Main predictions for 2020 are:
1. First real attacks using deep fakes (voice), including attacks on C-level and individuals.
2. the convergence of physical infiltration with cyberattacks, challenging security across the board e. g. "electrician" getting access to the unprotected network device.
3.Get ready for SMS attacks to go mainstream. This type of attack will come in three main forms: SIM swap, IMSI factors and SS7 hacks.
4. IT should expect new O365 phishing and malware attacks.
5. Phishing emails related to common industry tools or masquerading as trusted sources will be a common attack vector for stealing credentials and sensitive information.
6.Disaster Recovery-as-a-Service (DRaaS) will be mainstream, even for SMB organizations.
7. State and state-sponsored cyber groups continue to be proxy for international relations.
8. We expect to see federal agencies to increasingly differentiate their IT consumption models (e.g. cloud, MSP, etc.).
9. The digital advertising ecosystem will be the next top target as a new class of attacks emerges – As consumer experience becomes more important — and elaborate — advertisers harvesting troves of customer data will find themselves susceptible to a new wave of attacks from cybercriminals.
10. The use of and evolution of biometrics. Decentralized, device-managed biometrics will continue to rise as a convenient way to authenticate users.
2020 cybersecurity predictions | SC Media
https://www.scmagazine.com/home/security-news/2020-cybersecurity-predictions/
1. First real attacks using deep fakes (voice), including attacks on C-level and individuals.
2. the convergence of physical infiltration with cyberattacks, challenging security across the board e. g. "electrician" getting access to the unprotected network device.
3.Get ready for SMS attacks to go mainstream. This type of attack will come in three main forms: SIM swap, IMSI factors and SS7 hacks.
4. IT should expect new O365 phishing and malware attacks.
5. Phishing emails related to common industry tools or masquerading as trusted sources will be a common attack vector for stealing credentials and sensitive information.
6.Disaster Recovery-as-a-Service (DRaaS) will be mainstream, even for SMB organizations.
7. State and state-sponsored cyber groups continue to be proxy for international relations.
8. We expect to see federal agencies to increasingly differentiate their IT consumption models (e.g. cloud, MSP, etc.).
9. The digital advertising ecosystem will be the next top target as a new class of attacks emerges – As consumer experience becomes more important — and elaborate — advertisers harvesting troves of customer data will find themselves susceptible to a new wave of attacks from cybercriminals.
10. The use of and evolution of biometrics. Decentralized, device-managed biometrics will continue to rise as a convenient way to authenticate users.
2020 cybersecurity predictions | SC Media
https://www.scmagazine.com/home/security-news/2020-cybersecurity-predictions/
Scmagazine
2020 cybersecurity predictions
"White House releases guidance on #AI and report on automated vehicles" (via @DailyDashboard) https://t.co/5LPOJzhZoa https://t.co/pC98PPh8cn
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Обзор литературы, классификация и критерии оценки испытательных стендов по кибербезопасности IoT/CPS/SCADA: Cyber ranges and security testbeds: Scenarios, functions, tools and architecture
https://www.sciencedirect.com/science/article/pii/S0167404819301804
https://www.sciencedirect.com/science/article/pii/S0167404819301804
SP 800-137A (Draft), Assessing ISCM Programs: Developing an ISCM Program Assessment | CSRC
https://csrc.nist.gov/publications/detail/sp/800-137a/draft
https://csrc.nist.gov/publications/detail/sp/800-137a/draft
CSRC | NIST
NIST Special Publication (SP) 800-137A (Draft), Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing…
This publication describes an approach for the development of Information Security Continuous Monitoring (ISCM) program assessments that can be used to evaluate ISCM programs within federal, state, and local governmental organizations, and commercial enterprises.…
SANS broughts up complicatied issue - what happens with your digital assets after death or disability?
https://www.sans.org/security-awareness-training/resources/digital-inheritance
https://www.sans.org/security-awareness-training/resources/digital-inheritance
Forwarded from Листок бюрократической защиты информации
📣День открытых дверей в Роскомнадзоре
Коллеги, 28 января в Роскомнадзоре состоится традиционный День открытых дверей, приуроченный к Международному дню защиты персональных данных.
В программе мероприятия заявлены выступления А. Приезжевой, Ю. Контемирова и А. Гафуровой.
Разумеется, перед посещением можно заранее оставить вопрос, ответ на который будет публично озвучен.
⚠️Необходима предварительная регистрация!⚠️
Коллеги, 28 января в Роскомнадзоре состоится традиционный День открытых дверей, приуроченный к Международному дню защиты персональных данных.
В программе мероприятия заявлены выступления А. Приезжевой, Ю. Контемирова и А. Гафуровой.
Разумеется, перед посещением можно заранее оставить вопрос, ответ на который будет публично озвучен.
⚠️Необходима предварительная регистрация!⚠️
Advancing Cybersecurity Risk Management Conference | NIST
The Webcast Only Registration price is $80.00.
https://www.nist.gov/news-events/events/2020/05/advancing-cybersecurity-risk-management-conference
The Webcast Only Registration price is $80.00.
https://www.nist.gov/news-events/events/2020/05/advancing-cybersecurity-risk-management-conference
NIST
Advancing Cybersecurity Risk Management Conference
We know several colleges who adores podcasts
https://www.f-secure.com/en/business/our-approach/cyber-security-sauna
https://www.f-secure.com/en/business/our-approach/cyber-security-sauna
F-Secure
Cyber Security Sauna | F-Secure
Cyber Security Sauna (#CyberSauna), a podcast bringing you expert guests with sizzling insight into the latest information security trends and topics.
Nice report with the solid numbers and infographic about vulnerability management by ENISA.
https://www.enisa.europa.eu/news/enisa-news/the-state-of-cybersecurity-vulnerabilities-2018-2019
https://www.enisa.europa.eu/news/enisa-news/the-state-of-cybersecurity-vulnerabilities-2018-2019
www.enisa.europa.eu
The state of Cybersecurity Vulnerabilities 2018-2019
The European Union Agency for Cybersecurity, ENISA organises a joint workshop with CERT-EU, computer emergency response team for the EU Institutions, Bodies and Agencies to share information on key cybersecurity activities.
ISO - Reducing the risks of medical devices: international guidance just updated
"software as a medical device (SaMD)"
https://www.iso.org/news/ref2465.html
"software as a medical device (SaMD)"
https://www.iso.org/news/ref2465.html
Final version of white paper is published.
A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems | CSRC
https://csrc.nist.gov/publications/detail/white-paper/2020/01/14/a-taxonomic-approach-to-understanding-emerging-blockchain-idms/final
A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems | CSRC
https://csrc.nist.gov/publications/detail/white-paper/2020/01/14/a-taxonomic-approach-to-understanding-emerging-blockchain-idms/final
CSRC | NIST
A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems
Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing within organizations and on the web. Traditional identity systems typically suffer from single points of failure…