Follow the latest news from the CYRIN Cybersecurity Training Team!
An ongoing series to help secure you and your organization. Check back regularly for updates.
Zero trust could be the future of cybersecurity. If so, cybersecurity will look much different than how it is practiced currently. Zero trust security assumes no one and no device or application is universally trusted, whether inside or outside the network... [read more]
A digital twin is a virtual representation or model of a real-world object, process or system that is informed by real time data. These integrated digital environments utilize both cutting age technology and human creativity. [read more]
Cybersecurity has truly entered a new era and a new frontier - space. Space is a growing part of the critical infrastructures in the world, and the risks of cyberattacks on satellites have increased, with commercial spacecraft and military communications at risk of being dangerously compromised. [read more]
Recently researchers at Zscaler claimed that a ransomware gang received $75 million, reportedly the largest ransom payment made by a cyberattack victim since records began. An undisclosed Fortune 50 company paid this record-breaking figure to the Dark Angels ransomware group. The question for any company is - what would you pay and what does it cost to defend yourself? [read more]
Recently, cyber hackers have been in the news for hitting strategic targets. CDK Global, a company that provides software technology to over 15,000 car dealerships in North America, was hit during the week of June 17th and dealerships faced major disruptions to vehicle sales, financing, insurance and repairs. [read more]
The summer season is upon us, and we thought some of these classic books, news articles or podcasts could be on your summer reading list. Here are some of our picks. [read more]
On February 21, 2024, there was a catastrophic attack on the nation’s largest medical claims clearinghouse, Change Healthcare, which is owned by UnitedHealthcare Group. Change Healthcare was infiltrated and taken down by cybercriminals affiliated with hacker collective AlphV. Such a serious breach has dangerous implications for the healthcare industry and has reinvigorated conversations in the private sector and government on how to best protect sensitive medical information. [read more]
The quickly changing cybersecurity landscape begs the question: is the current cybersecurity training being offered adequate to address the chronic shortage of trained professionals? Knowing there is a talent shortage, we’re looking at the steps colleges and universities (and others) across the country are taking to help close the skills gap, and what help they are receiving from the government and private sector. [read more]
If you’ve worked in engineering or manufacturing, you’re already familiar with a bill of materials, or BOM: “a list of all the parts needed to manufacture a specific product – from raw materials to subcomponents and everything in between, along with quantities of each one needed to correctly finish that product.” What role does a Software Bill of Materials (SBOM) play? [read more]
The grid is where it all begins. As the foundational piece of the nation’s infrastructure, a cyber-attack on the grid can put all critical infrastructure at risk. A major attack on the grid could be transformational and catastrophic, impacting water, sewer, power, communications, and financial systems, eventually impacting food, transportation, and healthcare. [read more]
It seems like 2024 is starting off like 2023 with AI one of the hottest topics of 2023, and still a hot topic in 2024. According to Wikipedia, the most viewed article in 2023 was about ChatGPT, more popular even than the Barbie movie or Taylor Swift... [read more]
As we wrap up another year, we look ahead now to 2024 and what experts say will be the most crucial areas of potential risk in the rapidly changing world of cybersecurity, where cyber threats continue to become more and more sophisticated. [read more]
It seems like a good idea to share information with other people in your sector and even government agencies so that they can spread the alarm about cyber breaches at your company, school, or organization. A great example of that was a recent breach at digital identity management services provider Okta which reported that some of its customers were targeted and it probably happened because an employee logged into a personal Google account on a company laptop. [read more]
In May of this year something unusual happened: the food and agriculture industry formed an ISAC, called the Food and Ag-ISAC or Food and Agriculture Information Sharing and Analysis Center. Cyber experts have repeatedly cited the sector’s lack of its own ISAC as a dangerous security gap in the industry’s ability to get a full picture of the tremendous risks it faces. [read more]
Healthcare records contain some of the most valuable and valued personal information we have. But are those records safe, and if they’re not what does it mean? What are the disastrous potential consequences if rogue agents were to hack or get hold of these records and documents that contain some of the most intimate details of our lives? [read more]
Security. How do you manage it in today’s complex environment? Managed Security Service Providers (MSSPs) say they have the resources and expertise to help companies and agencies operate more securely by providing integrated and constant monitoring of security devices and systems. [read more]
The internet runs on open-source software (OSS). It’s probably fair to say that open source is everywhere. The Linux kernel, one of the building blocks of open source, is literally embedded in everything from most super computers, cloud computing, billions of phones, and most operating systems. [read more]
This summer we’ve rounded up some interesting cybersecurity stories that in some cases are creating news headlines and making waves in the industry. We thought some of these should make your summer reading list. [read more]
Something happened last month that hasn’t fully happened in 28 months, as some 40,000 cybersecurity individuals convened in person at the RSA conference in San Francisco. A lot has happened in those nearly three years. [read more]
There is a lot in the news today about privacy, cyber, AI, and ChatGPT. Everyone is concerned about our networks, our technical advantage or disadvantage; who is watching us and who is protecting us? [read more]
We know from recent news reports and publicity surrounding it that ChatGPT is having a major impact on the tech scene, with wider implications for many industries and people in ways that are yet to be imagined. [read more]
Satellites and terrestrial networks are nearly fully integrated, from telecommunications to GPS to reliable internet access in remote communities around the world. In 2023, the space age is deeply connected to everything we do on land. How will this impact cybersecurity? [read more]
Advanced Persistent Threats (APTs) pose a unique challenge with motives, techniques, and tactics that differ from traditional cyberattacks. APTs evade existing security measures and fly under the radar. [read more]
As we turn the page on 2022, cybersecurity threats are continuing to create problems for businesses, institutions, and individuals. What might be the top cybersecurity issues for 2023? [read more]
As we approach the end of the year, we’ve collected a brief look at some of the more interesting cybersecurity and scientific stories of 2022. [read more]
How vulnerable is the country’s electrical grid? What happens when it is even temporarily compromised — and what safeguards might be put in place to prevent a collapse? [read more]
It seemed simple enough: in 2014 the California Public Utilities Commission (CPUC) directed the State’s three largest utilities to come up with a program to address the threat of wildfires. [read more]
In part two of our series, we’ll see what some organizations are doing to fill the gap. [read more]
Part one of a two-part series on the shortage of cybersecurity professionals. We’ve heard and read the resports for years — we do not have enough cybersecurity workers — either in the U.S. or internationally. [read more]
Quantum computing sounds like the stuff of science fiction. Isn’t it too far in the future to worry about? Why are top cyber security officials so alarmed about quantum computing as the next big cyber threat? [read more]
It seems that May is the month of anniversaries for cybersecurity. Last year it was Colonial Pipeline. Five years ago, it was the North Korea-backed WannaCry cyberattack. Many have speculated that recent events have created a “tipping point.” [read more]
The metaverse represents the idea of an immersive, next generational virtual 3D world. It promises to connect all sorts of digital environments in a digitized mimicry of the actual world we live in. How is the metaverse set to change cybersecurity in the years ahead? [read more]
In these dynamic, ever-changing, anxiety-producing times things have amped up in Cybersecurity, and it’s true now, more than ever, that Cybersecurity never sleeps. Russia’s invasion of Ukraine – and the likelihood of cyberattacks abroad – has only increased attention on the urgent need for cybersecurity. [read more]
“It’s rare that four government agencies issue a joint advisory on a potential threat to the basic health and welfare of the entire U.S. population,” Mark Montgomery and Samatha F. Ravich write in the Washington Post. “But that’s what happened in October... [read more]
Log4j – it’s considered one of the most significant vulnerabilities that will haunt cybersecurity professionals for years. On December 9, 2021, the Apache Software Foundation “disclosed a massive vulnerability in Log4j,” its Java logging library. This disclosure “triggered a cat-and-mouse game as IT professionals raced to secure their systems against cybercriminals looking to exploit a huge, now-known issue.” [read more]
If 2021 has taught us anything, it’s to expect the unexpected. Just when you think something is a sure bet, you get a course correction and it just doesn’t happen the way you anticipated. But that doesn’t seem to stop anyone (including us!) from making predictions about what 2022 has in store for the world of cybersecurity... [read more]
The infrastructure bill signed by President Biden contains about $2 billion set aside for cybersecurity investments. Half of that funding, Cybersecurity Dive reports, “is for the State, Local, Tribal and Territorial (SLTT) Cyber Grant Program within the Cybersecurity and Infrastructure Security Agency (CISA) over four years.” [read more]
Finding workers, protecting workers, keeping workers, and training workers. Whether it’s the government, the private sector, or colleges and universities, the great jobs and training migration is moving on all levels. Some people called it the great resignation when some 4 million people quit their jobs in August in the US alone. [read more]
Ransomware attacks have thrived during the pandemic, the numbers rising 62% globally last year to 305 million attacks. The world-wide cost to business in 2020 was $20 billion, up from $11.5 billion a year earlier. [read more]
How do you build community when in-person events are transformed into virtual or hybrid events? How do you generate camaraderie among employees when so many of us are still working from home? How do you stay current about cybersecurity when so many conferences have moved online? [read more]
Ten years ago, the computer systems of the corporate security giant RSA were hacked. The intruders’ final target? [read more]
According to CNN, in the weeks just before the Colonial Pipeline ransomware attack, the company had posted a job listing for a cybersecurity manager... [read more]
It could be the tipping point. Some are calling it America’s “Sputnik” moment. The Colonial pipeline attack. It brings back images from the 1970s of the oil embargo, rationing, and long lines at the gas pumps. Should the attack on the Colonial pipeline be considered an act of war? Is this the final act in a long string of events that will change how we think about cybersecurity? [read more]
President Biden unveiled a $2 trillion-dollar jobs and infrastructure plan at the end of March that includes at least $100 billion for a variety of infrastructure priorities, including modernizing the electric power grid. The grid has become increasingly vulnerable to a growing number of cyberattacks, so security experts are looking closely at Biden’s proposal to see what kind of funding it contains to address cybersecurity... [read more]
One year ago. The pandemic hit. And if you think about it, in many ways the world has been upside down ever since. So what have we learned during this time and how does it affect us moving forward - in cyber and other critical areas? Have we "jumped into the future," doing many things now that we thought were coming in 5–10 years? [read more]
So far, 2021 has seen some serious cyberattacks – with significant consequences. First there was the massive SolarWinds attack. Soon after, the Florida Municipal Water supply was attacked, with hackers tampering with the internal controls and attempting to poison the water supply in the city of Oldsmar with massive amounts of lye. “It was a wake-up call...” [read more]
At the end of 2020, Russia pulled off what Wired called “the biggest espionage hack on record.” At its most basic level, it was a supply chain compromise that led to what many in the industry call a “man-in-the-middle” attack. Except that SolarWinds was inadvertently the man in the middle. [read more]
It feels strange to predict anything that might happen in 2021 given how little anyone could have predicted what happened in 2020. A pandemic? Remote work? Remote school? What other dystopic possibilities should we be ready for? [read more]
In Malcolm Gladwell’s bestseller Outliers, he wrote about the “ten-thousand-hour rule.” No one succeeds at a high level without innate talent, he wrote. But no one succeeds without practice, either: “achievement is talent plus preparation...” [read more]
What if pirates didn’t have to board ships they wanted to rob? What if they could do all of their piracy from their laptops? [read more]
Picture your dream job. Maybe the salaries are competitive. Maybe there’s a shortage of well-trained professionals in the industry, so your skills will be sought after and you will have your pick of positions. Maybe the work is innovative and different every day. Maybe you get to be part of a team. And maybe you get to help make the world a better place... [read more]
How do you generate a pipeline of talented people with the best possible cybersecurity training, who are prepared and ready to robustly defend government, commercial institutions, and corporate America? You create the Center for Academic Excellence in Cyber Defense (CAE-CD) program... [read more]
“Shockingly enough, I’ve never been to Defcon,” says longtime security researcher Ben Adida in a Wired article about the cancellation of the well-known event. “It’s never been a convenient time for me to travel. This might be the first year I attend. Remotely!” The pandemic has rendered things virtual that would have seemed impossible before... [read more]
Employees working from home and depending on third-party tools for day-to-day operations have rendered businesses and their networks more vulnerable to attacks. Cybercriminals are always adjusting their methodologies; they’re experts at exploiting any possible opening. And the current pandemic has only increased our exposure to cyberattacks... [read more]
The pandemic is changing everything, and if you are involved with cybersecurity and education, this crisis will affect you directly in subtle and not so subtle ways. We took a look at two industries heavily impacted by current events: higher education and utilities. These two arenas highlight how technology is affected by changes wrought by the current crisis—and also how technology and cyber security are helping these two distinctly different communities navigate these challenging times... [read more]
There’s nothing like a pandemic to remind us of the importance of preparation—and the high costs that come with not being prepared. Human beings, corporations, the Utility Industry—we’re all vulnerable to anticipated attacks, but we’re also at risk due to attacks we cannot anticipate... [read more]
The modernization of Industrial Control Systems (ICS) in the electric power industry will render the industry vulnerable to increased cyber security risks. The network of power plants and power lines that connect homes and businesses is among the world’s most critical infrastructures—and developments in technology have increased the utility’s “attack surface.” The once clear dividing lines between the grid’s physical systems and its technological systems have been blurred... [read more]
Cyberattacks are growing in frequency and intensity. Every day there’s a new hack or breach reported in the news. We’re more connected than ever—and our devices are connected, too: refrigerators, cars, televisions, phones, doorbells, you name it. Plus, we continue to store increasing amounts of vulnerable and private information online, documents like medical records. In many ways, the electric grid is America’s first line of defense... [read more]