top of page
Donald E. Hester

Cyber Risk Update 5 MAY 2023

Bonus


Fun

  • May the 4th Be with… Your Passwords (on World Password Day). Password pontifications and what would Yoda do? As long as passwords are still pertinent, we must persist in encouraging and enabling users to break the propensity toward paltry password preferences. We may never prevail over the password problem before it passes away, but until then there are procedures we can promote toward a positive password posture. When it comes to password hygiene, a Jedi master, Jedi, or perhaps a password Padawan, are you (or your staff)? Read more to find out. https://www.waterisac.org/portal/may-4th-be-%E2%80%A6-your-passwords-world-password-day

OT/ICS/IoT Cybersecurity

  • Protecting Critical Infrastructure: Insights from the Dragos ICS & OT Year in Review for 2022 https://www.learnsecurity.org/single-post/protecting-critical-infrastructure-insights-from-the-dragos-ics-ot-year-in-review-for-2022

  • Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes. Fortinet warns of a massive spike in malicious attacks targeting a five-year-old authentication bypass vulnerability in TBK DVR devices. Security Week has written an article discussing a spike in attacks exploiting CVE-2018-9995, a 5 year old critical authentication bypass vulnerability in TBK Vision devices, and CVE-2016-20016, a 7 year old vulnerability in MVPower devices. Reported by Fortinet, both of these manufacturers produce CCTV equipment often used to protect critical infrastructure facilities. https://www.securityweek.com/exploitation-of-5-year-old-tbk-dvr-vulnerability-spikes/

  • Reigning in ‘Out-of-Control’ Devices. Out-of-control devices run the gamut from known to unknown and benign to malicious, and where you draw the line is unique to your organization. Organizations large and small are adopting endpoint detection and response (EDR) solutions to provide visibility into their networks. However, according to security researchers, many organizations’ percentage of EDR coverage on endpoints is in the range of 60-70 percent, leaving 30-40 percent of devices out of their control, greatly increasing an organization’s cyber risk. https://www.securityweek.com/reigning-in-out-of-control-devices/

Collaboration

Incidents

Nation States

Governance

  • CISOs and boards don't spend enough time together. Just 47% of 600 directors surveyed said they serve on boards that interact with the security chief regularly, according to research from MIT and cybersecurity company Proofpoint. About one-third of directors said they see their CISOs only at board meetings, the researchers found. This arm's length relationship adds to a disconnect between the two sides about cyber priorities, researchers said. (Harvard Business Review) https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity

TTPs

Trends

Mis-dis-malinformation

Ethics

  • Ethical issues such as how we treat others, use information, engage with employees, manage resources, approach sustainability, and impact the world around us all affect how we view organizations. In fact, the inappropriate treatment of people and the communities we live in are often the subject of scrutiny and can signal the difference between success or failure. That’s why organizations often strive for ethical decision making and practices. https://www.channelpronetwork.com/blog/entry/5-ethical-issues-technology-watch-2023

AI

Related Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
Featured Posts
Recent Posts
Posts By Category
Follow Me
  • Facebook Basic Square
  • LinkedIn Social Icon
  • Twitter Basic Square
  • YouTube Social  Icon
  • SlideShare
bottom of page