Cyber Risk Update 20 JAN 2023

StateRAMP, or the State Risk and Authorization Management Program, launched in early 2021. The organization evaluates the data security capabilities of participating cloud vendors that sell to state and local government. https://www.govtech.com/computing/stateramps-snapshot-shows-provider-path-to-security-readiness

Security professionals must update their skill sets and be proactive to stay ahead of cybercriminals. It's time to learn to think and act like an attacker to cope with the cyber "new normal." https://www.darkreading.com/attacks-breaches/why-businesses-need-to-think-like-hackers-this-year
Why CISOs should pay more attention to geopolitics (ust.com). As governments step up their diplomatic efforts to resolve tensions, there is a knock-on effect: malicious activities spill over into the cybersphere. https://www.ust.com/boundless/why-cisos-should-pay-more-attention-to-geopolitics.html

Ninety-three percent of cybersecurity experts and 86% of business leaders believe a “far-reaching, catastrophic cyber event is likely in the next two years,” according to the World Economic Forum. https://www.weforum.org/press/2023/01/geopolitical-instability-raises-threat-of-catastrophic-cyberattack-in-next-two-years
Threat actors lure phishing victims with phony salary bumps, bonuses https://www.cybersecuritydive.com/news/phishing-lures-phony-hr-salary/640698/

Hundreds of state, local and federal law-enforcement agencies, totaling more than 600 agencies, have access to a database of more than 150 million money transfers between people in the U.S. and people in more than 20 countries housed at an Arizona nonprofit. https://www.wsj.com/articles/little-known-surveillance-program-captures-money-transfers-between-u-s-and-more-than-20-countries-11674019904

A newly released report from Connecticut-based IT vendor Datto suggests that only around three out of 100 small- to medium-size businesses hit with ransomware pay cyber criminals to recover their data. https://www.govtech.com/security/fewer-cyber-attacks-are-seeing-ransom-payouts-report-finds
Ransomware Remains Top Cyberthreat https://www.databreachtoday.com/ransomware-remains-top-cyber-threat-former-ncsc-chief-says-a-20966

KnowBe4 releases overall 2022 and Q4 2022 global phishing test reports and finds business-related emails continue to be utilized as a phishing strategy and reveal top holiday email phishing subjects. https://www.darkreading.com/remote-workforce/knowbe4-2022-phishing-test-report-confirms-business-related-emails-trend
Easily guessed default passwords can be a malicious hackers’ easiest way to infiltrate a target. And all too often, according to research released Wednesday, operators of critical infrastructure aren’t updating off-the-shelf security credentials in internet devices connected to industrial systems. https://www.cyberscoop.com/industrial-system-cybersecurity-default-passwords/