CINS ARMY BRIEF
What Gets Measured Gets Done
This is our CINS Army Brief for May 2022, curating the most interesting cyber news from the past month. Learn more and subscribe here.
Let’s keep the ‘metrics’ theme from last month going, and don’t forget the soft skills. Geez, sounds like the Golden Vector again …
Our Take
NIST Cybersecurity Framework update comments highlight a gamut of needed changes
https://www.csoonline.com/article/3660068/nist-cybersecurity-framework-update-comments-highlight-a-gamut-of-needed-changes.html
Our favorite suggestion here is ‘relevant cybersecurity metrics.’ It’d be really cool if NIST could lead the way in standardizing some measurements that would allow both vendors and users the ability to assess the success of these framework implementations. I mean, NIST is all about measurements, right?
Secrets to building a healthy CISO-vendor partnership
https://www.csoonline.com/article/3658976/secrets-to-a-building-a-healthy-ciso-vendor-partnership.html#tk.rss_all
None of those fancy metrics mean a thing if you don’t have the trust of your vendors – or customers – depending what side of the fence you’re on.
- U.S., allies warn of rising recent and future attacks on managed service providers
https://www.cyberscoop.com/five-eyes-msp-cybersecurity-hacking-nation-state/ - 12 steps to building a top-notch vulnerability management program
https://www.csoonline.com/article/3659838/12-steps-to-building-a-top-notch-vulnerability-management-program.html#tk.rss_all - Zero-click attacks explained, and why they are so dangerous
https://www.csoonline.com/article/3660055/zero-click-attacks-explained-and-why-they-are-so-dangerous.html#tk.rss_all - It’s time for startups to get proactive and prioritize security
https://venturebeat.com/2022/05/10/its-time-for-startups-to-get-proactive-and-prioritize-security/ - REvil ransomware is officially back, experts claim
https://www.techradar.com/news/revil-ransomware-is-officially-back-experts-claim - Voice phishing attacks reach all-time high
https://www.techrepublic.com/article/voice-phishing-attacks-reach-all-time-high/ - Open source is becoming a national security risk
https://www.csoonline.com/article/3661552/chris-wysopal-open-source-is-becoming-a-national-security-risk.html#tk.rss_all - U.S. Cybersecurity Agency ‘Strongly Urges’ You Patch These 75 Actively Exploited Flaws
https://www.forbes.com/sites/daveywinder/2022/05/26/us-cybersecurity-agency-strongly-urges-you-patch-these-75-actively-exploited-flaws/?sh=28940eb06381 - Phishing websites now use chatbots to steal your credentials
https://www.bleepingcomputer.com/news/security/phishing-websites-now-use-chatbots-to-steal-your-credentials/ - How to delete yourself from internet search results and hide your identity online
https://www.zdnet.com/article/how-to-delete-yourself-from-internet-search-results-and-hide-your-identity-online/ - IIoT brings business opportunities and security concerns
https://www.techtarget.com/iotagenda/post/IIoT-brings-business-opportunities-and-security-concerns - This unpatched DNS bug could put ‘well-known’ IoT devices at risk
https://www.zdnet.com/article/this-unpatched-dns-bug-could-put-well-known-iot-devices-at-risk/ - 5 key industries in need of IoT security
https://venturebeat.com/2022/05/01/5-key-industries-in-need-of-iot-security/
Put Us In Your Corner.
We back you up with managed threat protection, visibility, and support, 24/7.