Comar Cyber

01/11/2022

What industry could have the biggest impact on improving the nation’s posture?

🏵️ Military cyber defense?
💻Cybersecurity startups?
👮Law enforcement?

Correct Answer: the industry

Mark Elliott makes the case here at : http://ow.ly/g9eg50Hs0yk

01/07/2022

A recommendation to financial advisors to take cybersecurity awareness training. While this is good common sense advice, soon there will likely be regulations requiring some kind of cyber training for those in this industry.

Security awareness training ramped up among FSIs large and small, as a means to prevent cyber-intrusion — particularly as many struggle with infrequent customers access and hold very critical financial data. For this final piece in a three-part series examining the threats and challenges facing fi...

12/07/2021

Follow Lloyd’s Example

Here's an important article about Lloyd’s of London cutting coverage for nation-state backed cyberattacks. They’ve realized that increasing numbers of cyberattacks are being launched by hostile nations or their proxies.

They’ve also likely realized that many companies have been relying on cyber insurance instead of taking minimum reasonable cybersecurity precautions like enforced password policies, timely software patching, and employee cybersecurity awareness training.

Cyberattacks deemed to be acts of war were already typically excluded, but when was the last time war was formally declared? For the US it was June 4… 1942. Against Romania.

Without getting mired in grappling with philosophical or legal definitions of acts of war, Lloyds has moved to modernize its policies to keep pace with new cyberattacks. US insurers should follow suit. Companies must now modernize their cybersecurity defenses or be left exposed.

The limits for state-sponsored attack coverage comes at a time when nation-state activity and ransomware linked to foreign threat actors is surging.

07/03/2021

This is something different and more urgent than your typical ransomware attack warning. It’s a rare joint notice from NSA and CISA warning about a specific type of brute force attack being used by the Russian GRU:

The National Security Agency (NSA) and the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today issued a rare alert together that warns of widespread brute-force attacks on US and global organizations by Russia's GRU military intelligence agency that ini...

06/12/2021

https://twitter.com/business/status/1403722535590666240?s=21

“Here's why U.S. water and power utilities are shockingly vulnerable to cyberhacks https://t.co/vUgWF4ewMM”

02/23/2021

This article explains why email is still one of the weakest links for most companies. Hate to be that guy who quotes himself, but as I wrote in my thesis on cyber civil defense, "Securing the Internet can be likened to armoring a bicycle. The end result is something that lacks the best features of either ideal."

Even though the article offers some good technical solutions for improving email security, how many companies will adopt them? Until they're widely adopted, or more user friendly tech solutions come along, user training will be vital.

What is Business Email Compromise (BEC) and how to fight it with Email Authentication?

02/22/2021

Thought provoking article on why cybersecurity training is undervalued. Even though training can mitigate the risk of millions of dollars in cyber attack damage for a few thousand dollars, it's not embraced as a must-have like other professional training or cybersecurity hardware.

Research reveals a glaring disconnect between the need for security training and its perceived value. But organizations that have made their awareness programs a strategic priority and adopted more modern approaches are finding success.