X-Industry

The economic downturn predicted for 2023 will lead to layoffs but cybersecurity workers will be least affected, says the latest (ISC)² report. Also, as soon as things get better, they will likely be the first ones to get (re)hired.  Execs have finally realized the importance of cyber security.

There have been massive layoffs by tech and other companies in the last few months.  In December 2022, (ISC)² polled 1,000 C-suite executives from Germany, Japan, Singapore, the UK and the US about whether

Four out of five (79%) businesses make most cyber security decisions without insights into the threat actor targeting their infrastructures.  The claims come from Google-owned threat analytics company Mandiant, which has also said that while 67% of cybersecurity decision makers believe senior leadership teams still underestimate cyber-threats, 68% agree their organization needs to improve its understanding of the threat landscape.[1]

The data in Mandiant's Global Perspectives on Threat Intellige

With historic inflation, rising prices, the escalating Ukraine conflict, and massive job losses in banking and tech, policymakers and executives are stretched to deliver a recovery agenda to get the world back to normal.

Most have little bandwidth for yet more problems to solve, like the impending perils faced by cyber threats.  Sadie Creese, a Professor of Cyber Security at the University of Oxford, said, “There's a gathering cyber storm and it's really hard to anticipate just how bad that will

Benjamin Franklin had it right so many years ago: “An Ounce of Prevention is Worth a Pound in Cure.”  An ounce of prevention in cyber security is now a requirement.  Due to the number of cybersecurity firms that have entered the market in recent years, it is evident that all industries are reaching a level of heightened anxiety.  Some organizations are on alert because they know their networks have already been targeted by state-sponsored hackers, others know their executives are being targeted

Based on the US Federal Bureau of Investigation’s 2021 Internet Crime Report, there were 847,376 cybersecurity complaints last year, representing almost $7 billion in business losses.  That number is an increase from 301,580 claims representing $1.4 billion in losses in 2017.  All this even though businesses and governments spend billions of dollars to fight these attacks. Microsoft alone spends about $2 billion annually to address cybersecurity.  Why then, despite the big brains and big budgets

Our monthly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.

Link to full report: IR-22-180-001_IntelSummary180.pdf

Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions. 

Link to full report: IR-22-090-001_IntelSummary090.pdf

A provocative piece from Vox, explains the current state of the Russian Cyber War.   After three weeks of fighting, Russia is beginning to deploy increasingly brutal tactics in Ukraine, including indiscriminate shelling of cities and “medieval” siege warfare. Other elements of its military strategy, however, are conspicuously absent in cyberwarfare.  Russia has a history of employing cyberwarfare tactics, which some experts believed could feature prominently in its invasion of Ukraine. The cyber

With geo-political events evolving minute by minute regarding the Russian/Ukraine conflict, cyber security has been pushed to one of the top concerns relating to baniking and business enterprises.  Almost every aspect of life, commerce, governments, and military operations are tied directly to cyber activity.  Insert the added dimension of private hacking groups getting involved with this new ‘cyber-war,’ only makes the situation even more volatile. 

It is common knowledge in the cyber security

Cybersecurity is more than meets the eye.  Proper security contains several layers, including adequate training and technology, to meet HIPAA compliance guidelines. Healthcare organizations are responsible for implementing robust cybersecurity strategies to prevent cyberattacks.  The healthcare industry claims to prioritize cybersecurity efforts, yet 18% of organizations allocate only 1-2% of their IT budgets to cybersecurity.  Covered entities who choose not to prioritize proper cybersecurity l

Wall Street, especially the insurance markets, is very concerned about the cyber security risks that state and local governments are facing, including a cascade of ransomware attacks targeting a public sector which is still struggling with how to manage more and more on-line services during the never ending COVID-19 pandemic. 

“The landscape is changing quite rapidly right now, from the cybersecurity insurance and the threat landscape side, which leaves local governments in the middle dealing wi

The Port of Rotterdam in the Netherlands has launched its Secure Data Sharing Program through its Port Community System (PCS) PortBase.  The Port of Rotterdam is the largest seaport in Europe, and the world's largest seaport outside of East Asia.  From 1962 until 2004, it was the world's busiest port by annual cargo tonnage.  This port will serve as a leader in Port Cyber Security. 

With worldwide calls for better cybersecurity on the rise following reports that the cybercrime underground is rip

Area Maritime Security Committees 2020 Annual Report – Challenges, Suggestions, Accomplishments, and Best Practices.  The Office of Port and Facility Compliance is pleased to announce the publication of a consolidated report[1] on the status and work completed in 2020 by Area Maritime Security Committees.  Area Maritime Security Committees 2020 Annual ReportArea Maritime Security Committees 2020 Annual Report.[2]

Area Maritime Security Committees (AMSCs) provide a valuable forum to discuss and a

Auto manufacturers cannot afford to penny-pinch on cyber security and should manage risk from the very beginning of the design process and across the software development lifecycle and supply chain.  Cyber security affects our everyday lives, from the small-scale phishing emails you receive in your inbox to the ransomware attack that shut down the Colonial Pipeline earlier this year and caused panic and a run on fuel.  And it’s not just fuel that can be affected by cybersecurity attacks, but als

Outer space and cyberspace have something in common, they are both new frontiers for national security.  This confuses what has been traditional ideas of defense strategy, borders, and sovereignty.  These two areas are national critical infrastructure and are essential for any country to be secure and able to defend itself.  This ‘use’ means cyber and space can both be utilized for civilian and military purposes.

As a political and legal concept, sovereignty defines as a country’s authority to c

Working from home is a new work environment that will be with many employees and companies for years.  Since 2020 when the COVID-19 lockdowns began, cybercrime has increased drastically, and remote working has presented huge challenges and higher risks for many organizations. The surge of COVID-19 cases driven by new variants has challenged many companies to quickly devise long-term hybrid work models that meet the needs of their businesses and employees.  The term hybrid has been coined as ther

Since early in 2020, when the COVID-19 lockdowns began, cybercrime has increased significantly and remote working has produced major cyber security challenges and higher risks for many businesses and organizations.  The surge of CV-19 cases driven by new variants has challenged many companies to quickly devise long-term hybrid work models that meet the needs of their businesses and employees.  The term hybrid has been coined as there are many degrees from total office attendance to total at home

Security professionals have long wrestled with properly identifying rogue employees bent on crippling a company.  This was once evident in identifying stolen proprietary or classified paper documents for personal or professional gains – or some were just plain focused on outright revenge and destruction.  Now ‘everything’ is cyber related, yes everything, and thus cyber security meets with physical security, human resources (HR) and company management teams.  This lateral cooperation is a must i

US Government Cyber Warning Summary:

Immediate Actions You Can Take Now to Protect Against Ransomware

• Make an offline backup of your data.
• Do not click on suspicious links.
• If you use RDP, secure and monitor it.
• Update your OS and software.
• Use strong passwords.
• Use multi-factor authentication.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on US holidays and we

A recent report by Ponemon Institute[1] and commissioned by Team Cymru found that half of the organizations surveyed experienced disruptive cyber-attacks from repeat sophisticated threat actors, the majority of whose exploits were unresolved.  Although organizations acknowledged experiencing disruptive attacks and from repeat offenders, total remediation was not possible.  According to the report, this situation left personal data and organizations’ infrastructure at risk of more attacks.  Last