You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.

NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

• Cyber Bits & Bytes

• Cyber Stats

• Early Warning - Top Ten Cyber Vulnerabilities

• Featured Article - Zero Trust Demystified: 5 Essential and Elusive Questions Answered

• Cyber Quote - Cybersecurity Quote by Lior Div, CEO of Cybereason

• Free Cybersecurity Resources - eBooks, tools, apps & services

• Trending Story - Why You Should Opt Out of Sharing Data With Your Mobile Provider

• Cybersecurity News Highlights

• Cyber Scam of the Week - New Alert! Cybercriminal at Your Door

• Social Posts of the Week

Cyber Bits & Bytes

Our Lady of the Lake hit by a cyberattack; victims say hackers got Social Security and other data - Read more in this San Antonio Express-News article.

What is reverse tabnabbing and how can you stop it? As reported in CyberTalk.org reverse tabnabbing, also known simply as tabnabbing, is a form of phishing that involves deceiving a victim into entering login credentials on a fake website; a website that’s controlled by a cyber attacker.

FBI: Business email compromise tactics used to defraud U.S. vendors is the title of a really good read on Bleepin Computer. The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email compromise that allow less technical actors to steal various goods from vendors. Typical business email compromise (BEC) attacks focus on stealing money by tricking the victim into diverting funds to the fraudster’s account.

Cyber Stats

Here are some of the top cybersecurity statistics:

• Global cybercrime damage is predicted to hit $10.5 trillion annually by 2025

• Global cybersecurity spending will exceed $1.75 trillion cumulatively from 2021-2025

• The world will have 3.5 million unfilled cybersecurity jobs in 2023

• Over 75% of targeted cyberattacks start with an email

• More than half of all consumers have experienced cybercrime, with around one in three falling victim in the past year alone

• The healthcare industry is expected to spend $125 billion on cybersecurity from 2020 to 2025 2.

• The first reported death by ransomware occurred in September 2020, when a ransomware attack caused an IT failure at a hospital in Düsseldorf, Germany

Sources: cybersecurityventures.com, us.norton.com, securityboulevard.com, boisestate.edu, antidos.com, cybersecurity ventures.

Early Warning - Top 10 Cybersecurity Vulnerabilities You Can't Ignore in 2023

Here are the current top 10 cybersecurity vulnerabilities according to cyber news provider CyberTalk.org:

1. Zero Day

2. Remote Code Execution

3. Poor Data Sanitization

4. Unpatched Software

5. Unauthorized Access

6. Misconfiguration

7. Credential Theft

8. Human Error

9. Vulnerable APIs

10. Third-party Risks

Featured Original Article

Zero Trust Demystified: 5 Essential and Elusive Questions Answered

In the ever-shifting landscape of cybersecurity, organizations must constantly adapt and innovate and fortify their defenses to protect their valuable assets from sophisticated and evolving threats. One approach that has gained prominence in recent years is the Zero Trust Framework. It is a security approach predicated on the notion of "never trust, always verify." As security leadership seeks to employ this framework to fortify their organizations, they are often confronted with a plethora of unanswered questions.

In this article, we will seek to unravel the mysteries surrounding the five key questions I continually hear as I meet with customers and security professionals all over. These questions range from aligning the Zero Trust Framework with existing security architecture and policies to measuring its effectiveness and determining when success has been achieved. By providing further insight around these commonly asked questions, it is my hope it will help equip security professionals with the insights necessary to implement and maintain a robust Zero Trust Framework that can stand up to the daunting challenges of today's cyber threats.

Question 1: How to Align a Zero Trust Framework with an Organization's Existing Security Architecture and Policies?

In recent years, the Zero Trust Framework has emerged as a powerful paradigm shift in the world of cybersecurity. It revolves around the idea of "never trust, always verify," which means that organizations should not implicitly trust any user, device, or network, whether internal or external. Instead, they should continuously validate and authenticate every access request, regardless of its origin. World-class implementations of a Zero trust framework attempt to achieve most of this additional validation and authentication largely behind the scenes so as not to take away or degrade the user experience for the organization’s employees, partners, and customers. This approach is an effective way to mitigate cyber threats and protect valuable data assets, as it minimizes the likelihood of unauthorized access or breaches.

Implementing a Zero Trust Framework in an organization requires careful examination of its existing security architecture and policies to ensure seamless integration. The following steps outline the process of aligning the Zero Trust Framework with your organization's current security setup:

1. Assess the Current State: Begin by examining your organization's existing security infrastructure, policies, and practices. Identify any areas that need improvement or are misaligned with the Zero Trust principles.
2. Map Existing Controls: Determine which existing security controls, such as firewalls, intrusion detection systems, and access control mechanisms, can be integrated into the Zero Trust Framework. This mapping exercise helps identify gaps and overlaps, allowing you to streamline the process and optimize resource allocation.
3. Define Clear Policies: Establish clear, consistent policies that govern user, device, and network access within the organization. These policies should follow the Zero Trust principles, ensuring that access is granted only after thorough validation and authentication. Ensure that your policies cover all aspects of your organization, including remote work and BYOD scenarios.
4. Establish Strong Identity and Access Management (IAM): Implement a robust IAM system that enables secure authentication and authorization of users, devices, and applications. Utilize multi-factor authentication (MFA), single sign-on (SSO), and role-based access control (RBAC) to enforce the principle of least privilege, granting access only to the necessary resources for each individual's role.
5. Deploy Micro-segmentation: Divide your organization's network into smaller, isolated segments based on the function or sensitivity of data. This approach reduces the attack surface and limits the potential damage in case of a breach, as attackers cannot easily move laterally within the network.
6. Continuously Monitor and Log: Implement continuous monitoring and logging of network activity, user behavior, and access requests. This data allows for real-time analysis and alerts, enabling rapid detection and response to potential threats.
7. Regularly Review and Adjust: Periodically review your security architecture and policies to ensure they remain effective and aligned with the Zero Trust Framework. As the threat landscape evolves and your organization grows, adjustments may be necessary to maintain optimal security.

By following these steps, security leadership can successfully align their organization's existing security architecture and policies with the Zero Trust Framework, enhancing overall protection and minimizing the risk of cyberattacks.

Question 2: What are the Key Components and Technologies Required for Effective Zero Trust Framework Implementation?

Implementing a Zero Trust Framework effectively necessitates the use of several key components and technologies that work together to provide a robust and secure cybersecurity environment. If your organization has already invested in any of the items below and this investment has the capability to meet your particular needs for Zero Trust, then you should by all means use it. In fact, it is potentially a great way to slim down any costs or reduce implementation time. The following are essential elements to consider when implementing the Zero Trust Framework in your organization:

1. Identity and Access Management (IAM): A strong IAM solution is critical to the Zero Trust Framework, as it enables the proper identification, authentication, and authorization of users, devices, and applications. Implementing multi-factor authentication (MFA), single sign-on (SSO), and role-based access control (RBAC) helps ensure that users are granted access only to the resources necessary for their roles and responsibilities.
2. Micro-segmentation: Micro-segmentation is the practice of dividing the network into smaller, isolated segments based on function, data sensitivity, or other relevant factors. This approach limits the potential damage in case of a breach by preventing attackers from easily moving laterally within the network.
3. Network Access Control (NAC): NAC solutions ensure that only authorized and compliant devices are allowed to access the network. They continuously monitor and enforce security policies, verifying the health and compliance of connected devices and blocking access when necessary.
4. Security Information and Event Management (SIEM): A SIEM system collects, analyzes, and correlates security event data from various sources, including logs, network traffic, and user activity. SIEM helps security teams detect and respond to potential threats in real time, enabling rapid incident resolution and minimizing damage.
5. Data Loss Prevention (DLP): DLP solutions monitor and control the movement of sensitive data, both within the organization and across its perimeter. They help prevent unauthorized access, exfiltration, and disclosure of sensitive information, which is crucial for maintaining data integrity and compliance with regulations.
6. Encryption: Encrypting data at rest, in transit, and during processing adds an additional layer of security, ensuring that even if unauthorized access occurs, the data remains unreadable and useless to attackers.
7. Endpoint Security: A comprehensive endpoint security solution, including anti-malware, host-based intrusion prevention systems (HIPS), and endpoint detection and response (EDR) technologies, helps protect devices from malware, exploits, and other threats, reinforcing the Zero Trust Framework.
8. Cloud Access Security Brokers (CASB): As organizations increasingly adopt cloud services, CASBs help enforce security policies and controls for cloud applications and data, ensuring that they adhere to the Zero Trust principles.
9. Threat Intelligence: Integrating threat intelligence feeds and platforms into your security ecosystem can help you stay informed about emerging threats and vulnerabilities, enabling proactive defense strategies and informed decision-making.
10. Continuous Monitoring and Analytics: Continuously monitoring and analyzing network activity, user behavior, and access patterns allows security teams to detect anomalies and potential threats quickly, ensuring swift response and mitigation.

By leveraging these key components and technologies, security leadership can implement a Zero Trust Framework effectively, significantly enhancing their organization's overall cybersecurity posture.

Question 3: How to Measure the Effectiveness and Success of a Zero Trust Framework in an Organization

Evaluating the effectiveness and success of a Zero Trust Framework implementation within an organization is crucial to ensuring that the framework is functioning as intended and providing the desired level of security. While there are several objective elements listed below to measure and evaluate, you should also consider some subjective elements around the soft benefits like brand reputation protection, customer loyalty, and others. The following metrics and indicators can help security leadership measure the impact of their Zero Trust implementation:

1. Reduction in Security Incidents: One of the most telling signs of a successful Zero Trust implementation is a noticeable decrease in the number and severity of security incidents. Track the number of breaches, unauthorized access attempts, and other incidents before and after the implementation to quantify the improvement.
2. Faster Incident Detection and Response: Zero Trust Frameworks emphasize continuous monitoring and real-time analytics, which should lead to faster detection and response times for security incidents. Measure the average time it takes to detect and respond to incidents and compare these figures to pre-implementation data.
3. Compliance Metrics: Ensuring compliance with various industry standards and regulations is an essential aspect of maintaining a secure environment. Monitor compliance metrics, such as the percentage of devices meeting security policy requirements or the number of data access policy violations, to assess the effectiveness of your Zero Trust implementation.
4. User Access Metrics: Analyzing user access patterns, such as the number of unique users with access to sensitive resources, the percentage of users with the least privileged access, or the number of successful MFA challenges, can provide insight into how well the Zero Trust principles are being enforced in the organization.
5. Network Segmentation Metrics: Assess the effectiveness of your micro-segmentation implementation by monitoring metrics like the number of network segments created, the percentage of traffic traversing segment boundaries, and the number of attempted unauthorized segment access incidents.
6. Security Maturity Level: Assess the overall security maturity of your organization by using industry-standard maturity models, such as the NIST Cybersecurity Framework or the CIS Controls. Compare your organization's maturity level before and after the Zero Trust implementation to determine its impact on your security posture.
7. Employee Awareness and Training: Zero Trust Frameworks require a comprehensive understanding of security policies and procedures by employees. Measure the effectiveness of training programs, such as the percentage of employees who have completed training or the results of simulated phishing attacks, to gauge the organization's preparedness for a Zero Trust environment.
8. Return on Investment: Evaluate the financial impact of implementing the Zero Trust Framework, including costs associated with technology acquisition, deployment, and maintenance, as well as any financial benefits resulting from the reduction in security incidents or increased operational efficiency.

Reviewing, analyzing, and sharing these metrics with executive leadership will enable security leadership to assess the effectiveness and success of their Zero Trust implementation. By addressing any areas of concern, ensuring gaps are handled properly, and continuously refining the framework, organizations can maintain a robust cybersecurity posture that aligns with the evolving threat landscape.

Read more of this article here.

Cyber Quote

Free Resources

• eBook: "9 Things Leaders Should Know About Cyber Insurance"

• CSO Online: "The CSO guide to top security conferences"

• CISA Releases ESXiArgs Ransomware Recovery Script

• SANS Security Policy Templates

• Web Security Academy - Free, online web security training

• CISA - Free Cybersecurity Tools and Services

• At Bay - Free Cyber Risk Calculator

Trending Story

Other Bytes

Cyber Scam of the Week

New Alert! Cybercriminal at Your Door

Ring is a popular brand of security cameras designed for home safety. Unfortunately, Ring customers were the latest victims of a phishing attack. Cybercriminals sent phishing emails spoofed as Ring to try and steal customers’ sensitive information.

Cybercriminals start this attack by sending you a phishing email with an HTML file attached. The email looks like it’s from Ring, and it instructs you to open the file to update your Ring membership. If you click this file, you’ll be redirected to a malicious website that spoofs Ring’s login page. This website prompts you to enter sensitive information, such as your credit card number and social security number. If you enter your information, you’ll be redirected to Ring’s legitimate website, making the email look more real.

Follow the tips below to stay safe from similar scams:

Never click a link or download an attachment in an email that you aren’t expecting.

If you receive an email claiming that you need to make changes in your account, always log in to the organization’s website directly.

Remember that this type of attack isn’t exclusive to Ring. Cybercriminals could use this technique to impersonate any type of service.

This Cyber Scam is provided by our sponsors: Netsync & KnowBe4

Cybersecurity Social

Just a couple of interesting social posts