Welcome to our Cyber News Roundup, your go-to source for staying informed about the ever-evolving world of cybersecurity. Staying ahead of the curve is more crucial than ever as cyber threats continue to evolve and adapt at an unprecedented pace.
Each week, we’ll share a curated selection of top stories from around the globe. Whether […]
The National Security Agency’s (NSA) Cybersecurity Information Sheet (CIS) entitled “Advancing Zero Trust Maturity Throughout the Network and Environment Pillar” outlines how organizations can enhance their network security within the Zero Trust model. This involves leveraging advanced cybersecurity strategies to mitigate risks of lateral movement by malicious actors within networks.
In a recent […]
Summary. Cybersecurity risks continue to rise, further increasing the severity of long-term impacts.
The latest IBM Data Breach Report revealed 82% of breaches involved data stored in the cloud—public, private, or multiple environments, with attackers gaining access to multiple environments 39% of the time. In 2023, the average cost of a data breach reached an […]
The cybersecurity landscape is an ever-evolving domain with threats sprouting up constantly. The recent revelation concerning vulnerabilities in Rockwell Automation’s ThinManager ThinServer has highlighted the urgency for robust cybersecurity measures in the realm of industrial control systems (ICS).
Understanding the Rockwell Automation ThinServer Vulnerabilities
Rockwell Automation’s ThinManager ThinServer, a product designed for […]
In February 2023, a 21-year-old Massachusetts Air National Guard member accessed and posted hundreds of classified documents on voice over Internet Protocol (VoIP) and instant messaging platform Discord. The impacts were far-reaching. Not only is the Air Force working to understand how top secret information could be leaked so easily, but the base where the […]
One of the most significant benefits of implementing a multi-cloud strategy is the flexibility to use the right set of services to optimize opportunities and costs. As public cloud service providers (CSPs) have evolved, they have started to excel in different areas. For example, programmers often prefer to use Azure because of its built-in development tools. However, they often want their apps to run in AWS to leverage the elastic cloud compute capability. Adopting a multi-cloud strategy enables enterprises to benefit from this differentiation between providers and implement a “best of breed” model for the services that need to consume. They can also realize significant efficiencies, including cost-efficiency, by managing their cloud resources properly.
In football, scoring a touchdown means moving the ball down the field. In most cases, forward motion starts the drive to the other team’s end zone. For example, the quarterback might throw to a receiver or handoff to a running back. Network attacks often follow a similar pattern: Malicious actors go straight for their intended target by evaluating the digital field of play and picking the route most likely to succeed.
In both cases, however, there’s another option: Lateral movement. Instead of heading directly for the goal, attackers move laterally to throw defenders off guard. In football, any player with the ball can pass parallel or back down the field to another player. In lateral cyberattacks, malicious actors gain access to systems on the periphery of business networks and then move “sideways” across software and services until they reach their target.
The Executive Order on Improving the Nation’s Cybersecurity in 2021 requires agencies to move towards zero trust in a meaningful way as part of modernizing infrastructure. Yet, federal agencies typically find it challenging to implement zero trust. While fine in theory, the challenge often lies in the legacy systems and on-premises networks that exist with tendrils reaching into multiple locations, including many which are unknown. Identity management and authentication tools are an important part of network security, but before you can truly implement zero trust, you need an understanding of your entire infrastructure. Zero trust isn’t just about identity. It’s also about connectivity.
Cyberattacks on government agencies are unrelenting. Attacks on government, military, and contractors rose by more than 47% in 2021 and can continue to climb. Today’s cybercriminals, threat actors, and state-sponsored hackers have become more sophisticated and continue to target government data and resources. For governmental agencies, hardening security requires a return to “need to know” using zero trust security protocols.
Organizations need a cybersecurity strategy to protect both infrastructure and customer data from growing cybersecurity threats and RedSeal professional services are the solution to all your cybersecurity answers.
