Press "Enter" to skip to content

Cyber resilience gaps as CISA issues warnings

The World Economic Forum’s new Global Cybersecurity Outlook 2022 report highlights the gap between the business suite and information security around a company’s cyber resilience.     Quoting ZDNet, 92% of business executives surveyed agree that cyber resilience is integrated into enterprise risk management strategies – or in other words, protecting the organization against falling victim to a cyberattack or mitigating the incident, so it doesn’t result in significant disruption. Only 55% of security-focused executives believe cyber resilience is integrated into risk management strategies, indicating a substantial shift in cybersecurity attitudes.

Why?   The cyber teams feel they are often not consulted.   

CISA is warning about the recent incidents in Ukraine, advising alertness, and has issued an advisory.  This is aimed at all US organizations, and these are data-wiping attacks.  The UK’s National Cybersecurity Center has published guidelines for organizations to use with customers regarding SMS and phone calls.      There are also warnings of a new ransomware family called “White Rabbit,” now seen in the wild and is possibly a side-operation of the FIN8 hacking group.    It’s tiny and lightweight, includes double extortion, and threatens to leak data if the ransom isn’t paid. 

Some research from BitWarden points to technologists as part of the problem for security policies.    The data shows that 53% of IT decision-makers shared passwords via email, significantly increasing from 39% just a year earlier.   Almost half (44%) of the InfoSec pros in that survey said security rules and policies “aren’t worth the hassle.”

Microsoft updated their patches that broke systems last week.  Some Windows Server 2012 systems went into a boot loop, others had broken Windows VPN clients, and another group had hard drives become unusable.   An out-of-band fix is now available.  

Cybercriminals are also taking advantage of Log4Shell vulnerabilities in SolarWinds Serv-U and ZyXEL devices.     Vulnerabilities, in general, remain widespread in healthcare – half of the internet-connected devices in hospitals are vulnerable to attack.    The infusion pump is the most common one, with 73 percent having a vulnerability.    This is from a report by cybersecurity company Cynerio.  

Finally, some Microsoft and Crowdstrike research highlight the motivations of ransomware hackers – it’s not all about the money.    Sometimes it’s about disrupting enemies, embarrassing victims, data theft… as well as intelligence and military use.  

Why do we care?

This again feels like the tactical updates required to survive delivering IT these days.