CINS Army Brief
Don't Bury The Lead
Our Take
This headline is burying the lead. It makes it sound like a lot of stuff simply isn’t getting patched (which is indeed true), but then the article goes on to say (also true) that a good percentage of these CVEs are unpatchable (EoL, OT, 3rd Party, etc. etc.).
Patching is Security 101 and super-critical. Do it first. But don’t forget about other basics like network segmentation and detection & response to fill in the gaps.
45% of critical CVEs left unpatched in 2023
https://www.helpnetsecurity.com/2024/01/25/cybersecurity-attack-attempts-increase
This is our CINS Army Brief for January 2024, curating the most interesting cyber news from the previous month. Learn more and subscribe here.
- Top 3 Data Breaches of 2023, and What Lies Ahead in 2024
https://www.darkreading.com/cyberattacks-data-breaches/top-3-data-breaches-2023-what-lies-ahead-2024 - Here we go again: 2023’s badly handled data breaches
https://techcrunch.com/2023/12/29/badly-handled-data-breaches-2023 - Top U.S. cybersecurity watchdog issues emergency directive to federal agencies about popular software
https://www.nbcnews.com/tech/security/cisa-issues-emergency-directive-federal-agencies-connect-secure-softwa-rcna134844 - PwC survey: 77% of CEOs concerned about AI cybersecurity risks
https://venturebeat.com/ai/pwc-survey-77-of-ceos-concerned-about-ai-cybersecurity-risks - Three 5G Networking And Cybersecurity Predictions: A Retrospective
https://www.forbes.com/sites/moorinsights/2024/01/05/three-5g-networking-and-cybersecurity-predictions-a-retrospective/?sh=69ab4f117aa0 - 7 cybersecurity predictions to look out for in 2024
https://www.techradar.com/computing/cyber-security/7-cybersecurity-predictions-to-look-out-for-in-2024 - The CISO Role Undergoes a Major Evolution
https://www.darkreading.com/cybersecurity-operations/ciso-role-undergoes-major-evolution - As hacks worsen, SEC turns up the heat on CISOs
https://techcrunch.com/2024/01/17/security-leadership-ciso-heat-risk - Why has zero trust been stalled for nearly 20 years?
https://www.scmagazine.com/research-article/why-has-zero-trust-been-stalled-for-nearly-20-years - How Close To Zero Can A CISO Go?
https://www.forbes.com/sites/forbestechcouncil/2024/01/18/how-close-to-zero-can-a-ciso-go/?sh=16f75e107230 - DOE offers $30M to improve cybersecurity for virtual power plants, distributed resources, cloud solutions
https://www.utilitydive.com/news/doe-30-million-cybersecurity-virtual-power-plants-distrubuted-resources/704863 - Why Is Cybersecurity Essential to Utilities Companies?
https://energydigital.com/articles/why-is-cybersecurity-essential-to-utilities-companies - IT and OT cybersecurity: A holistic approach
https://securityintelligence.com/posts/it-and-ot-cybersecurity-integration - Cybersecurity Best Practices According to 3 Superintendents
https://www.govtech.com/education/k-12/cybersecurity-best-practices-according-to-3-superintendents - US School Shooter Emergency Plans Exposed in a Highly Sensitive Database Leak
https://www.wired.com/story/us-school-shooter-emergency-plans-leak - Cybersecurity teams need new skills even as they struggle to manage legacy systems
https://www.zdnet.com/article/cybersecurity-teams-need-new-skills-even-as-they-struggle-to-manage-legacy-systems - The Future Of Cybersecurity Is More Human Than You Think
https://www.forbes.com/sites/sap/2024/01/29/the-future-of-cybersecurity-is-more-human-than-you-think/?sh=5470c26d3cf9 - What makes ransomware victims less likely to pay up?
https://www.helpnetsecurity.com/2024/01/26/what-makes-ransomware-victims-less-likely-to-pay-up - Fast code or secure code? You can’t have both
https://www.itpro.com/software/fast-code-or-secure-code-you-cant-have-both - Why attackers love to target misconfigured clouds and phones
https://venturebeat.com/security/why-attackers-love-to-target-misconfigured-clouds-and-phones - IT and security teams are getting better are fighting security threats – but more still needs to be done
https://www.techradar.com/pro/security/it-and-security-teams-are-getting-better-are-fighting-security-threats-but-more-still-needs-to-be-done - Attribute-based encryption could spell the end of data compromise
https://www.helpnetsecurity.com/2024/01/18/attribute-based-encryption-abe - Charting a Course for Privacy: The Urgency for a Defined Path by the US Government
https://www.hstoday.us/featured/charting-a-course-for-privacy-the-urgency-for-a-defined-path-by-the-us-government - Post-Incident Forensics: Piecing Together the Puzzle After a Cyberattack
https://foodsafetytech.com/feature_article/post-incident-forensics-piecing-together-the-puzzle-after-a-cyberattack - Consumers prepared to ditch brands after cybersecurity issues
https://www.helpnetsecurity.com/2024/01/04/consumers-cybersecurity-issue - AI app use is surging – and that could be a major security issue
https://www.techradar.com/pro/security/ai-app-use-is-surging-and-that-could-be-a-major-security-issue
