You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.
NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.
In this week's edition:
- Cyber Bits & Bytes
- Early Warning - Trending: Phishing is what type of attack? Definition, trends and best practices
- Featured Article - 5 Valuable Benefits of Zero trust
- Cyber Quote - John Wooden on Achievement
- Free Cybersecurity Resources - eBooks, tools, apps & services
- Trending Story - Experts predict how AI will energize cybersecurity in 2023 and beyond
- Cybersecurity News Highlights
- Cyber Scam of the Week - Is ChatGPT Your Next Financial Advisor?
- Social Posts of the Week
Cyber Bits & Bytes
3 ways to screw up a multicloud deployment - Read more in this InfoWorld article. We’re experienced with multicloud, but we’re also making common mistakes. Make sure you plan common services and have all your people on board.
Municipal CISOs grapple with challenges as cyber threats soar Interesting article in CSO Online. Municipal CISOs grapple with challenges as they become targets for nation-state threat actors, cope with regulations, and pursue funding from resource-constrained governments.
New malware variant has “radio silence” mode to evade detection- Article from Bleepin Computer.
5 cybersecurity trends people who work from home need to know is the title of a really good read by Fast Company. The article talks about how as remote and hybrid work settle in, companies and individuals should be aware of these security issues.
Trending: Phishing is what type of attack? Definition, trends and best practices
Excerpt: Phishing threats have been making waves in the threat landscape, as they are responsible for more than 80% of security incidents.
However, with all the cyber terminology thrown around, such as malware, hacks, and data loss – how do we classify phishing threats?
Phishing attacks are social engineering attacks. Thus, the emphasis isn’t only on the technical aspect, but also on the human element.
Hacking vs. social engineering
Hacking and social engineering are two terms that have distinct and specific meanings. Nonetheless, both refer to ways of obtaining access to information or systems. So how do they differ?
Hacking is the process of breaking into a computer system or network to gain access to information or resources. It involves a variety of techniques, including exploiting vulnerabilities in software or hardware, using malware, and manipulating computer networks.
Social engineering, on the other hand, is the process of manipulating people into performing certain actions or divulging confidential information. It uses psychological manipulation techniques such as phishing, pretexting, and baiting to gain access to sensitive information.
Read more in this CyberTalk.org Article.
Featured Original Article
5 Valuable Benefits of Zero Trust
Every day more organizations of all sizes are realizing that security needs to be a top priority. The traditional security model, which relies on perimeter defenses, is no longer effective in today's world. Zero Trust offers a new way to secure your business, providing several benefits over the traditional security model. While implementing Zero Trust can be difficult, the benefits are worth it.
Security is a top priority for businesses of all sizes
In the age of digital transformation and remote learning and work, the importance of cybersecurity can't be overstated. Every day, organizations large and small are more susceptible to data breaches, malware attacks, and other cyber threats. That's why it's essential for organizations of all sizes to prioritize cybersecurity. By taking measures to protect their data and their customers' data, organizations can stay one step ahead of the criminals who are looking to exploit vulnerabilities.
The traditional security model is no longer effective
The Traditional Approach to Cybersecurity relies on a "perimeter" to keep an organization's data safe. This perimeter can be thought of as a wall that surrounds an organization's network. The thinking behind this approach is that if you can keep the bad guys from getting through the wall, then your data will be safe.
They create this wall by creating a "demilitarized zone" (DMZ) between their internal network and the internet. Within the DMZ, they place critical systems and data that need to be accessible to external users—such as website servers, email servers, and VPN concentrators. These systems are then protected by a firewall that controls traffic flow in and out of the DMZ.
The problem with this approach is that it assumes that everything inside the DMZ can be trusted. But as we've seen time and time again, malicious insiders are often the source of data breaches. In fact, according to a recent study by Experian, employee error or negligence was responsible for nearly 40% of all data breaches.
Additionally with the rise of cloud computing, more and more organizations are storing their data off-site. This means that the data is no longer within the physical perimeter of the organization and is therefore more vulnerable to attack. Even if an organization's data is stored on-site, the perimeter model does not take into account the fact that many employees now work remotely. This means that there are many potential points of entry into an organization's network that are not protected by the perimeter.
Cybercriminals can breach most company networks in record time. The study reported in CPO Magazine found that in 93% of the attacks, cybercriminals could breach company networks' perimeter and access internal network resources. On average, it takes just two days to penetrate a company's internal network.
The bottom line is traditional approach to cybersecurity using a perimeter is no longer effective. Organizations need to adopt a new model that takes into account these changes in how we work and store data. Enter the zero trust network security model.
Zero Trust offers a new way to secure your business
Zero Trust is a security approach that assumes that nothing and no one can be trusted by default—including insiders. All users, regardless of their location or device, must be verified and authenticated before they're granted access to company data and systems. This approach has shown to be highly effective at foiling even the most sophisticated cyberattacks.
Read more from the original post
Web Security Academy - Free, online web security training
At Bay - Free Cyber risk Calculator
Cyber Scam of the Week
Is ChatGPT Your Next Financial Advisor?
ChatGPT, an artificial intelligence (AI) chatbot created by OpenAI, has risen in popularity since its release last year. Now, cybercriminals are using ChatGPT’s popularity to lure you into phishing scams. In one of these scams, cybercriminals try to trick you with a fake new ChatGPT feature.
The scam starts with a phishing email informing you that ChatGPT has a new feature to help you invest in the stock market. If you click the link in the email, you’ll be taken to a spoofed ChatGPT website and prompted to enter your contact information. Then, a representative will call you and request that you submit a payment to open your investment account. Unfortunately, if you submit a payment, that money won't help you invest in the stock market. Instead, cybercriminals will steal it to invest in their own malicious pursuits.
Follow the tips below to stay safe from similar scams:
Before you click a link, hover your mouse over it. Make sure that the link leads to a legitimate, safe website that corresponds with the content in the related email.
Be cautious of unexpected investment opportunities. Remember, if something seems too good to be true, it probably is!
Never submit payments to a bank account provided in an email, text message, or phone conversation. Instead, navigate to the organization’s official website to submit a secure payment.
This Cyber Scam is provided by our sponsors: Netsync & KnowBe4
Just a couple of interesting social posts
Did someone forward this email to you? Awesome! You can sign up here and not miss a week of the Morning Boot curated cybersecurity newsletter from Mark Lynd
You received this email because you signed up on our website, attended one of our events, or made a purchase from us. If you do not wish to receive this newsletter anymore, you can unsubscribe here.