Cyber Security Today, August 2, 2023 – A valuable report from the CISA

Share post:

A valuable report from the CISA.

Welcome to Cyber Security Today. It’s Wednesday, August 2nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

I’m away for a few days, so this podcast doesn’t have the latest news. Instead I want to draw listeners’ attention to an analysis issued last week by the U.S. Cybersecurity and Infrastructure Security Agency.

(CISA) of 121 risk and vulnerability assessments it did last year. It does these for federal, state and local agencies as well as some critical infrastructure companies who have suffered cyber attacks.

IT and security leaders can learn a lot from the three main conclusions.

First, threat actors completed their most successful attacks by commonly known methods, such as phishing and exploiting unchanged default credentials in hardware and software.

In fact accessing valid accounts — including default passwords on administrator accounts or former employee accounts that weren’t deleted when the staffer left — made up 54 per cent of successful attacks studied.

Second, threat actors used constantly changing tools and techniques to successfully conduct these common attacks.

And third, many IT environments across a variety of critical infrastructure sectors had the same vulnerabilities that allowed successful attacks.

One lesson from the report: Having bulletproof identity and access control over applications is vital to stopping most attacks. This includes having phishing-resistant multifactor authentication.

Another lesson: Regular security awareness training for employees. One-third of incidents studied involved employees falling for phishing links.

Another lesson from the report: Preventing initial access by an attacker should be the main goal in protecting IT network assets and data.

There’s a lot in this 18-page report for IT and security leaders, especially those in smaller organizations with few resources or immature cybersecurity programs.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, August 2, 2023 – A valuable report from the CISA first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

White house official tells insurance companies to stop paying ransoms. Cyber Security Today for Wednesday, October 9, 2024

White House urges end to insurance-funded ransomware payments, Comcast reveals a major data loss, Chinese hackers use a back...

AI pioneers Geoffrey Hinton and John Hopfield awarded Nobel prize in physics. Hashtag Trending for Wednesday, October 9, 2024

AI pioneers Geoffrey Hinton and John Hopfield get a Nobel prize in physics, Google is tracking your location...

Did tech companies jump the gun reducing their staff? Hashtag Trending for Tuesday, October 8, 2024

Did companies move too quickly to reduce their development staff? Have we reached the point where it’s impossible...

Cloudflare punches back and we all benefit: Hashtag Trending for Monday, October 7, 2024

WordPress blogging software leads to lawsuits, Cloudflare defeats patent troll in court and Eric Schmidt says keep building...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways