly every hand will go down. This is disappointing at the best and frightening at the worst. After all, it is not “if”, but “when” you will be hit.
Candidly and transparently, it is very scary how incident response seems to remain a secret in K12 education, as not enough K12s have it implemented it, have it actionable and tested regularly to experience its many tangible benefits and properly protect their organization.
The Benefits of Incident Response Are Strong
One of the key benefits of effective incident response is that it helps schools to identify and mitigate cyber threats as soon as possible. When an incident occurs, it is important to act quickly and thoughtfully in order to minimize the impact on the school's operations and protect sensitive data. A well-defined incident response plan provides a clear set of steps to follow in the event of an incident, which can help to ensure that the appropriate actions are taken in a timely manner.
Another benefit of effective incident response is that it helps to improve the overall cybersecurity posture of a school, as many are still hard at work in dealing with remote work and learning. This rapid move to remote everything more than doubled their attack surface and increase the threat vectors, which really increased their overall risk. By identifying and addressing the risk and the incidents as they occur, schools can learn from their experiences and implement changes to their systems and processes in order to better protect against future threats. This can include updating software and systems, implementing additional security measures, and providing training and awareness to staff and students.
Effective incident response can also help schools to effectively communicate with stakeholders during an incident. When a cyber threat occurs, it is important to keep parents, students, and staff informed about the situation and the steps being taken to address it. A clear and well-communicated incident response plan can help to ensure that all stakeholders are informed and kept up to date, which can help to minimize the impact on the school's operations and reputation.
In addition to the benefits of improved cybersecurity posture and effective communication with stakeholders, effective incident response can also help schools to minimize the financial impact of cyber threats. Cyber-attacks can result in significant financial losses, including the cost of recovering from the attack, as well as potential legal fees and damages if sensitive data is compromised. By implementing an incident response plan and taking quick action to mitigate the impact of an attack, schools can minimize these costs and get back to normal operations more quickly.
The School and Districts Reputation and Trust With Community Are at Stake
Effective incident response can also help schools to protect their reputation and maintain the trust of their stakeholders. In today's digital age, news of a cyber-attack can spread quickly, and the impact on a school's reputation can be significant. By implementing an incident response plan and taking swift action to address an attack, schools can demonstrate their commitment to the safety and security of their students and staff, which can help to maintain trust and confidence in the school. You only have to look at the news cycle and stories to see how other impacted K12s reputation and trust in the community took a hit due to cyber-attacks and a limited or in-effective incident response capability.
Effective incident response can also help schools to comply with relevant laws and regulations. Many states have laws in place that require schools to report data breaches and other cyber-attacks, and failure to do so can result in fines and other penalties. By implementing an incident response plan, which often has six or seven steps and taking swift action to address an attack, schools can ensure that they are in compliance with these laws and avoid potential legal issues.
Actionable and tested incident response can lower your cyber insurance premiums by demonstrating your ability to respond and recover effectively and quickly. This is important given cyber insurance premiums have been on the rise due to larger claims and less effective insured clients being easier targets for more sophisticated cyber-attacks.
Effective Incident Response Requires People, Technology and Resources
However, in order for incident response to be effective, it is important for schools to have the necessary resources and expertise in place. This includes having access to trained and experienced cybersecurity professionals who can help to identify and mitigate threats, as well as having the necessary tools and systems in place to support incident response efforts.One way for schools to ensure that they have the necessary resources and expertise in place is to work with a managed security service provider (MSSP). An MSSP can provide schools with the necessary tools, expertise, and support to effectively respond to cyber threats, as well as help to identify and mitigate potential threats before they occur. This can be especially beneficial for smaller schools or those with limited IT resources, as it allows them to access the expertise and support, they need without having to hire and train additional staff.
In addition to working with an MSSP, there are a number of other steps that schools can take to improve their incident response capabilities. These include:
- Developing and regularly reviewing and updating an incident response plan: This should include clear roles and responsibilities for staff, as well as steps to be taken in the event of an incident.
- Providing training and awareness to staff and students: This can help to ensure that everyone is aware of the importance of cybersecurity and knows how to identify and report potential threats.
- Implementing strong cybersecurity measures: This can include measures such as two-factor authentication, regular software updates, and strong password policies.
- Regularly testing incident response capabilities: This can be done through simulated incident scenarios or "tabletop" exercises, which can help to identify any weaknesses in the incident response plan and ensure that it is effective.
Incident Response Should Not Be A Secret
For K12 schools to improve their cybersecurity posture and effectively prepare for cyber threats it is essential to do what is needed to ensure effective incident response. By implementing a comprehensive incident response plan, providing training and awareness to staff and students, testing their plan with stakeholders engaged and potentially working with an MSSP, schools can minimize the impact of cyber threats and get back to normal operations more quickly. In this increasingly digital world that K12s find themselves operating in it is imperative that schools better protect themselves against cyber threats and ensure that they are prepared to effectively respond in the event of an incident.
Ultimately, in this news-cycle driven society a K12 staff and leadership will be remembered for their preparation and how well they responded and recovered from an incident, so the time is now to get ready.
';--have i been pwned? - Check you phone or email for a breach
Web Security Academy - Free, online web security training
Cyber Scam of the Week
Single Sign-On Smishing
Okta's single sign-on (SSO) service allows users to log in to multiple accounts by using one set of login credentials. Unfortunately, users aren't the only people who benefit from this service. Cybercriminals are taking advantage of Okta and other SSO services in a recent smishing (SMS phishing) scam.
To start this scam, cybercriminals send you a text message about an important update to one of your organization’s policies. The text message says to tap a link to read the updated policy. If you tap the link, you'll be taken to a fake Okta login page and prompted to enter your login credentials. Then, the cybercriminals can use your credentials to access your Okta account and other accounts linked through the service. Once they have access, the cybercriminals can steal sensitive information from you and your organization.
Follow the tips below to stay safe from similar scams:
Always be cautious of unexpected text messages. While this scam targets Okta users, it could be used with any authentication service.
Think before you click! Cyberattacks are designed to catch you off guard and make you act impulsively.
Never tap on a link in a text message that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
Just a couple interesting social posts
Did someone forward this email to you? Awesome! You can sign up here and not miss a week of the Morning Boot curated cybersecurity newsletter from Mark Lynd
You received this email because you signed up on our website, attended one of our events, or made a purchase from us. If you do not wish to receive this newsletter anymore, you can unsubscribe here.