Dr. Chase Cunningham - Defend & Conquer Weekly Review October 26, 2023
- By Daniel Michan
- Published on October 26
Hey there! It's Dr. Chase Cunningham, also known as Dr. ZeroTrust. I apologize for being a little late with this week's update, as I've been traveling and working on Zero Trust projects with various organizations. But I'm here now to give you the top ten things you need to know in cybersecurity this week.
1. DoD Reviewing Implementation Plans for Zero Trust
The Department of Defense (DoD) is currently reviewing the implementation plans for Zero Trust. This is a significant development, as it shows that the government is taking the initiative to implement Zero Trust principles and allocate resources accordingly. The DoD will be reviewing a total of 47 implementation plans from military services and defense agencies, as mandated by Congress in the National Defense Authorization Act. This highlights the growing recognition and importance of Zero Trust in securing critical infrastructure.
2. TSA Introduces New Regulations for Logistics Carriers
The Transportation Security Administration (TSA) has introduced new regulations for real logistics carriers, focusing on securing railroads and trucking systems. While more regulations and bureaucracy may not always seem beneficial, these were developed with input from industry stakeholders and federal partners. The revised Security Directives aim to enhance rail and public transportation passenger railroad cybersecurity by requiring covered owners and operators to test their Cybersecurity Incident Response Plans on a yearly basis.
3. Growing Concerns about Cybersecurity Among Young Professionals
A recent study conducted by Genetec has revealed that young professionals in the physical security field are increasingly concerned about cybersecurity threats. The study gathered insights from 5,500 physical security leaders worldwide and found that while organizations are implementing new processes to protect themselves, the level of concern about cyber threats is rising. This indicates a significant shift in the mindset of the next generation of security professionals, who recognize the ongoing challenges and vulnerabilities in the cybersecurity landscape.
4. AI Deepfakes and their Impact on Elections
The Threat Landscape Report of the European Union Agency for Cybersecurity warns about the potential impact of AI deepfakes on upcoming European elections. The report highlights the need for vigilance in sectors such as public administration and healthcare, as deepfakes can spread rapidly and influence public opinion. The speed and spread of these malicious deepfakes pose a significant threat to the integrity of elections, making it crucial to develop strategies to detect and mitigate their effects.
5. Cyber Attack Exposes State Secrets in the Philippines
The Philippines was recently hit with a cyber attack that resulted in the exposure of state secrets. This incident highlights the interconnected nature of cybersecurity issues and the potential geopolitical fallout in the Pacific region. While the immediate impacts may be localized, it serves as a stark reminder that cyber attacks can have far-reaching consequences beyond the targeted entity.
6. Cybersecurity Incident Affects Medtech Company
A cybersecurity incident disrupted the manufacturing and distribution business of Henry Schein, a prominent medtech company. This incident not only caused temporary disruptions but also raised concerns about patient care. The company took systems offline and made necessary changes to mitigate the incident's impact. However, it's worth noting that claims of no data impact should be approached cautiously, as the full extent of the incident's consequences may not be apparent immediately.
7. Okta Cybersecurity Breach Wipes Out Market Cap
Identity management company Okta suffered a significant cybersecurity breach, resulting in a loss of over $2 billion in market capitalization. A hacking group gained unauthorized access to client files through a support system, causing a significant drop in Okta's stock price. This incident highlights the vulnerability of even well-established cybersecurity companies and the ongoing challenges in protecting sensitive user data.
8. Forbes Offers Simple Steps for Better Cybersecurity
In an article published on Forbes, seven simple steps were outlined for improving cybersecurity. While these steps may seem like common sense to many, it's important to reiterate their importance:
- Use multifactor authentication to enhance login security.
- Choose strong and unique passwords for sensitive accounts.
- Avoid accessing sensitive accounts on unsecured networks.
- Consider freezing your credit to prevent identity theft.
- Use credit cards with chips for increased security.
- Provide creative answers to security questions to enhance your account's protection.
- Regularly monitor and track your financial transactions for any suspicious activity.
These steps serve as a reminder that implementing basic cybersecurity practices can significantly reduce the risk of falling victim to cyber threats.
9. Cybersecurity Efforts in Non-Traditional Sectors
The growing importance of cybersecurity is evident in organizations that are not traditionally associated with the field. The Nmfta, a non-profit organization dedicated to the transportation industry, recently focused its efforts on cybersecurity. This trend highlights the increasing recognition of cybersecurity as a critical concern across various industries and sectors.
10. The Importance of Regular Cybersecurity Assessments
Regular cybersecurity assessments are crucial for maintaining a strong security posture. Organizations must consistently evaluate and update their security measures to stay ahead of evolving threats. Conducting forensic investigations and analyzing past incidents can help identify weaknesses and develop proactive strategies to mitigate future risks.
In conclusion, these top ten developments in cybersecurity emphasize the ongoing challenges faced by organizations and individuals in protecting sensitive data and critical infrastructure. Implementing Zero Trust principles, adhering to regulations, and maintaining a proactive cybersecurity approach are essential for staying secure in an increasingly digital world. Stay smart, stay safe, and stay secure!