As we round out 2022, many in the cybersecurity industry are either looking back at what’s happened this year or pontificating about what’s to come in 2023. Increasingly, organizations large and small are grappling with how best to mitigate the risks of cyberattacks.
According to an interview with Keri Pearlson, Executive Director of Cybersecurity at MIT Sloan, securing the businesses of the future requires a board-level understanding of cybersecurity. “Cyber risk is so significant that a responsible board can no longer ignore it or just delegate it to risk management experts,” Pearlson said.
Indeed, headlines this week reflect the challenges of our digital world as countries across the globe try to strike a balance between ensuring internet freedoms and protecting privacy while also protecting organizations from malicious actors exploiting zero-day vulnerabilities.
To learn more about cybersecurity’s impact on business, join RSAC 365 for a Half-Day Virtual Seminar on Risk Management & Governance chaired by Jerich Beason, CISO, Capital One Commercial Bank. Beason will moderate a conversation with a panel of CISOs who will share their approaches to managing risk.
Now let’s look at what else made cybersecurity headlines this week.
Dec. 2: Proton Calendar, reportedly the only calendar app that offers end-to-end encryption, has released an iOS app as an alternative to other calendar offerings.
Dec. 2: “An open source Go implementation of the SAML protocol has patched a critical vulnerability that could allow attackers to bypass authentication in applications that used the library,” PortSwigger reported.
Dec. 1: Krebs on Security reported, “ConnectWise, which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link.”
Dec. 1: Despite alerting customers that an unauthorized party had accessed “some elements” of customer information, LastPass said its security measures prevented attackers from gaining access to encrypted passwords.
Dec. 1: After the downfall of the FTX cryptocurrency exchange, a leading financial investor has strongly recommended that legislators establish a regulatory framework for digital assets.
Nov. 30: According to ENISA, “The European Data Protection Supervisor (EDPS) and the European Union Agency for Cybersecurity (ENISA) sign a Memorandum of Understanding (MoU) which establishes a strategic cooperation framework between them.”
Nov. 30: “While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks,” BleepingComputer reported.
Nov. 30: Researchers at Abnormal Security are tracking “Lilac Wolverine,” a business email compromise gang that is taking over personal accounts to launch a gift card scam campaign.
Nov. 29: In an SC Media column, Parham Eftekhari opined that the best way to disrupt cyber adversaries is to embrace the power of public-private partnerships.
Nov. 29: Recognizing that the somewhat arcane approach to protecting the perimeter is no longer a sufficient cybersecurity tactic, CISA is exploring new, innovative strategies.
Nov. 28: A data leak that impacted more than 500 million Facebook users was deemed a violation of European privacy rules, for which Meta was fined roughly $275 million.