Cyber Defense eMagazine June 2021 Edition

More documents

Recommendations

Info

Cities today struggle to anticipate when and where they are going to be attacked, and the sophistication and scope of attacks are increasing, including devastating ransomware threats. Cities of all sizes and in all countries are at risk, as officials in places like Johannesburg and New Orleans can attest. In Baltimore, a May 2019 ransomware attack cost the city more than $6 million. We would not tolerate regular disruptions to our water and electrical systems, and cybercrime cannot become something we simply accept as a cost of doing business. That’s why national governments must provide cities and localities guidance about how to organize their local cyber strategy. Just as a national government can set standards for other essential utilities, we need countries to mandate robust expectations for cities and states in cyberspace. In the United States, without strong direction from the national-level Cybersecurity and Infrastructure Security Agency, states have attempted to take matters into their own hands with cyber legislation. Still, an uncoordinated approach simply means bad actors will identify the weakest link. The European Union, recognizing “an increasing risk of fragmentation” without a common framework of certificates, recently introduced a certification model for information and communications technology (ICT) products that can serve as a guide for professional certifications and baseline qualifications for anyone managing the local tech infrastructure. Yet governments and cities will need assistance determining the qualifications and technology required for their specific cyber risks. National governments need to set these standards, and use whatever mechanism they can to enforce them, from mandates to tying funding to meeting these standards. This also goes for creating a qualified cohort of cybersecurity workers. Yes, cyber training programs and boot camps are already available, but countries should implement uniform standards and require certifications for state and local employees to improve our overall preparedness. We cannot afford a patchwork of qualifications and approaches to the growing issue of cybersecurity. A huge cybersecurity skills gap already exists, with millions of new workers needed to defend organizations and institutions. To fill this gap and encourage more people to become cybersecurity experts, we must outline exactly what prospective employees need to know and where they can learn the required skills to fill government positions. Clear qualifications will make it easier for countries to update their education systems and training approaches to meet this new cyber era. A focus on improving the tools available to cities and investing in new technologies will also offer an opportunity for the private sector to contribute its expertise. If countries put in place the regulations, certification, and training requirements for cities now, just as many places have done to manage other utilities, we can all adapt to change more quickly and address the flood of new cyber threats before significant damage is done. About the Author Yaron Rosen is a former chief of the Israel Defense Forces Cyber Staff, research fellow at IDC Herzliya, and co-founder and president of Toka, a cyber capacitybuilding company. Twitter: @RosenYaron Cyber Defense eMagazine – June 2021 Edition 80 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
How Can You Protect the Security Perimeter When the Threat is Already Inside? By Jon Ford, Managing Director, Mandiant Professional Services Legitimate access rules the cyber landscape. Every adversary wants it, and every employee has it. The increasing number of malicious insider incidents is particularly troubling for organizations of all sizes because insiders are, by definition, those we trust most. Malicious insider events impact organization reputation, customer trust and investor confidence. Organizations across industries have faced the rapid rise of malicious and negligent insider threats during the pandemic, resulting in corporate and economic espionage, data theft, digital extortion, backup destruction, accidental leaks and more. Forrester predicts that this trend is here to stay and that 33 percent of data breaches in 2021 will be insider threat related. At Mandiant, a part of FireEye, we have investigated a growing number of malicious insider threat incidents during the shift to remote work, especially in organizations with open trust models. For the organization, these attacks are difficult to detect and prevent without risk-aligned investments. For the malicious insider, the outcomes have a significant probability of success with a low cost to execute. Cyber Defense eMagazine – June 2021 Edition 81 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Key Business Lessons Learned from T
Page 3 and 4:
Clean Water Shows Us Why Cyber Cert
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - June 2021
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30: Cyber Defense eMagazine - June 2021
Page 33 and 34: Exploiting Vulnerabilities Back in
Page 35 and 36: Data Loss Prevention in Turbulent T
Page 37 and 38: ● ● ● ● ● Which sensitive
Page 39 and 40: A Digital Journey: A Long and Windi
Page 41 and 42: Unfortunately, some in IT may miss
Page 43 and 44: Why Ensuring Cyber Resilience Has N
Page 45 and 46: In terms of data safeguards, some o
Page 47 and 48: Case studies Recently, the GRIMM in
Page 49 and 50: About the Author Adam Nichols is th
Page 51 and 52: With 3G and 4G, mobile operators an
Page 53 and 54: Don’t Wait, Automate How An Indep
Page 55 and 56: configuration, but also for faster
Page 57 and 58: Data breaches can lead to huge fina
Page 59 and 60: Whom Do You Give Access to Communit
Page 61 and 62: Reapproaching Cybersecurity in A Di
Page 63 and 64: isk having to pay any fines? The an
Page 65 and 66: Penetration testing essence Being o
Page 67 and 68: In a nutshell Brand reputation and
Page 69 and 70: Plan Planning for ICS Security need
Page 71 and 72: About the Author Dirk Schrader is t
Page 73 and 74: Joseph Carson, chief security scien
Page 75 and 76: 1. Educate your people on the impor
Page 77 and 78: we’ve dealt with many breaches th
Page 79: Clean Water Shows Us Why Cyber Cert
Page 83 and 84: Best Practices for Mitigating Insid
Page 85 and 86: Why We Care About Cybersecurity Hyg
Page 87 and 88: The Third-Party Remote Access Secur
Page 89 and 90: Evaluating Third-Party Security Pra
Page 91 and 92: wake of the massive SolarWinds atta
Page 93 and 94: · Rethinking Unattended Access Day
Page 95 and 96: About The Author Ryan Heidorn is a
Page 97 and 98: In the traditional fortress model,
Page 99 and 100: Threat Hunting: Taking Action to Pr
Page 101 and 102: posture built on anticipating the u
Page 103 and 104: • Organizations depend upon CISOs
Page 105 and 106: Two Sides of the Same Coin: Providi
Page 107 and 108: security protocols. Given the const
Page 109 and 110: In this article, we will explain wh
Page 111 and 112: Protect Your Business from DDoS Att
Page 113 and 114: Undermining Public Trust The cycle
Page 125 and 126: FREE MONTHLY CYBER DEFENSE EMAGAZIN
Page 129: Cyber Defense eMagazine - June 2021
show all

Cyber Defense eMagazine June 2021 Edition

Create successful ePaper yourself

Delete template?

Save as template?