- Rising WFH fatigue
- NSA and CISA issue warnings
- SolarWinds third-party breach.
Know someone who should be getting the Situation Report in their inbox? Just forward this email and they can subscribe by scrolling to the bottom of www.blokworx.com.
This monthly newsletter is designed to arm SMBs, C-Suite, and MSPs with top insights and trends shaping the cybersecurity landscape in order to protect your business.
#1: Watch out for fatigue among cybersecurity teams and SOCs
- Getting tired of working from home? You’re not alone. One-third of Security Operation Center (SOC) environments were able to shift to remote work, yet half report feeling distracted and three-quarters are burnt out.
- This comes at a time when hackers are deploying phishing and malware to exploit the situation and enter corporate networks through employee homes.
Insight:
As noted in the recently released Microsoft Teams Security Report, the rules of engagement for securing endpoints have changed. The battle is now at each employee’s doorstep, which means that human monitoring must be coupled with advanced technology to prevent tomorrow’s threats. By working with our experts, you can develop a future-forward strategy to secure your network without sacrificing customer experience or employee morale.
#2: NSA and CISA issue new warnings for SMBs and enterprises alike
- This past week, the NSA advised security teams to implement enterprise DNS security protocols, while CISA warned federal agencies of ‘malvertising’ threats.
- During his keynote address at CES 2021, Microsoft’s Brad Smith predicted the rising importance of cybersecurity as “technology plays a more powerful role in our lives”.
Insight:
Cybersecurity is said to have caught the government’s interest in 1983, when Reagan watched WarGames and launched a national security directive to defend against bad actors. As the landscape increases in volume and complexity, public-private collaboration will be imperative to stopping the onslaught of cyberthreats.
#3: SolarWinds highlights the trickle-down effect of third-party breaches
- The infamous hack has made plenty of news cycles, but third-party supply chain compromises are nothing new. They’ve been happening for years, some of the earlier ones including Target in 2013 in which 40M credit cards were exposed, or Marriott in 2018 when it acquired Starwood and inherited the loss of 353M customer records.
- In 2019, the Ponemon Institute found that data breaches involving a third-party cost $370,000 more on average due to the volume and value of the compromised information.
Insight:
Compliance is not the same as preventive security. The most common vulnerabilities hackers exploit in third-party attacks are remote VPNs, phishing, and malware. How can businesses protect themselves while being forced to migrate to the cloud?
In Other News…
1/15: Ransomware to blame for almost half of all healthcare data breaches
1/13: SolarLeaks website claims to be selling files from SolarWinds hack
1/13: Gaming company Capcom discovers breach was larger than expected
1/12: Mimecast Certificate hacked in Microsoft Email supply-chain attack
1/11: Ubiquiti Networks faces data breach, details still unknown
1/9: Hackers set their sights on American retailers like DSW and Kmart