There are so many reasons to celebrate the month of June. It’s the summer solstice (longer days, more vacation, and summer camps), Pride month (more embracing of diversity), and National Internet Safety Month (more people thinking about cybersecurity)!
A former teacher of English, I was a big fan of School House Rock. From “I’m Just a Bill” to “Conjunction Junction,” the educational jingles have held a place in my heart for decades. In my quest to remind people to use the -ly ending on their adverbs, I have spent many a day singing, “Lolly, Lolly, Lolly get your adverbs here!”
Thanks to the Cybersecurity and Infrastructure Security Agency (CISA), I’m now putting my vocals to the test with the lyrics from, “We can secure our world.”
When we think about the four things CISA says we can do to protect our Internet experiences, they are both simple and anything but simple. Sure, using a strong password for a single account is simple, but a recent report about digital media consumption found, “more than half (57%) of smartphone users access apps every day of the month.” When each of those apps requires its own unique and strong password, simplicity becomes…well, a lot more complex.
Turning on multifactor authentication (MFA) is great advice, but in a world where MFA fatigue is increasing, this seemingly simple fix can sometimes hamstring the authentication process.
For most users, updating software is not a difficult task, but people just don’t think of it. One way to make this step simple is to take CISA’s advice and, “turn on automatic updates,” but I’ll add “when possible.” We know that automating the process of updates and patches is far from simple for many organizations.
According to a recent study published by the Better Business Bureau, in 2023 reports of phishing scams increased to, “a record high of over 9,000.” Cybercriminals are honing their craft and adopting new technologies, which makes recognizing phishing attacks increasingly more challenging.
To learn more about identity access management, MFA, updating software, and phishing attacks, visit our Library where you can now also view all sessions that were recorded at RSA Conference 2024.
Now let’s take a look at what else made industry headlines this week.
Jun. 14: Life360 fell victim to breach due to hackers accessing the Title Customer Support Platform.
Jun. 13: US commercial bank, Truist, confirms its systems were breached and their stolen data is allegedly on a hacking forum.
Jun. 13: Fraudsters created a fake website to sell fake Paris 2024 Summer Olympic Games tickets.
Jun. 12: Cleveland, Ohio, closed its City Hall’s services after cyber incident.
Jun. 12: One of Microsoft vulnerabilities, Zero-Click Outlook, could be exploited to achieve remote code execution.
Jun. 11: UK police arrested two individuals who allegedly sent thousands of SMS phishing messages via fake cell tower.
Jun. 11: London’s National Healthcare hospitals have been struggling with patient services delay due to a ransomware attack.
Jun. 10: The Hackers News reported, “Google revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs.. connected to the People’ Republic of China.”
Jun. 10: Researchers found six vulnerabilities impacting Netgear WNR614 N300, a popular router used among home users and small businesses.