Cyber Security Today, August 2, 2023 – A valuable report from the CISA

Share post:

A valuable report from the CISA.

Welcome to Cyber Security Today. It’s Wednesday, August 2nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

I’m away for a few days, so this podcast doesn’t have the latest news. Instead I want to draw listeners’ attention to an analysis issued last week by the U.S. Cybersecurity and Infrastructure Security Agency.

(CISA) of 121 risk and vulnerability assessments it did last year. It does these for federal, state and local agencies as well as some critical infrastructure companies who have suffered cyber attacks.

IT and security leaders can learn a lot from the three main conclusions.

First, threat actors completed their most successful attacks by commonly known methods, such as phishing and exploiting unchanged default credentials in hardware and software.

In fact accessing valid accounts — including default passwords on administrator accounts or former employee accounts that weren’t deleted when the staffer left — made up 54 per cent of successful attacks studied.

Second, threat actors used constantly changing tools and techniques to successfully conduct these common attacks.

And third, many IT environments across a variety of critical infrastructure sectors had the same vulnerabilities that allowed successful attacks.

One lesson from the report: Having bulletproof identity and access control over applications is vital to stopping most attacks. This includes having phishing-resistant multifactor authentication.

Another lesson: Regular security awareness training for employees. One-third of incidents studied involved employees falling for phishing links.

Another lesson from the report: Preventing initial access by an attacker should be the main goal in protecting IT network assets and data.

There’s a lot in this 18-page report for IT and security leaders, especially those in smaller organizations with few resources or immature cybersecurity programs.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, August 2, 2023 – A valuable report from the CISA first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Open Source AI: Hashtag Trending Weekend Edition – Show Notes

The conversation explores the topic of open source AI and its significance in the industry. It highlights the...

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

Resignations at OpenAI. Hashtag Trending for Friday, May 17, 2024

The question changes from “where’s Ilya” to what took so long?  Did Musk’s Neuralink team know there might...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways