7 Cybersecurity Mindsets That Undermine Practitioners

The Critical Intersection Newsletter

Author

Mark Lynd
April 19, 2023

You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.

NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

  • Cyber Bits & Bytes

  • Cyber Stats

  • Early Warning - Seven Most Common Phishing Attacks

  • Cyber Quote - Cybersecurity Quote by Gene Spafford

  • Free Cybersecurity Resources - eBooks, tools, apps & services

  • Trending Story - 7 cybersecurity mindsets that undermine practitioners and how to avoid them

  • Cybersecurity News Highlights

  • Cyber Scam of the Week - New FBI and IRS Alerts Against W-2 Phishing

  • Social Posts of the Week

Cyber Bits & Bytes

Payments Giant NCR Hit by Ransomware - Read more in this Security Week article.

CISA updates zero trust maturity model to provide an easier launch As reported in CSO Online, The Cybersecurity and Infrastructure Security Agency updated its Zero Trust Maturity Model to include a new stage that could make it easier for organizations to transition to a zero-trust architecture.

Why Endpoint Resilience Matters by Microsoft as reported by Security Week. When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own security.

Cyber Stats

Here are some of the top cybersecurity statistics:

  • The global cybersecurity market is predicted to reach up to $352.25 billion by 2026, with an annual growth rate of 14.5%

  • Every 39 seconds, one cyber attack takes place worldwide

  • The average time to identify a breach is 212 days, and the average cost of a malware attack on a company is around $2.4 million

  • Young adults 18-24 are the most likely victims of cyber attacks, and they often spend money to recover from the incidents

  • AI in the cybersecurity market is growing at a CAGR of 23.6% and will reach a market value of $46.3 billion in 2027 3

Early Warning - 7 Most Common Types of Phishing Attacks

Phishing attacks are one of the most common types of cyberattacks. Here are some of the most common types of phishing attacks:

  1. Spear phishing: This is a targeted attack that is directed at a specific individual or group.

  2. Whaling: This is a type of spear phishing that targets high-level executives.

  3. Clone phishing: This is when an attacker creates a fake copy of a legitimate email.

  4. Pharming: This is when an attacker redirects traffic from a legitimate website to a fake one.

  5. Vishing: This is when an attacker uses voice communication to trick victims into giving up sensitive information.

  6. Smishing: This is when an attacker uses SMS text messages to trick victims into giving up sensitive information.

  7. Evil twin phishing: This is a type of cybercrime where attackers create fake Wi-Fi hotspots to mimic public networks, like those found in airports and coffee shops, to steal personal data1

Sources: Panda Security, and Microsoft

Cyber Quote

Free Resources

Trending Story

7 cybersecurity mindsets that undermine practitioners and how to avoid them

CISOs and other security practitioners can sometimes see things from a negative perspective, which is understandable given the nature of the job. But correcting how we see the role of cybersecurity can lead to much more positive outcomes.

www.csoonline.com/article/3693255/7-cybersecurity-mindsets-that-undermine-practitioners-and-how-to-avoid-them.html

Other Bytes

7 tips for tackling cyber security technical debt - CyberTalk

The cyber risk landscape is evolving. Novel attack types are appearing at an unprecedented rate. Get the latest on tackling technical debt.

www.cybertalk.org/2023/04/17/7-tips-for-tackling-cyber-security-technical-debt

Cyberinsurance Backstop: Can the Industry Survive Without One?

The cyber insurance industry is lobbying for a government backstop. But what is an insurance backstop, and is one necessary?

www.securityweek.com/cyberinsurance-backstop-can-the-industry-survive-without-one

Cyber Scam of the Week

New FBI and IRS Alerts Against W-2 Phishing

There is a wave of W-2 phishing attacks going on. We see these coming in through thousands of reported scam attempts via our Phishing Alert Button. The FBI and the IRS have repeatedly posted warnings that these attacks have started early and that the volume has gone up significantly this year.

Remember those Nigerian prince emails? They are also called 'Nigerian 419' scams because the first wave of them came from Nigeria. The '419' part of the name comes from the section of Nigeria's Criminal Code which outlaws the practice. Well, those gangs have all "growed up" and they are now behind many of today's W-2 scams. It is surprisingly easy to do a little bit of research and send a spoofed email that looks like it is from the CEO.

These W-2 scams are hitting everywhere, even a Cybersecurity Contractor was hit with one of these. On Thursday, March 16, the CEO of Defense Point Security, LLC — a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company fell for a W-2 spear phishing attack.

What To Do About It

I strongly suggest you send this to all employees, and mark it as important for all staff in HR, Legal, and Accounting. Feel free to copy/paste/edit:

"This year, authorities are warning about a massive wave of W-2 tax form phishing scams. Cybercriminals are sending "spoofed" emails that look like they come from the CEO or another C-level executive and ask for a PDF with the W-2 tax information of all employees. The W-2s have all the information needed to file fraudulent tax returns and steal anyone's identity.

Here are five steps to prevent an incredible amount of hassle and possible damage:

  1. If you receive any email requesting any kind of W-2 tax information, pick up the phone and verify that request before you email anything to anybody.

  2. File your taxes at the state and federal level as quickly as you can, or file for an October 16 extension early, before the bad guys can file a bogus claim.

  3. Consider filing form 14039 and requesting an IP PIN from the government. Form 14039 requires you to state you believe you are likely to be a victim of identity fraud. Even if cybercriminals haven’t tried to file a bogus tax return in your name, virtually every American's data has been stolen which can lead to your identity being stolen.

  4. Every 4 months, get a free once-a-year credit report from the three major credit bureaus. Get them on your calendar (cycle through them) and dispute any unauthorized activity.

  5. Place a "security freeze" or "credit freeze" on your files with all three credit bureaus to prevent ID thieves from assuming your identity and opening up a line of credit in your name.

This time of year, it is more important than ever to Think Before You Click!

This Cyber Scam is provided by our sponsors: Netsync & KnowBe4

Cybersecurity Social

Just a couple of interesting social posts

The Critical Intersection Newsletter