A quick Saturday digest of cybersecurity news articles from other sources.
The Invention of the Typewriter
On June 24, 1868, Christopher Latham Sholes received a patent for something he called a “Type-Writing Machine.” The early tech resembled a piano and had 21 keys.
How to be prepared for a ransomware attack: Check your data and backups
Expert says ransomware attacks will happen, and your company has to be prepared long before the attack hits.
CISA’s CSET Tool Sets Sights on Ransomware Threat
Original release date: June 30, 2021
CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.
The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident. CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. The RRA:
- Helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
- Guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
- Provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.
CISA strongly encourages all organizations to take the CSET Ransomware Readiness Assessment, available at https://github.com/cisagov/cset/.
Fed up with remote work, tech workers are looking for new jobs
Remote working is taking its toll on the relationships between technology professionals and their peers. A survey of more than 1,000 tech workers by jobs platform Dice found that relationships between employees and co-workers have deteriorated over the past year.
Unsecured servers and cloud services: How remote work has increased the attack surface that hackers can target
The increase in the use of cloud services as a result of organizations and their employees shifting to remote work because of the COVID-19 pandemic is leaving corporate networks exposed to cyberattacks. Many businesses had to swiftly introduce working from home at the start of the pandemic, with employees becoming reliant on cloud services including Remote Desktop Protocols (RDP), Virtual Private Networks (VPN) and application suites like Microsoft Office 365 or Google Workspace.
The Ghosts of Mirai
Report from Fortinet. It has been almost five years since the source code of the notorious MIRAI IoT malware was released to the public by its author in late 2016. This event led to the emergence of numerous copycats, creating their own flavors of IoT botnet armies. Although improvements have been constantly added since then by various threat actors, the structure and goal of the campaigns have remained the same. More…
Cryptocurrency lawyer: Its traceability can help protect those who invest in it
Lawyer discusses the legal issues behind cryptocurrency, including the myth that it’s always about money laundering. Mostly, it’s not.
Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.
CISA Begins Cataloging Bad Practices that Increase Cyber Risk
Original release date: June 29, 2021
In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions.
While extensive guidance on cybersecurity “best practices” exists, additional perspective is needed. Ending the most egregious risks requires organizations to make a concerted effort to stop bad practices.
CISA encourages cybersecurity leaders and professionals to review EAD Goldstein’s blog post and the new Bad Practices webpage and to monitor the webpage for updates. CISA also encourages all organizations to engage in the necessary actions and critical conversations to address bad practices.
Credit and Debt After Death: What You Need to Know
It’s important to know what happens to a person’s credit and debt after their death.
The quantum decade: IBM predicts the 2020s will see quantum begin to solve real problems
A new report from IBM posits that quantum computing is poised to take off and begin to pay off for business users.
Share
JUL
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com