Comar Cyber

What industry could have the biggest impact on improving the nation’s posture?

🏵️ Military cyber defense?
💻Cybersecurity startups?
👮Law enforcement?

Correct Answer: the industry

Mark Elliott makes the case here at : http://ow.ly/g9eg50Hs0yk

A recommendation to financial advisors to take cybersecurity awareness training. While this is good common sense advice, soon there will likely be regulations requiring some kind of cyber training for those in this industry.

Financial advisers embrace increased security awareness, controls Security awareness training ramped up among FSIs large and small, as a means to prevent cyber-intrusion — particularly as many struggle with infrequent customers access and hold very critical financial data. For this final piece in a three-part series examining the threats and challenges facing fi...

Follow Lloyd’s Example

Here's an important article about Lloyd’s of London cutting coverage for nation-state backed cyberattacks. They’ve realized that increasing numbers of cyberattacks are being launched by hostile nations or their proxies.

They’ve also likely realized that many companies have been relying on cyber insurance instead of taking minimum reasonable cybersecurity precautions like enforced password policies, timely software patching, and employee cybersecurity awareness training.

Cyberattacks deemed to be acts of war were already typically excluded, but when was the last time war was formally declared? For the US it was June 4… 1942. Against Romania.

Without getting mired in grappling with philosophical or legal definitions of acts of war, Lloyds has moved to modernize its policies to keep pace with new cyberattacks. US insurers should follow suit. Companies must now modernize their cybersecurity defenses or be left exposed.

Insurer Lloyd's slashes coverage on state-sponsored cyberattacks, reflecting battered market The limits for state-sponsored attack coverage comes at a time when nation-state activity and ransomware linked to foreign threat actors is surging.

This is something different and more urgent than your typical ransomware attack warning. It’s a rare joint notice from NSA and CISA warning about a specific type of brute force attack being used by the Russian GRU:

Dark Reading | Security | Protect The Business The National Security Agency (NSA) and the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today issued a rare alert together that warns of widespread brute-force attacks on US and global organizations by Russia's GRU military intelligence agency that ini...

https://twitter.com/business/status/1403722535590666240?s=21

Bloomberg on Twitter “Here's why U.S. water and power utilities are shockingly vulnerable to cyberhacks https://t.co/vUgWF4ewMM”

This article explains why email is still one of the weakest links for most companies. Hate to be that guy who quotes himself, but as I wrote in my thesis on cyber civil defense, "Securing the Internet can be likened to armoring a bicycle. The end result is something that lacks the best features of either ideal."

Even though the article offers some good technical solutions for improving email security, how many companies will adopt them? Until they're widely adopted, or more user friendly tech solutions come along, user training will be vital.

How to Fight Business Email Compromise (BEC) with Email Authentication? What is Business Email Compromise (BEC) and how to fight it with Email Authentication?

Thought provoking article on why cybersecurity training is undervalued. Even though training can mitigate the risk of millions of dollars in cyber attack damage for a few thousand dollars, it's not embraced as a must-have like other professional training or cybersecurity hardware.

Undervalued and ineffective: Why security training programs still fall short Research reveals a glaring disconnect between the need for security training and its perceived value. But organizations that have made their awareness programs a strategic priority and adopted more modern approaches are finding success.