A healthy dose of skepticism is never a bad idea in cybersecurity. People will try to take advantage of chaotic situations, bad ideas will be expressed when people have ulterior motives, and sometimes a flashy headline is designed to sell you ads rather than give you useful information.
1. Fake Kaseya VSA security update backdoors networks with Cobalt Strike
Attacker’s creed: never let a good disaster go to waste. The lesson for defenders? Chaotic conditions demand extra vigilance – when things go wrong, it’s helpful to have defined procedures and team members trained via exercises/drills to respond.
2. RSA sponsored content issues
Kudos to RSA for (retroactively) policing their sponsored content and dunking on the “blame the interns” meme. But how did an article about blockchain fixing TCP/IP security issues that didn’t demonstrate a solution at all make it through editorial reviews?
3. Headline-driven threat landscape
Media sensationalism is nothing new, and the problem is worse in tech and infosec due to unfamiliar vocabulary. It takes time and effort to contextualize cyber risk, so both infosec and business leaders need to allocate that time rather than following clickbait headlines.
If you enjoyed this post be sure to check our blog weekly; the Risk Roundup runs Friday mornings in addition to more enlightening content we post related to the ever-evolving landscape of digital risk. Follow us on Twitter (@SolveCyberRisk) and LinkedIn (Coalition Inc). If you have any suggestions for content that we should be adding to our reading list, let us know!