Dear Reader,
The March 2021 security news was dominated by a slew of new ransomware and zero-day exploits threatening individuals, business, and public institutions worldwide. Perhaps the most prominent example are the vulnerabilities in Microsoft's Exchange Server that left many scrambling to rollout relevant security patches while the flaws were already being abused on a large scale. Germany's cybersecurity agency BSI went as far as to declare red alert following the immense number of systems that were exposed. In order to spare the Exchange administrators among you from terrifying flashbacks, we are not going to dissect this incident in more detail, but instead focus this newsletter on some helpful advice published in the past month that can help your organization improve its security posture and avoid this kind of situations.
The newly appointed head of NCSC, Lindy Cameron, emphasized the importance of boardroom accountability for cybersecurity affairs. In doing so, she addresses an issue that a lot of organizations large and small still underestimate: If security is an afterthought when determining the strategic direction of a company, one of the core business enablers is placed at a significant disadvantage and thus, the company at risk.
A recent whitepaper by security training company KnowBe4 looks into the beneficial effects of a strong security culture. While one would naturally assume this to be the case, the report backs it up with data from employees across 1,115 organizations.
https://www.knowbe4.com/hubfs/Channel/WP_How_Security_Culture_Invokes_Secure_Behavior.pdf
Similarly, the principle of sharing threat intelligence (TI) among peers to make it more difficult for malicious actors sounds trivial as well. However, research shows that almost half of TI analysts is not allowed to do so due to fears of giving out precarious information. One thing is for sure: Attackers are already collaborating, and they are definitely sharing their insights.
In Cyber Security Magazine, Josh Neame provided some valuable guidance on security aspects that will require particular attention in 2021. As large parts of the world are still working from home, security teams must address the challenges that come with online collaboration, remote access, and shifting trust boundaries.
https://cybersecurity-magazine.com/mind-the-gaps-refocusing-security-efforts-in-2021/
Okay, this last one should be fairly obvious, but blaming individuals for configuring a security control incorrectly which in turn led to a security incident is not the way to go. Firstly, effective security follows a defense in depth approach as to avoid single points of failure. Secondly, if such points do exist and are known to the organization, they better be controlled stringently so as to prevent interns from changing the password.
https://slate.com/technology/2021/03/solarwinds-hack-cyber-espionage-intern-password.html
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
For our latest video discussion on Open RAN for 5G please see the River Publishers YouTube.
The latest journal articles from River Publishers in all areas of cyber security can be found on the River Publishers website.
https://cybersecurity-magazine.com/
https://www.linkedin.com/showcase/cybersecuritymagazine/
@magcybersec
https://www.facebook.com/Cybersecurity-Magazine-100535232117942