Table of Contents
- Navigating the Cyber Landscape: 5 Insights for Strengthening Cybersecurity Hygiene from Latest C…
- Pioneer of Personal Cybersecurity™ BlackCloak Discovers Crucial Vulnerabilities at Affluent Trop…
- A Quick Q&A with Jonathan Tomek, Vice President of R&D at Digital Element
- PLDT’s Panlilio: new cybercrime bills to protect customers
- Trustwave Releases New SpiderLabs Research Focused on Actionable Cybersecurity Intelligence for …
- SEC tells companies to “show their work” on cybersecurity
- Law firm Fieldfisher launches data breach management tool – Evisos info
- Your Guide To Becoming A Metaverse Security Specialist: Safeguarding The Virtual Realm | URECOMM
- Rapid7 and USF Collaborate on Cyber Training Initiative
- ATT&CKcon 4.0 to Celebrate 10th Anniversary of MITRE ATT&CK® – Mangaloremirror.com
- Acko Transforming Customer Experience: Underwriting to Data Protection, Empowered by Emerging Te…
- Top 5 behaviors of successful CISOs: Gartner | Cybersecurity Dive
- SEC cyber disclosure rules put CISO liability under the spotlight | Cybersecurity Dive
- What are Software Supply Chain Attacks?
- Cynomi Study Reveals Number of MSPs Providing Virtual CISO Services Will Grow Fivefold By Next Year
- Announcing ‘The Cyber Savvy Boardroom: Essentials Explained’ | finanzen.net
- The importance of CISOs is not recognised by senior leadership
- Magnificent News: The Cybersecurity 202: CISA makes a big-name hire for its crusade against inse…
- Scybers and Cyber Leadership Institute Partner to Develop the Next Generation of Cybersecurity L…
- Why cyber risk is one of the top critical risks facing organisations today – and why it’s growin…
- Cybersecurity in the Industry 4.0 Era | P&T Review
- New IDC Report: DNS Threat Intelligence for Proactive Defense
- Spotlight on Cybersecurity Leaders: Arun DeSouza
- US lawmakers introduce small business cybersecurity bill. ICC to prosecute digital war crimes. N…
- The International Criminal Court will start prosecuting cyber war crimes | Entrepreneur Canada
- Prompt injection attacks threaten AI chatbots and other news – The News Intel
- Mid-year state of the cyber market update
- You’re ready for the new SEC cybersecurity rules. Have you included your OT? – E-DeshSeba
- CISA advisory committee urges action on cyber alerts and corporate boards
- IAM, cloud security to drive new cybersecurity spending
Navigating the Cyber Landscape: 5 Insights for Strengthening Cybersecurity Hygiene from Latest C…
Rashmi Ramesh
This webinar discusses five tips that organizations and individuals can use to strengthen cybersecurity.
The tips include utilizing security automation, relying on proactive and integrated risk management, investing in personnel and training, leveraging cloud technologies, and establishing a culture of cybersecurity.
The webinar also provides an overview of the current cyber landscape and the threats and challenges that organizations face when attempting to protect their data and infrastructure.
Additionally, it provides advice on how organizations can assess their cybersecurity needs and how they can develop a successful cybersecurity strategy.
The webinar also offers an in-depth look at the changing role of the Chief Information Security Officer (CISO) and insights into how the CISO’s role will evolve in the future.
Link: https://www.bankinfosecurity.com/webinars/navigating-cyber-landscape-5-insights-for-strengthening-cybersecurity-w-5034
Pioneer of Personal Cybersecurity™ BlackCloak Discovers Crucial Vulnerabilities at Affluent Trop…
BlackCloak, a company specializing in digital executive protection and concierge cybersecurity, has released a report highlighting cybersecurity weaknesses in Caribbean vacation destinations frequented by high-profile individuals.
The report reveals vulnerabilities in the cybersecurity infrastructure of these exclusive locations, posing risks to sensitive data, home and yacht access, and other navigational aids.
The findings emphasize the need for continuous vigilance and proactive security measures, even in seemingly serene environments.
Key discoveries include the high vulnerability to cyber attacks due to the interconnected network of yachts, villas, and local infrastructure, the use of less secure equipment, and the exposure of critical weaknesses in networking devices.
The report also uncovered a trove of private data, such as resident names, addresses, and vessel details.
Collaborative efforts have been initiated to strengthen cybersecurity measures and mitigate risks.
BlackCloak is committed to partnering with the community to ensure personal cybersecurity and peace of mind.
Link: https://www.prweb.com/releases/pioneer-of-personal-cybersecurity-blackcloak-discovers-crucial-vulnerabilities-at-affluent-tropical-islands-301919855.html
A Quick Q&A with Jonathan Tomek, Vice President of R&D at Digital Element
Clare Christopher
This conversation is ahead of Cyber Security month, and sharing what information is available for our network of tech leaders and the cyber security solutions available to them.
Johnathan Tomek is a VP at Digital Element, a global IP geolocation and intelligence leader for over 20 years.
There, he is a seasoned threat intelligence researcher with a background of network forensics, incident handling, malware analysis, and many other technology skills.
Previously, Jonathan served as CEO of MadX LLC, Head of Threat Intelligence with White Ops, and Director of Threat Research with LookingGlass Cyber Solutions, Inc.
In this Q&A Jonathan shares the challenges that many of the world’s largest websites, brands, security companies, ad networks, social media platforms and mobile publishers face–and the best practices his team takes to combat online fraud.
Link: https://sandhill.com/article/a-quick-qa-with-jonathan-tomek-vice-president-of-rd-at-digital-element/
PLDT’s Panlilio: new cybercrime bills to protect customers
Upgrade Staff
PLDT’s Panlilio: New Cybercrime Bills to Protect Customers
In an effort to better protect consumers, the Philippine Long Distance Telephone Company (PLDT) has proposed four new cybercrime bills that will allow it to take stronger measures against online threats and scams.
The proposed legislation, which is currently under review by the Philippine Congress, is being championed by PLDT chairman Manuel V.
Pangilinan and is aimed at strengthening existing laws, improving consumer protection, and enhancing the penalties for those found guilty of cybercrimes.
The proposed bills include: a Cybercrime Prevention Act of 2022, which would define the scope and elements of cybercrime, impose stiffer penalties on violators, and provide legal remedies to victimized individuals; a Cybercrime Investigation and Detection Act of 2022, which would strengthen law enforcement’s ability to investigate cybercrimes; a Cybercrime Agreement Recognition Act of 2022, which would enable the recognition of international agreements in relation to cybercrimes; and a Cybercrime Education and Awareness Campaign of 2022, which would create public awareness for cybercrimes and promote public safety.
If passed into law, the bills drafted by PLDT would provide additional protection for users of the country’s
Link: http://www.upgrademag.com/web/2023/09/06/pldts-panlilio-new-cybercrime-bills-to-protect-customers/
Trustwave Releases New SpiderLabs Research Focused on Actionable Cybersecurity Intelligence for …
businesswire.com
Trustwave, a leading cybersecurity provider, has released a report detailing the unique cybersecurity risks faced by the hospitality industry.
The report, “2023 Hospitality Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies,” documents the attack flow used by threat groups, including brute forcing, exploiting known vulnerabilities, and attacking open ports.
The hospitality industry, which includes hotels, restaurants, and cruise ships, has a vast and complex cybersecurity threat landscape.
Nearly 31% of hospitality organizations have reported a data breach, with 89% affected more than once in a year.
The report also highlights the top exploits used by threat actors, the use of HTML attachments for email-borne malware, and the prevalence of brute force attacks for obtaining credential access.
It also discusses emerging trends such as the use of AI and contactless technology, and the unique cybersecurity challenges faced by the industry, including a diverse workforce, constant user turnover, and physical security concerns.
The report serves as a resource for hospitality organizations to understand and combat the multitude of attack groups and techniques deployed against them.
Link: https://www.businesswire.com/news/home/20230907588169/en/Trustwave-Releases-New-SpiderLabs-Research-Focused-on-Actionable-Cybersecurity-Intelligence-for-the-Hospitality-Industry
SEC tells companies to “show their work” on cybersecurity
Matt Spohn
In
new rules that come into effect later this year for most public companies (and next year for the rest), the Securities and Exchange Commission (SEC) is telling security professionals, management, and boards of directors: “show your work.” For the first time, the rules require extensive, regular disclosures regarding companies’ cybersecurity programs and material cybersecurity incidents.Starting December 18, 2023 (for most), public companies must make public SEC-mandated disclosures of:
– cybersecurity incidents within four days of determining they are material (and make that materiality determination “without unreasonable delay”);
– processes for assessing, identifying, and managing material cybersecurity risks, including: (1) a description of the company’s cybersecurity risk program; (2) whether the company engages assessors, consultants, auditors, or other third parties in connection with the program; and (3) whether the company has policies and procedures to oversee, identify, and mitigate the cybersecurity risks associated with its use of any third-party service providers;
– their board of directors’ oversight of cybersecurity risks; and
– management’s role in assessing and managing material cybersecurity risks
For a more detailed discussion of the rules’ legal particulars, you can find a good resource
here.Some key takeaways:
– The rules do not require companies to name the specific cybersecurity vendors it uses, but as investors (and regulators) focus more on companies’ cybersecurity maturity they may start looking for disclosures that a company uses broadly-effective solutions like identity and access management, endpoint protection, and
managed detection and response (MDR)services to manage risk.
Link: https://redcanary.com/blog/sec-rules-cybersecurity/
Law firm Fieldfisher launches data breach management tool – Evisos info
With Information Commissioner’s Office (ICO) figures showing thousands of breach notifications monthly, almost half of which take more than the maximum 72-hours allowable under the UK and European Union (EU) GDPRs to be reported, Fieldfisher said clients had been clamouring for a way to help them manage their compliance obligations in tandem with the legal advice it already offers.“The Fieldfisher Data Breach Manager will cement Fieldfisher as a progressive law firm that utilises technology to safeguard their clients’ businesses into the future by consistently addressing newly arising issues with effective solutions.” In related news, across the Atlantic, new regulations handed down by the Securities and Exchange Commission (SEC), governing reporting requirements for breaches at public companies, come into force today (5 September), just over 30 days after their official publication in the US Federal Register, accounting for public holidays.
Link: https://www.evisos.info/2023/09/05/law-firm-fieldfisher-launches-data-breach-management-tool/
Your Guide To Becoming A Metaverse Security Specialist: Safeguarding The Virtual Realm | URECOMM
URECOMM NEWS
First and foremost, these professionals are responsible for ensuring that the metaverse platforms and virtual environments are equipped with robust cybersecurity measures.Metaverse Security Specialists work to secure these assets, employing encryption, access controls, and blockchain-based security mechanisms to prevent unauthorized access and theft.In virtual environments where user-generated content is prevalent, Metaverse Security Specialists are responsible for content moderation.Therefore, Metaverse Security Specialists must understand blockchain security principles and ensure the integrity and safety of blockchain-based assets.Metaverse Security Specialists often work closely with developers, platform administrators, and other security professionals to implement and maintain security measures.Metaverse Security Specialists must stay informed about emerging threats, security technologies, and best practices.Despite these challenges, the role of a Metaverse Security Specialist is crucial in ensuring the safety and security of users and their digital assets within virtual environments.So, if you have a passion for cybersecurity, a deep understanding of virtual environments, and a desire to protect the metaverse, a career as a Metaverse Security Specialist may be the perfect fit for you.
Link: https://urecomm.com/your-guide-to-becoming-a-metaverse-security-specialist-safeguarding-the-virtual-realm/
Rapid7 and USF Collaborate on Cyber Training Initiative
Rapid7
Rapid7 and the University of South Florida have announced the start of a collaborative cyber security training initiative funded by a $1.5 million grant from the Office of Naval Research and the National Science Foundation.
The initiative, which will be lead by Rapid7’s Chief Learning Officer g.
Gordon Smith, will focus on developing innovative approaches to training and education for both students and professionals.
The project will develop virtual learning platforms, mobile apps, and accelerated-learning curriculums.
Developing practical cyber security skills for both students and professionals is a key focus of the project, as well as researching and understanding the various continuing education options and learning pathways for cybersecurity professionals.
The grant will allow the Rapid7 team and its partners at USF to create new and innovative training solutions to better equip students and professionals with the skills they need to address the ever-evolving cyber security landscape.
The grant will be used for research, curriculum development, and faculty and student engagement across multiple campuses.
“We are thrilled to partner with the University of South Florida on this important initiative,” said Samuel Visner, Chief Learning Officer at Rapid7. “We believe that learning should be accessible and tailored to the individual, and this project
Link: https://bit.ly/3PaOvV7
ATT&CKcon 4.0 to Celebrate 10th Anniversary of MITRE ATT&CK® – Mangaloremirror.com
admin
MITRE ATT&CK® is celebrating its 10th anniversary with ATT&CKcon 4.0, a two-day event on October 24-25 at MITRE’s headquarters in McLean, Va.
The conference aims to help users enhance their threat-informed defense using the cybersecurity framework.
It will provide networking opportunities for cyber leaders and practitioners across the workforce spectrum.
The conference will feature keynote speaker Runa Sandvik, the founder of Granitt, and a panel of MITRE ATT&CK’s original creators discussing the evolution of the framework.
Other sessions will cover topics like communicating cyber defense issues to stakeholders, evaluating a security operations center, applying MITRE ATT&CK to aviation security, and defending against specific cyber threats.
In-person registration is now open, and virtual registration opens on September 26.
Link: https://www.mangaloremirror.com/attckcon-4-0-to-celebrate-10th-anniversary-of-mitre-attck-with-content-networking-for-cyber-defenders/
Acko Transforming Customer Experience: Underwriting to Data Protection, Empowered by Emerging Te…
BFSI Network
Acko, a digital insurer, is looking to reshape customer experience in underwriting and data protection through the power of emerging technologies.
It is leveraging big data, machine learning and digital ledger technology to build an integrated platform that delivers a unique customer experience.
For example, its smart underwriting engine allows customers to get an instant quote by answering a few simple questions and valve set of custom underwriting rules chosen by the customer.
It also embeds analytics into its customer onboarding experience to help customers make the best decisions about personal data protection.
It is also using blockchain to enhance data security, which helps build trust among customers and insurers and ensure that customers are always in control of their personal information.
Through the use of emerging technologies, Acko is creating an innovative platform to revolutionize customer experience in underwriting and data protection.
Link: https://bfsi.eletsonline.com/acko-transforming-customer-experience-underwriting-to-data-protection-empowered-by-emerging-technologies/
Top 5 behaviors of successful CISOs: Gartner | Cybersecurity Dive
Matt Kapko
Top-performing Chief Information Security Officers (CISOs) exhibit five key behaviors that set them apart from less effective executives, according to a Gartner survey of 277 CISOs conducted between 2020 and 2023.
These behaviors include initiating discussions on evolving threats, investing in personal professional development, defining risk with input from senior business leaders, building relationships outside of designated projects, and proactively engaging with emerging technologies.
These behaviors were found to be 1.5 times more common among top performers.
Gartner used four critical outcomes to measure CISO success: functional leadership, information security service delivery, enterprise responsiveness, and scaled governance.
Effective CISOs stay informed about existing and emerging risks to guide leadership on significant threats and influence investment and risk decisions.
Link: https://www.cybersecuritydive.com/news/successful-ciso-behaviors-gartner/692719/
SEC cyber disclosure rules put CISO liability under the spotlight | Cybersecurity Dive
David Jones
The new Securities and Exchange Commission (SEC) rule on cyber incident reporting has come into effect, bringing significant changes for C-suite executives and board members.
The rule requires publicly traded companies in the U.S., and foreign companies trading in the U.S., to disclose cybersecurity incidents within four business days of determining the incident is material to the company’s financial performance.
This rule increases the responsibilities of the Chief Information Security Officer (CISO), who will now not only respond to material incidents but also report them up the command chain and make an official regulatory disclosure.
This has led to increased anxiety among CISOs, with 62% already concerned about potential liability in connection with incident response and corporate governance issues.
The rule also impacts closely-held businesses that have a third-party relationship with a publicly traded company, requiring them to meet the disclosure requirement indirectly.
Link: https://www.cybersecuritydive.com/news/sec-cyber-disclosure-rules-ciso-liability/692696/
What are Software Supply Chain Attacks?
BitSight
Software supply chain attacks are malicious attacks that target vulnerable areas of the software supply chain either directly or indirectly.
These attacks deliberately target processes, software components, forged credentials, and other resources used to create, distribute, and manage software.
The goal of the attack is to either compromise the integrity of the software or insert malicious code into the software that will allow the attacker to gain control of the system.
The attacker may also use the supply chain to gain access to other systems and infrastructure.
In a software supply chain attack, an attacker will often target software providers and their partners in the supply chain, such as distributors, originators, developers, installers, and users.
For example, an attacker could try to breach the code repository of a software provider to inject malicious code into the software.
The attacker could also target the internal networks of the software provider, intercept communications between the provider and other organizations, and even steal confidential data.
Software supply chain attacks are increasingly common as attackers focus on exploiting weaknesses in the software supply chain.
Unfortunately, many organizations are still not aware of the risks of software supply chain attacks.
To prevent these attacks, organizations should take steps to secure their supply chain by implementing security measures such as regular code reviews, secure configurations, secure coding
Link: https://www.bitsight.com/blog/what-are-software-supply-chain-attacks
Cynomi Study Reveals Number of MSPs Providing Virtual CISO Services Will Grow Fivefold By Next Year
Cyberwire
The study conducted by Cynomi revealed that the number of MSPS providing virtual CISO services will grow fivefold by 2021.
The study also highlighted an increasing demand for virtual CISO services in the market.
The study surveyed executives in the field of cybersecurity to analyze the state of the Virtual CISO (vCISO) market.
It found that 87% of MSSPs are now offering virtual CISO services, up from 13% in 2019.
In addition, the study revealed that the number of MSSPs providing vCISO services is expected to increase from 13% to 45% by end of 2021, with more organizations recognizing the beneficial outcomes of deploying vCISOs.
Furthermore, the study showed that the increasing reliance on digital technologies has driven the need for MSSPs to offer vCISO services as part of their cyber security packages.
Link: https://www.analyticsinsight.net/cynomi-study-reveals-number-of-msps-providing-virtual-ciso-services-will-grow-fivefold-by-next-year/
Announcing ‘The Cyber Savvy Boardroom: Essentials Explained’ | finanzen.net
Importer
The Cyber Savvy Boardroom Essentials Explained is a program for board members and CEOs to help equip them with the knowledge needed to effectively manage cybersecurity risks.
This program consists of in-person and online workshops, presentations, and resources that can help board members and CEOs understand the importance of cyber risk management.
It focuses on the areas of cyber strategy, governance, risk and security culture, cyber insurance, and hack response.
Cyber Savvy Boardroom Essentials Explained also provides support and guidance on the implementation of cyber risk management policies.
The program aims to give boards and senior executives the confidence, knowledge and authority needed to make sound decisions on cyber security strategies and processes.
It also encourages boards to take ownership of their cyber security posture and take proactive steps to protect their organization.
This program is provided free of charge by Cyber Savvy Boardroom Services and can be accessed online or through an in-person workshop.
Link: https://www.finanzen.net/nachricht/aktien/announcing-the-cyber-savvy-boardroom-essentials-explained-12797063
The importance of CISOs is not recognised by senior leadership
script
The importance of CISOs is not recognised by senior leadership due to lack of education, awareness, and understanding.
Without a strong understanding of the value that CISOs bring to their organizations, it is impossible for businesses to effectively plan and protect themselves from potential cybersecurity threats.
An effective CISO communicates the business risk of not being cybersecurity minded, and leads the implementation of strategies and technologies that balance risk and reward.
Throughout this process, the CISO is responsible for identifying and responding to threats, ensuring compliance with government regulations, and continually evaluating and improving their organization’s security posture.
CISOs play a vital role in helping organizations strengthen their cybersecurity posture and reduce risk.
However, if they are not appropriately recognised, they often lack the support, resources, and level of influence to lead a successful security program.
Senior leadership must understand the complexity of the security posture, the influence of the cyber threat, and the challenges of protecting their organization.
Educated engagement with C-suite executives is a critical factor for the success of the program.
With the help of executive sponsors, organizations can prioritize their cybersecurity strategies, provide necessary resources, and ultimately create an effective security framework.
Link: https://www.itsecuritynews.info/the-importance-of-cisos-is-not-recognised-by-senior-leadership/
Magnificent News: The Cybersecurity 202: CISA makes a big-name hire for its crusade against inse…
falafelfashion.com
Renowned hacker and whistleblower, Peiter “Mudge” Zatko, has joined the Cybersecurity and Infrastructure Security Agency (CISA) as a senior technical advisor.
Zatko will help promote the concept of “security by design” in software development, a key focus of the Biden administration’s National Cybersecurity Strategy.
Zatko, who was a member of the influential L0pht hacking collective and previously worked at the Defense Advanced Research Projects Agency, will work part-time to foster a culture of cybersecurity accountability among technology vendors and business leaders.
His appointment comes as CISA and the Biden administration push for products that are secure by default, and for software manufacturers to be held legally responsible for their products’ security.
Link: https://www.washingtonpost.com/politics/2023/09/05/cisa-makes-big-name-hire-its-crusade-against-insecure-products/
Scybers and Cyber Leadership Institute Partner to Develop the Next Generation of Cybersecurity L…
adminEn
Cybersecurity firm Scybers has announced a partnership with the Cyber Leadership Institute (CLI) to develop a comprehensive training and mentorship program for future cybersecurity leaders.
The partnership aims to address the growing demand for cybersecurity professionals and the widening skills gap in the industry.
CLI’s leadership development programs, which cover a range of topics from cyber strategy execution to crisis management, will be combined with Scybers’ expertise to provide a holistic curriculum.
The partnership will offer expert instruction, real-world experience through mentorship, and a network of contacts in the cybersecurity industry.
Link: https://en.topic.lk/11894/
Why cyber risk is one of the top critical risks facing organisations today – and why it’s growin…
Gary Lynam
Cyber risk is one of the top critical risks facing organizations today because of the increasing interconnectedness of systems.
The interconnectivity has led to more systems, networks, and data being accessible and vulnerable to malicious actors, leaving organizations more exposed to cyber threats.
Cyber risk is increasingly top-of-mind for companies around the world because of the potential for data loss, regulatory fines or lack of compliance, reputational damage, and a host of other consequences that can arise from a breach or malicious attack.
Additionally, cyber risk is growing due to the persistent evolution of cyber threats, the adoption of new technology, the increased use of mobile and cloud-based applications, and a lack of sufficient cyber security measures.
For these reasons, organizations must take appropriate measures to safeguard their data, systems, and networks, as well as assess and respond to cyber threats.
Link: https://cybersecurity-magazine.com/why-cyber-risk-is-one-of-the-top-critical-risks-facing-organisations-today-and-why-its-growing/
Cybersecurity in the Industry 4.0 Era | P&T Review
Cybersecurity in the Industry 4.0 era is a major concern for businesses.
With more and more businesses being reliant on digital transformation, they also face a heightened risk of attacks from malicious actors.
The Industry 4.0 era is highly connected and digitalised, so the risk of compromise is greater than ever before.
Cybersecurity firms have responded to these threats with a wide range of services, products and solutions designed to protect businesses from the threats posed by hackers and cybercriminals.
These services provide organisations with comprehensive protection against cyber threats, both at the network and application level.
Many of these solutions include features such as threat detection and response, incident response, and penetration testing.
Additionally, businesses can also deploy advanced security measures such as encryption and multi-factor authentication, as well as robust security policies that will help to ensure that their data and systems remain secure.
Through these measures, companies can better protect their data and applications, while also meeting compliance requirements in the digital age.
Link: https://ptreview.co.uk/market-overview/71518-cybersecurity-in-the-industry-4-0-era
New IDC Report: DNS Threat Intelligence for Proactive Defense
EfficientIP
The new IDC report released in June 2023 provides an in-depth look at the strategies and tactics organizations are using to protect against modern cyber threats.
From leveraging threat intelligence to deploying next-generation DNS (Domain Name System) technologies, the report offers a comprehensive overview of the market and highlights the key differentiators of the leading providers in the cybersecurity space.
Key Recommendations
80% of organizations today acknowledge that DNS security is critical, but ever-rising costs and impacts of DNS attacks continue to cause severe damage.
To harden network protection, DNS security tools and actionable data must be better utilized.
These enable evolution to proactive defense and early threat detection, as well as bringing secure connectivity for anywhere-working.
In addition, they offer an easy starting point for zero trust, ZTNA, zero-trust edge, and SASE strategies.
Key recommendations described in the report include:
Move to proactive defense by using DNS threat intelligence feeds
Strengthen your security posture with DNS observability
Accelerate threat remediation by integrating DNS data into your security ecosystem
The report provides a detailed evaluation of the/solution and deployment models associated with cyber threat intelligence and their benefits, such as enhancing the visibility and resilience of the networks.
It also looks at the challenges organizations face when combining threat intelligence and DNS technologies.
The report further explores how organizations are faced with digital transformation, such as cloud computing and the Internet of Things (IoT).
It is important to note that these are fueling an increased demand for cyber threat intelligence and proactive defense measures.
The report provides insights into the major vendors in the cyber threat intelligence space, such as McAfee, Symantec, CrowdStrike, Carbon Black and Palo Alto Networks.
It examines their distinctive approaches to cyber defense, and offers a detailed analysis of various use cases, such as preventing advanced threats, deep discovery for cyberthreats, malware protection, and zero-day protection.
Link: https://efficientip.com/blog/cyber-threat-intelligence-for-proactive-defense-new-idc-2023-dns-report/
Spotlight on Cybersecurity Leaders: Arun DeSouza
media@secureworld.io (SecureWorld News Team)
Meet Arun DeSouza, the Chief Information Security Officer and Chief Privacy Officer for Nexteer Automotive, who has been a CISO for 20 years and serves on the Advisory Council of SecureWorld Detroit.
He has pioneered an integrated information security and privacy program and is a strong advocate for strategic planning, risk management, and Zero Trust.
Arun believes in the power of federation and the importance of end-user training for cybersecurity.
He sees generative AI as both a tool for innovation and a potential risk, advocating for strong policies and controlled deployment.
Arun hopes for a more diverse cybersecurity industry and supports a unified global privacy regulation.
He looks forward to reconnecting with peers and learning from others at the SecureWorld 2023 conference.
Link: https://www.secureworld.io/industry-news/spotlight-cybersecurity-leaders-arun-desouza
US lawmakers introduce small business cybersecurity bill. ICC to prosecute digital war crimes. N…
The CyberWire Staff
Risch, who was former chairman of the Senate Committee on Small Business and Entrepreneurship, says the bill’s goal is to help small businesses bolster their cybersecurity resources in the face of increasing digital threats.The Small Business Cyber Resiliency Act will provide them with access to these important resources.” The bill aims to provide effective and accessible cybersecurity training, establish a Central Small Business Cybersecurity Unit at the Small Business Administration (SBA), and create a publicly-available SBA clearinghouse of cybersecurity resources for small businesses.Shaheen stated, “I’m proud to work across the aisle with Senator Risch on the Small Business Cyber Resiliency Act to help provide our small businesses with the tools they need to grow and create more good jobs.”
Grayson Milbourne, Security Intelligence Director at OpenText Cybersecurity, approves of the prospect that the government might do more to support the security of small and medium businesses.At the time of Gomez’s nomination, Comcast’s chief legal officer Tom Reid said she has “deep knowledge across the breadth of issues before the FCC makes her exceptionally qualified to be a Commissioner.” Fierce Wireless
explains that, prior to Gomez’s approval, the FCC was split 2-2 between Democrats and Republicans, making it difficult to pass anything that was divisive along party lines.
Link: https://thecyberwire.com/newsletters/policy-briefing/5/172
The International Criminal Court will start prosecuting cyber war crimes | Entrepreneur Canada
Entrepreneur Canada
The International Criminal Court (ICC) has declared that it will start prosecuting cyber war crimes beginning on 2023.
This means that any government or entity that carries out cyber war or cyber terrorism will be held accountable to international law.
This move is seen as essential for protecting the basic human rights of citizens who are affected by cyber war and terrorism, as well as ensuring the security of the global digital infrastructure and economy.
The ICC stated that it would begin with limited jurisdiction, taking on cases with extraordinary gravity and impact.
This would provide a baseline to help form laws and regulations that are adequate for punishing those that carry out a cyber attack or use cyberwarfare tactics to harm others or disrupt international trade.
The ICC also plans to investigate previously discovered cases of cyber-attacks with the goal of punishing the perpetrators.
The move to prosecute cyber war crimes is in line with other international organizations, including the United Nations, that are looking to create a legal framework to counter the various threats to digital security.
This move will also prove beneficial for protecting civilians and increasing levels of accountability within the digital space.
The prosecution of cyber war crimes is not without its risks and detractors.
It is widely believed that cyber war may become increasingly difficult to regulate, with the goal
Link: https://entrepreneur.ca/2023/09/08/the-international-criminal-court-will-start-prosecuting-cyber-war-crimes/
Prompt injection attacks threaten AI chatbots and other news – The News Intel
Posted by admin
UK cybersecurity agency warns against attacks targetting AI chatbots The UK’s National Cyber Security Centre (NCSC) has highlighted a growing risk of chatbots being manipulated by hackers [through “prompt injection” attacks](https://www.ncsc.gov.uk/blog-post/thinking-about-security-ai-systems).To accelerate public-private responses to address the global cybersecurity skills and talent gap, the [World Economic Forum Centre for Cybersecurity](https://www.weforum.org/platforms/the-centre-for-cybersecurity) has launched the “Bridging the Cyber Skills Gap” initiative.Among other things, the initiative seeks to: Raise awareness and share knowledge amongst C-suite executives and decision-makers about cybersecurity skills deficit and its economic and security implicationsDefine strategic approaches and processes that will help build sustainable cyber talent pipelines within organizations and across sectors and geographies The Forum has also partnered with [Salesforce](https://www.weforum.org/organizations/salesforce), [Fortinet](https://www.weforum.org/organizations/fortinet) and the [Global Cyber Alliance](https://www.globalcyberalliance.org/) to delivering free and globally accessible cybersecurity training through the [Cybersecurity Learning Hub](https://trailhead.salesforce.com/cybersecurity/).World Economic Forum partner Absa, in collaboration with the Maharishi Institute, have also developed the [Absa Cybersecurity Academy](https://www.absa.africa/a-force-for-good/cybersecurity-academy/academy/) that is targeting some of the most disadvantaged groups in South Africa.Data breaches continue to soar in 2023 The number of data breaches worldwide saw a 156% increase [between Q1 and Q2 2023](https://surfshark.com/research/study/data-breach-statistics-q2-2023), according to new figures from VPN provider Surfshark.News in brief: Top cybersecurity stories this month Japan’s [national cyber defence agency has been infiltrated by hackers](https://www.ft.com/content/de0042f8-a7ce-4db5-bf7b-aed8ad3a4cfd), who may have had access to information for as much as nine months, the Financial Times reports.The Five Eyes intelligence alliance has detailed how Russian state-sponsored hackers Sandworm are using an [Android malware called Infamous Chisel](https://www.cisa.gov/news-events/alerts/2023/08/31/cisa-and-international-partners-release-malware-analysis-report-infamous-chisel-mobile-malware) to attack Ukranian soldiers’ devices, scan files, monitor traffic and steal sensitive information.More on cybersecurity on Agenda The World Economic Forum’s Global Coalition for Digital Safety has produced a [foundational language to define online harms](https://www.weforum.org/agenda/2023/09/definitions-online-harm-internet-safer/).[Technology’s impact on productivity growth has been consistently overstated](https://www.weforum.org/agenda/2023/08/generative-ai-realistic-economic-impact/), they say, and analysts could be repeating that mistake with generative AI.
Link: https://thenewsintel.com/prompt-injection-attacks-threaten-ai-chatbots-and-other-news/
Mid-year state of the cyber market update
Updates Finance
The cyber insurance market is experiencing a more competitive rate environment in 2023 after two years of substantial rate increases and strict underwriting requirements.
Miguel Canals, SVP and senior cyber underwriter at Munich Re US, stated that the rate change for cyber insurance decreased from +34.3% in 4Q21 to +8.4% in 1Q23, indicating a deceleration in rate increases.
This suggests that the market may not experience the same level of rate increases as in 2021 and 2022.
Three key loss trends in the cyber insurance market are highlighted by Canals.
First, there is an uptick in ransomware attacks, with increased frequency and the additional risk of data exfiltration.
However, efforts by the insurance industry to enforce stronger cybersecurity controls have resulted in a reduced number of claims.
Second, there is an increase in privacy litigation claims, particularly related to pixel and tracking technology litigation and the Biometric Information Privacy Act (BIPA) of Illinois.
Settlement amounts for class action lawsuits in this space can vary significantly.
Third, the cyberattack on the MOVEit file-transfer software has raised concerns in the market due to its widespread impact.
Carriers have varying views on the severity of this vulnerability based on their portfolio compositions.
In response to the shifts in the cyber insurance market, carriers are adjusting their strategies.
Some carriers in the excess space are broadening their appetite and offering higher limits, while primary carriers are more focused on increased self-insured retentions.
Carriers are also tightening their policy wordings to address privacy litigation claims and are updating their cyber war clauses to provide clarity and transparency to policyholders.
Munich Re US supports clients by providing cyber security expertise, reinsurance capacity, cyber underwriting and claims training, and accumulation consultation to bolster their cyber resilience.
Link: https://www.insurancebusinessmag.com/us/news/cyber/midyear-state-of-the-cyber-market-update-459085.aspx
You’re ready for the new SEC cybersecurity rules. Have you included your OT? – E-DeshSeba
Admin
Yes, you should include your OT systems when preparing for the new SEC Cybersecurity Rules.
OT (Operational Technology) systems are used to monitor and control physical processes in industrial settings, such as factories, refineries, and power plants.
By having the same protections in place for OT as your IT systems, you can reduce or eliminate the opportunities for attack or manipulation of critical infrastructure.
This makes it essential to include OT systems in your preparation for the new SEC Cybersecurity Rules.
Link: https://www.edeshseba.info/youre-ready-for-the-new-sec-cybersecurity-rules-have-you-included-your-ot/
CISA advisory committee urges action on cyber alerts and corporate boards
Christian Vasquez
Cyber Scoop
An advisory committee to the Cybersecurity and Infrastructure Security Agency delivered a long list of recommendations on Wednesday that encourage the agency to take measures to increase the cybersecurity expertise on corporate boards of directors, develop a national cybersecurity alert mechanism and better protect high-risk communities from surveillance.
Wednesday’s report includes recommendations from six subcommittees that cover corporate cyber responsibility, cyber hygiene, the creation of a national cybersecurity alert system, reducing systemic risk to critical infrastructure, protecting high-risk communities and the cybersecurity workforce.
The subcommittee on corporate cyber responsibility recommended that corporate board members be educated and trained on cybersecurity issues, especially with new rules from the Securities and Exchange Commission coming into effect requiring publicly traded companies to report significant breaches of their computer systems and data.
The subcommittee also encouraged CISA to explore performance goals to measure what would amount to a “cyber responsible” board.
Another recommendation calls for a national cybersecurity alert system to be administered by CISA.
While there are multiple avenues of information flows like advisories, bulletins and so on, “they’re not authoritative; they’re not coherent,” Inglis said.
Link: https://cyberscoop.com/cisa-advisory-committee-recommendations/
IAM, cloud security to drive new cybersecurity spending
Michael Hill
CSO Online
Separate research published in June suggested that security budget hikes are missing the mark, with knee-jerk reactions and impractical expectations hampering the ability of CISOs to make business-critical security investments.
The research came from risk and cybersecurity solutions provider BSS, which surveyed 150 security leaders, indicating that misguided expectations of budget holders regarding security spend are causing problems for CISOs despite notable budget increases.
More than half of respondents (56%) reported a budget increase from 2022.
Around 63% of CISOs operating in the technology domain saw security budgets increase, rising to 76% of CISOs in industrial, manufacturing, mobility, and energy domains.
Most businesses with more than 50 cybersecurity employees now have an annual budget exceeding $10 million, according to the report.
Budgets cuts were cited by just 19% of respondents, mostly observed in larger companies with over 100 cybersecurity employees, while 25% noted no change.
Budget expansions are widely anticipated in two categories.
The first is IAM (46%), encompassing identity governance and administration (IGA), privileged access management (PAM), authentication, and machine identity management.
The second is cloud security (46%), encompassing cloud native application platforms (CNAPP), cloud security posture management (CSPM), cloud workload protection platforms (CWPP), and cloud detection and response (CDR).
In contrast, spending in the areas of risk assessment (16%), security services (11%), and infrastructure protection (10%) is likely to be significantly less common, the report found.
Security information and event management (SIEM) was the product that CISOs are most keen to remove or replace, with the survey indicating that many CISOs consider traditional SIEM lacking in performance due to staffing, funding, and data stack constraints.
Managed services and legacy scanning tools were also among the frequently mentioned products to remove or replace.
Respondents overwhelmingly cited third-party risk management (48%), AI security (48%), and insider threats (40%) as the most acute problems their organizations face, with existing solutions failing to meet needs in these areas, according to the report.
Link: https://www.csoonline.com/article/651241/iam-cloud-security-to-drive-new-cybersecurity-spending.html