Week in review: 5 free online cybersecurity resources for SMBs, AI tools might fuel BEC attacks


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Balancing cybersecurity with business priorities: Advice for Boards
In this Help Net Security interview, Alicja Cade, Director, Financial Services, Office of the CISO, Google Cloud, offers insights on how asking the right questions can help improve cyber performance and readiness, advance responsible AI practices, and balance the need for cybersecurity with other business priorities.

Wargaming an effective data breach playbook
Foreseeing every possible twist and turn of a breach may be impossible, but through extensive wargaming, teams can simulate diverse situations to give them a proactive edge.

5 free online cybersecurity resources for small businesses
This article will explore five free resources that small companies can leverage to improve their cybersecurity posture without breaking the bank.

Economic uncertainty drives upskilling as a key strategy for organizations
In this Help Net Security video, Aaron Rosenmund, Director of Security Research and Curriculum at Pluralsight, discusses how investing in tech skills development helps equip overwhelmed employees with the tools needed to conquer new and unfamiliar responsibilities.

AI tools like ChatGPT expected to fuel BEC attacks
Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get them in front of unsuspecting employees, according to Armorblox.

Security beyond software: The open source hardware security evolution
Mention IT security, and most people immediately think of software-based protections against software-based threats: ransomware, viruses, and other forms of malware.

Implementing a zero-trust system that uses workload identity across a service mesh in Kubernetes
In this Help Net Security video, Michael Peters, Principal Software Engineer at Red Hat, discusses how to implement a zero-trust system that uses workload identity across a service mesh in Kubernetes to provide explicit authorization between services, as well as centralized policy enforcement between those services and integrations with up and coming projects like Keylime (for identity tied to hardware attestation) and Sigstore (for identity during software builds).

Researchers discover sensitive corporate data on decommissioned routers
Looking at configuration data, 56% of decommissioned routers disposed of and sold on the secondary market contained sensitive corporate data, according to ESET.

The biggest data security blind spot: Authorization
Too many people have access to company data they don’t need. Also, too many companies focus on authentication (verifying identity) as a security measure and overlook the importance of authorization (verifying right to access).

Ransomware reinfection and its impact on businesses
In this Help Net Security video, AnnMarie Nayiga, Lead MDR Analyst at Malwarebytes, talks about the dangers of ransomware reinfection.

Outdated cybersecurity practices leave door open for criminals
Organizations experienced a significant increase in ransomware – from an average of four attacks over five years in 2021 versus four attacks over the course of one year in 2022, according to ExtraHop.

The staying power of shadow IT, and how to combat risks related to it
As the pandemic drove companies to adopt cloud apps so that remote workforces could continue to do their jobs – and as employees necessarily became more independent and felt empowered to purchase the apps they wanted – the awareness of shadow IT’s existence changed.

How companies are struggling to build and run effective cybersecurity programs
In this Help Net Security video, Joe Payne, President at CEO at Code42, discusses how data loss from insiders is not a new problem but has become more complex.

Tight budgets and burnout push enterprises to outsource cybersecurity
With cybersecurity teams struggling to manage the remediation process and monitor for vulnerabilities, organizations are at a higher risk for security breaches, according to Cobalt.

Pre-pandemic techniques are fueling record fraud rates
Within the largest financial institutions, insurers, and retailers, the rise and adoption of AI, an impending recession, and the return of pre-pandemic fraud techniques are driving record rates of fraud attacks for consumers and enterprises alike, according to Pindrop.

AI verification systems give businesses an edge over scammers
Fraudsters are underestimating the power of AI to detect fake IDs, according to a new report from Ondato.

New infosec products of the week: April 21, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Armorblox, Cofense, D3 Security, Sotero, Venafi, Veracode, Versa Networks, and Zyxel Networks.



Source link