Credible sources for threats, vulnerabilities, updates, and security news CYBR650 Week 6

The ‘Current Trends in Cybersecurity’ class has proven to be one of the best classes I’ve taken in this degree program. During week 2, I listed several credible sources of information for threats, vulnerabilities, updates, and security news. Although I haven’t actually used those sources for this week’s assignment, I still believe they are credible and I actually discovered some additional sources:

* https://www.csoonline.com/. One of their articles by Justin Dolly points out the top 5 cybersecurity concerns for 2018. Cyberthreats continue to rise exponentially, and no one (consumers or businesses) seems to be exempt from malware attacks and data breaches. The top five threats to watch out for in 2018 are (1) cryptojacking; where an attacker secretly uses someone’s computing device to mine cryptocurrency. Websites can run hidden cryptocurrency mining scripts in a user’s browser without the user’s knowledge. The attacker mines cryptocurrencies by using the computer's CPU to earn money for someone else. (2) PowerShell-based attacks; where an attacker uses malicious scripts to communicate with compromised websites acting as proxies for the command and control server. (3) Further growth in the cybercriminal underground; where the increase in cybercriminal tools and lower expertise will increase the number of cybercriminals. (4) Security software will be targeted; where attackers will target trusted programs and the software and hardware supply chain to control devices and manipulate users. (5) More cyber criminals will use worms to launch malware; where attackers will make more use of worm functionality to spread malware, simply because network compromise from worms spread faster than many other methods. Read more at https://www.csoonline.com/article/3241766/cyber-attacks-espionage/top-5-cybersecurity-concerns-for-2018.html.

* https://digitalguardian.com/. This is another great source for cybersecurity news. One article by Greg Funaro details several cybersecurity issues organizations can work on in an attempt to increase the effectiveness of their cybersecurity effort: (1) Treat data protection as your top priority. Recent data breaches at Equifax and several large U.S. banks only serve to emphasize the importance of protecting classified data. The fallout from losing sensitive data can be tremendous, including loss of customers, loss of revenue, and having to pay some hefty fines.  (2) Identify your critical IT assets and sensitive data. This is key to any organization. Once critical assets are identified, companies can go to work to gain visibility and control capabilities that can prevent attackers from accessing and stealing classified data. (3) Protect data assets. It’s just not enough to identify critical assets, but steps must be implemented to protect them carefully. When sensitive data is classified properly (using digital labels like “confidential”, etc.) it can help to protect information more likely to be targeted by attackers. Additionally, organizations must track who is accessing data and how that data is being used and shared, both internally and externally. (4) Pursue security education for employees. It’s just not enough to invest in security for critical assets. Part of that investment must include educating employees in password and data security practices. Employees must be aware that they play a crucial role in the security within their organization. Education on social engineering techniques and widespread attack methods can empower employees to recognize and report such attacks. (5). Compliance is not enough. In fact, compliance with industry and even government standards is often the beginning steps to securely protect sensitive data. Read more at https://digitalguardian.com/blog/5-cybersecurity-issues-avoid.

* https://www.infosecurity-magazine.com/news/. This magazine is actually one of my favorite sources for Information Security and IT Security News & Articles. One interesting article lauds the security for Windows 10 as being almost twice as safe as Windows 7. I find this surprising, especially since my assignment for another class in this Cybersecurity major was on the many vulnerabilities identified in the Windows 10 operating system. The author states that almost all the devices that were victims of the WannaCry ransomware attack were running Windows 7; even so, companies continue to rely on Windows 7 more than Windows 10. It seems that consumers are more prone to make better decisions, with almost 72% of home user devices migrating to Windows 10 by December 2017. Read more at https://www.infosecurity-magazine.com/news/windows-10-safe/.