Cyber Security Today, August 2, 2023 – A valuable report from the CISA

Share post:

A valuable report from the CISA.

Welcome to Cyber Security Today. It’s Wednesday, August 2nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

I’m away for a few days, so this podcast doesn’t have the latest news. Instead I want to draw listeners’ attention to an analysis issued last week by the U.S. Cybersecurity and Infrastructure Security Agency.

(CISA) of 121 risk and vulnerability assessments it did last year. It does these for federal, state and local agencies as well as some critical infrastructure companies who have suffered cyber attacks.

IT and security leaders can learn a lot from the three main conclusions.

First, threat actors completed their most successful attacks by commonly known methods, such as phishing and exploiting unchanged default credentials in hardware and software.

In fact accessing valid accounts — including default passwords on administrator accounts or former employee accounts that weren’t deleted when the staffer left — made up 54 per cent of successful attacks studied.

Second, threat actors used constantly changing tools and techniques to successfully conduct these common attacks.

And third, many IT environments across a variety of critical infrastructure sectors had the same vulnerabilities that allowed successful attacks.

One lesson from the report: Having bulletproof identity and access control over applications is vital to stopping most attacks. This includes having phishing-resistant multifactor authentication.

Another lesson: Regular security awareness training for employees. One-third of incidents studied involved employees falling for phishing links.

Another lesson from the report: Preventing initial access by an attacker should be the main goal in protecting IT network assets and data.

There’s a lot in this 18-page report for IT and security leaders, especially those in smaller organizations with few resources or immature cybersecurity programs.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, August 2, 2023 – A valuable report from the CISA first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Air Canada admits hack of employee data

Hacker had "limited access" to data, ai

DDoS attacks behind Canada border agency problems

Canada’s border control agency is the latest federal department to confirm it was hit by a recent wave of denial of service attacks. “The Canada Border Services Agency (CBSA) can confirm that connectivity issues that affected kiosks and electronic gates at airports on Sunday, September 17, 2023 are the result of a distributed denial of

DDoS attacks behind Canada border agency problems

Canada’s border control agency is the latest federal department to confirm it was hit by a recent wave of denial of service attacks. “The Canada Border Services Agency (CBSA) can confirm that connectivity issues that affected kiosks and electronic gates at airports on Sunday, September 17, 2023 are the result of a distributed denial of

Cyber Security Today, Sept. 20, 2023 – A new online card-skimming campaign, new WinServer backdoors and more

This episode reports on the possiblity that thousands of internet-facing Juniper SRX firewalls and EX switches may be at risk from a new way to exploit a recently discovered vulnerability

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways