Week in review: Active Directory security, Patch Tuesday forecast, stopping lateral phishing attacks

Here’s an overview of some of last week’s most interesting news, interviews and podcasts:

How can security teams effectively monitor OT and ICS networks?
Modern industrial operations are complex and dynamic environments that have unique security challenges. Andrew Ginter, VP Industrial Security at Waterfall Security Solutions, talks about the issues associated with creating a robust cybersecurity posture in this domain and introduces Waterfall for IDS, a new type of unidirectional gateway.

Nikkei hit by BEC scammers, loses $29 million
Japanese media company Nikkei Inc. is the latest organization to be fleeced by BEC scammers, to the tune of $29 million.

5 factors to consider when choosing an encryption key management system
Data breaches are at an all-time high with 2019 looking to one of the worst on record for data loses. Within the data security battle, encryption is considered to be the gold standard that provides protection through the whole data lifecycle.

IoT is an ecosystem, as secure as its weakest link
Remember when, three years ago, several Mirai botnets hit DNS provider Dyn and caused part of the Internet to be unreachable for most users in North America and Europe? For a moment there it really seemed that IoT security would become an indisputable necessity.

Detecting and tracking phishing campaigns through web analytics identifiers
Web analytics can also help defenders understand the full scale of a phishing campaign and mount takedown actions quickly.

Whitepaper: SIEM + Threat Intelligence
SIEMs are a powerful tool for collecting and correlating event data and have a well-deserved place within your security infrastructure for centralized log management. But to truly shine they need to be supported by other technologies in your arsenal – most notably, a threat intelligence platform.

A continuous problem: Tackling the cybersecurity skills shortage
We have read the over abundance of apocalyptic articles covering the growing talent shortage in cybersecurity. But buried under the hyperbolic numbers, there is a larger and more interesting story.

November 2019 Patch Tuesday Forecast: Out with the old, in with the new
There are only two more Patch Tuesday’s before the new year, but we already have something new to experience this November.

What financial records do companies need to keep, and for how long?
For most organizations, financial records make up the majority of their files and documents. These records must be kept safe but also accessible so that decision-makers can promptly get at the data they need. In short, proper record management is essential.

Key predictions that will impact CIOs and IT pros over the next five years
To support CIOs with guidance on complex, fast-moving environments and prescriptive, actionable recommendations, IDC published IDC FutureScape: Worldwide CIO Agenda 2020 Predictions.

Together, AI and the IoT are having a bigger-than-expected impact
A survey of global business leaders reveals the most significant predictor in realizing value from Internet of Things (IoT) initiatives across an organization is the heavy use of artificial intelligence (AI).

Cyber Security Evaluation Tool 9.2 released
The Cybersecurity and Infrastructure Security Agency (CISA) has released version 9.2 of its Cyber Security Evaluation Tool (CSET).

Global internet freedom declines for the ninth consecutive year
Governments around the world are increasingly using social media to manipulate elections and monitor their citizens, tilting the technology toward digital authoritarianism. As a result of these trends, global internet freedom declined for the ninth consecutive year, according to Freedom House.

Cybersecurity workforce skills gap rises to over 4 million
The estimated current cybersecurity workforce is 2.8 million professionals, while the amount of additional trained staff needed to close the skills gap is 4.07 million professionals, according to (ISC)2. The data indicates a necessary cybersecurity workforce increase of 145% globally.

The promise and peril of post quantum computing
In this Help Net Security podcast, Avesta Hojjati, Head of R&D at DigiCert, talks about the security implications of post quantum computing.

Who is responsible for Active Directory security within your organization?
Over one third (36%) of IT professionals say their organizations are more vulnerable to security threats now than they were five years ago, according to a new Alsid research.

Detecting and tracking phishing campaigns through web analytics identifiers
Cyber crooks are quick to abuse legitimate services for their own malicious purposes. One of the latest instances demonstrating this propensity involves phishing kit developers using web analytics to collect statistics on campaign effectiveness – information that helps them to continually improve their kits and keep up with demand.

Researchers develop machine learning-based detector that stops lateral phishing attacks
Lateral phishing attacks – scams targeting users from compromised email accounts within an organization – are becoming an increasing concern in the U.S.

Apple details new Safari, Location Services, Sign in with Apple privacy features
Apple has updated its privacy pages on Wednesday and shared three new white papers and tech briefs on how Safari, Location Services, and Sign in with Apple protect user privacy.

Defining risk controls that actually work
Previously, we looked at practical ideas for conducting the complex information security risk assessments that all enterprises should regularly perform. The right methodology will guide identifying the threats and vulnerabilities to which an organization is subject. Once that is done, it’s time to reinforce the right controls to mitigate them.

Download PPT template: Build your 2020 security plan
The 2020 Security Plan PPT Template is built to simplify this task, providing security decision makers with an off-the-shelf tool to clearly and easily present their plans and insights to management.

New, improved Microsoft 365 security and compliance features
Microsoft has announced a number of enhancements to help its business and enterprises customers improve security and compliance efforts.

Phishing attacks at highest level in three years
The number of phishing attacks continued to rise into the autumn of 2019, according to APWG.

New infosec products of the week: November 8, 2019
A rundown of infosec products released last week.

More about

Don't miss