Five Cybersecurity Articles to Check Out This Weekend

By Bobby Hilliard

As a new weekly feature, we’ll be sharing recent news we found insightful and that you may have missed. Give these a read, and let us know what you think on Twitter.

Fileless malware is a new type of attack that is on the rise. This is a particularly alarming attack that is increasingly difficult to neutralize because of its ability to hide in plain sight. Inform yourself and stay vigilant about the ever-evolving threat landscape.

Read more here: ThreatPost: Hard Target: Fileless Malware

“Conventional malware isn’t going anywhere anytime soon, said Edmund Brumaghin, threat researcher with Cisco Talos. But he said, the increase in fileless attacks isn’t seeing a corresponding response on the defensive side because only a minority of organizations are running memory-analysis tools. “From the perspective of an attacker, that’s opportunity to take advantage of while they still can,” Brumaghin said.”

The life of a CISO is anything but conventional. In a market where CISOs are in high demand, how do you acquire a position that matches your long-term goals? Find out how some of the cybersecurity industry’s sharpest minds make their employment choices. 

Read more here: CSO Magazine: How CISOs Find Their Perfect Job

“It’s a good time to be a CISO. In a market where analysts say there are over 1 million unfilled job openings, and with demand expected to rise to 6 million globally by 2019 -- according to the Palo Alto Research Center, if you do a good job other opportunities are sure to follow.”

Governments around the world are facing a growing surge in attacks that are targeted, stealthy, and dangerous. While there are layered systems in place to ward off would-be breaches, inadequate protection such as weak passwords or reliance on a single solution or technology to solve problems remain common problems in security defenses. Governments must rethink their security approaches to defend against relentless attacks.

Read more here: Harvard Business Review: 8 Ways Governments Can Improve Their Cybersecurity

“The increasing use of phishing by cybercriminals to trick users into divulging their password credentials is the most alarming — a recent report from the Anti-Phishing Working Group (APWG) found that 2016 was the worst year in history for phishing scams, with the number of attacks increasing 65% over 2015. Phishing was behind the DNC hack, as well as a breach of government email accounts in Norway, and was the method that state-sponsored hackers recently used in an attempt to steal the passwords of prominent U.S. journalists.”

More than 78% of banking executives feel their systems are secure, but cybersecurity teams know better. Because many new methods such as fileless attacks are becoming increasingly prevalent, an attack can remain under the radar for months. A bank’s cybersecurity team must be on the cutting edge of the industry.

Read more here: Forbes: Banks Face Challenge of Integrating Cyber and Operational Risk

“Any successful cyberattack has the opportunity to affect people, processes and technology throughout the organization. In the wake of an attack, banks need to get IT systems back up and running, but they also need to reassure customers and regulators, deploy effective back-up systems, and potentially, compensate losses. This calls for advance planning, cooperation and communication between operational, risk, infrastructure and cybersecurity teams.”

Maintaining a comprehensive cybersecurity program takes two things: a team that tackles problems head-on, and the right budget resources. When an organization chooses not to bolster a security team’s annual budget, this empowers the attacker. Cybersecurity evolves quickly and attackers are continuously adopting new methods to infiltrate security defenses. A security team’s budget should be considered one of the highest priorities as a means to defend against sophisticated attacks. 

Read more here: CIO Magazine: Enterprises Misaligning Security Budget Priorities

“451 Research found a misalignment between current threats and the appropriate defenses needed to truly protect an organization’s assets from compromise. To the extent that security spending continues to increase each year, a defensible argument could be made that, at worst, much of that money is being wasted or, at best, not adequately allocated.”

Do you have another article we may have missed? Share it with us. 

Follow us on Twitter (@NSSLabs) to keep informed as new research is released.