You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.
NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.
In this week's edition:
- Cyber Bits & Bytes
- Early Warning - Trend: How threat modeling can reduce your cybersecurity risk
- Featured Article - 5 Brilliant Ways to Use Identity Management and Governance
- Cyber Quote - Albert Einstein - Keep Questioning
- Free Cybersecurity Resources - eBooks, tools, apps & services
- Trending Story - Economic pressures are increasing cybersecurity risks; a recession would amp them up more
- Cybersecurity News Highlights
- Cyber Scam of the Week - Fraudulent Funds Transfers
- Social Posts of the Week
Cyber Bits & Bytes
10 Top cyber Security Conferences, 2023 - Read more in this Cybertalk.org article.
50 Cybersecurity Titles That Every Job Seeker Should Know About reported in Cybersecurity Ventures. There will be 3.5 million unfilled cybersecurity in 2023 — enough to fill 50 NFL stadiums — according to Cybersecurity Ventures. If you’re a student, parent, teacher, IT worker, or anyone interested in the cybersecurity field, then this handy list of 50 titles will provide insight into a myriad of possible career opportunities.
New Report Highlights Concerning Trends For Cyberwarfare- Article from Forbes.
How CISOs can manage the cybersecurity of high-level executives is the title of a really good read on CSO Online. The article talks about C-suite executives and board members that are targeted through their personal devices as cybercriminals look to penetrate corporate systems and access sensitive and proprietary information. Protecting them requires a holistic approach.
Trend: How threat modeling can reduce your cybersecurity risk
Excerpt: Threat modeling, a common practice in application development, is essentially the same thing as what the insurance world calls “risk analysis.” It offers a better understanding of where threats are coming from and allows you to put mitigating controls in the right places. This leads to not only better security, but potentially lower costs. For instance, if you put up a web application firewall (WAF) behind critical applications, it’s possible you added some protection. For the WAF to work properly, however, it needs to be configured, and an employee needs to maintain it, adding more expense.
What you don’t get in that scenario is any intel as to doors you may have unintentionally left open in your attack surface
Read more in this Venture Beat Article
Featured Original Article
5 Brilliant Ways to Use Identity Management and Governance
A CIO recently came to me with a question about how their peers were effectively managing organizational identity and identity governance, wanting to improve their organization’s security and productivity. Utilizing the Zero Trust security framework to improve their security posture and identity was a priority to consider as well. This inspired me to think deeply about how successful organizations get started using a powerful identity management and governance solution across all their existing environments and applications, as well as any future additions. Here are five brilliant places to start:
1) Use Lifecycle Management to Automate and Do More with Less
Technology can make our jobs easier but fast and proper access to it and the applications that drive modern organizations can still be challenging. In today’s pandemic-affected work environments, employees need to be able to work from anywhere at any time. Providing secure and reliable access to the information and applications they need to do their jobs is driving increased demand for faster, more streamlined business processes. One result? An explosion of user identities and passwords with many organizations having little in place to effectively manage or govern them.
Just how big is your organization’s password crisis? According to an article in the Evening Standard, current estimates suggest there are about 300 billion passwords in use and with approximately 7 billion people this amounts to 43 passwords per person, that’s a lot for anyone or any organization to remember and track, especially if they need to be random and unique. Not only that, in the average organization approximately 50 passwords are persistent i.e., they never change and are constantly used by an application. Fortunately, implementing identity and governance solutions, like SailPoint with powerful lifecycle capabilities, is easier than ever. These lifecycle capabilities allow administrators of any skill level to gain visibility into every system, process, user account, or access request in their environment. It provides a central platform for identity management that automates processes across your identity lifecycle: onboarding, off-boarding, provisioning, access reviews, and other tasks associated with managing an enterprise’s identities.
Using lifecycle management gives you control over how your security is managed and ensures access to sensitive data is controlled and governed. If your organization needs to do more with fewer resources, wants to boost security, enhance governance or improve onboarding/off-boarding, then lifecycle management is a must-have.
2) Simplify and Improve Compliance Management; Be Audit-ready
If you don’t already have a centralized identity management and governance solution in place, then managing compliance is likely a nightmare. As soon as someone moves on or leaves your organization, it’s time-consuming work to change access rights. If employees are changing roles or collaborating with people outside your company (such as contractors), getting them set up with new rights takes a lot of effort. So how do you keep everything organized? Employ an enterprise-wide identity management system. Not only will you be able to reduce regulatory risk, but you’ll also save a ton of money by simplifying compliance management. While setting one up can seem like a huge undertaking, it doesn’t need to be complicated. People who use cloud-based identity tools report improved productivity, stronger security, and faster onboarding/offboarding for new hires because they don’t need assistance from IT professionals for basic tasks. Since there’s less time spent on repetitive administration tasks, these professionals say they can focus on higher-level responsibilities.
Additionally, they allow you to protect yourself from insider threats using identity governance: combine data masking, privacy dashboards, and strong policies to help ensure employees can’t view sensitive data they shouldn’t see. Or employ de-provisioning workflows that erase both digital data and physical assets when leaving positions of trust within your organization.
Nearly every organization needs identity management solutions that can adapt to their business and make sure they meet compliance requirements. Many organizations need to meet some mixture of GDPR, PCI, HIPAA, or other compliance requirements and supporting identity tracking and compliance for audit is imperative. By having this identity compliance capability, they are able to effectively serve their customers, grow their business, and comply with industry regulations.
Read more from the original post
Web Security Academy - Free, online web security training
At Bay - Free Cyber risk Calculator
Cyber Scam of the Week
Fraudulent Funds Transfers
Organizations often use email to send their employees invoices that they need to pay. Now, cybercriminals are taking advantage of this process by using fraudulent funds transfer (FFT) scams. In FFT scams, cybercriminals try to manipulate you into transferring your organization’s funds to their bank accounts.
To start an FFT scam, cybercriminals use social engineering to steal an email account from your organization. Then, they use this account to send you an email pretending to be an executive from your organization. This email lists bank account information and states that you need to send a payment to the bank account as soon as possible. If you send this payment, you won’t be paying an important invoice for your organization. Instead, you’ll be sending your organization’s money directly to cybercriminals.
Follow the tips below to stay safe from similar scams:
Always think before you click! Cybercriminals can use fake invoices to alarm you and trick you into clicking impulsively.
Never send money to a bank account provided in an email. Instead, navigate to the organization’s official website to submit a secure payment.
To verify the legitimacy of an invoice, reach out to the person who allegedly sent the email by phone or in person.
This Cyber Scam is provided by our sponsors: Netsync & KnowBe4
Just a couple of interesting social posts
Did someone forward this email to you? Awesome! You can sign up here and not miss a week of the Morning Boot curated cybersecurity newsletter from Mark Lynd
You received this email because you signed up on our website, attended one of our events, or made a purchase from us. If you do not wish to receive this newsletter anymore, you can unsubscribe here.