Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Intro to ‘The role of AI in decision-making: a business leader’s guide’

For many years, business leaders in all different sectors have toyed with the idea of AI implementation. At one time, this innovative technology was used simply in an experimental capacity, to determine whether or not automation has the ability to replicate human logic.

While it still has its critics, there’s little doubt that AI has come on leaps and bounds in recent years, offering businesses a whole host of benefits. Today, we’ve reached the point where these benefits are almost impossible to ignore. In fact, 91.5% of the world’s biggest companies are investing in AI in some capacity on an ongoing basis, which all but puts to bed any doubts about whether or not the technology is here to stay.

From improving customer service to revolutionizing business intelligence, AI has the capabilities to optimize so many different aspects of managing business operations. But, failing to implement it properly, and ignoring the potential consequences of misuse, could damage both a business’ bottom line and their reputation.

To help you make the right calls when it comes to AI integration, this guide produced by Quantexa is a great place to start. It explores the role of AI in business decision-making, and shines a light on the different types of AI that are available to leaders. It’s clear that taking a forward-thinking approach to implementing the technology can help owners and managers to make better decisions around the future of their companies, but it’s imperative that your use of AI is sustainable and well-thought-out. Using this helpful resource, see what artificial intelligence could do for your business.

Report: Ransomware group got over $100M since 2022

Ransomware group Black Basta has been paid more than $100 million from affected organizations since April 2022, Elliptic reports. That’s from 90 of the operation’s more than 300 victims in the time period, and the largest payout was $9 million.  More…

CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard

12/07/2023 12:00 PM EST

Today, the Cybersecurity and Infrastructure Security Agency (CISA)—in coordination with the United Kingdom’s National Cyber Security Centre (UK-NCSC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cyber Command Cyber National Mission Force (CNMF)—released a joint Cybersecurity Advisory (CSA) Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods used by this Russia-based threat actor group to target individuals and organizations. Known Star Blizzard techniques include:

  • Impersonating known contacts’ email accounts,
  • Creating fake social media profiles,
  • Using webmail addresses from providers such as Outlook, Gmail and others, and
  • Creating malicious domains that resemble legitimate organizations.

CISA encourages network defenders and critical infrastructure organizations review the CSA to improve their cybersecurity posture and protect against similar exploitation based on threat actor activity. CISA also urges software manufacturers to incorporate secure-by-design and -default principles into their software development practices, limiting the impact of threat actor activity.

For more guidance to protect against the most common and impactful threats, visit CISA’s Cross-Sector Cybersecurity Performance Goals. For more information on secure by design, see CISA’s Secure by Design webpage.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.