New Bill Proposes Cybersecurity Training for U.S. House Members

Photo Source: Wikipedia

Don’t get me wrong.  I am excited and encouraged to know that certain members of the House recognized the need for cybersecurity awareness training for everyone in Congress and presented this legislation.  But I must admit that I am a bit sad and discouraged that it will take a literal act of Congress to force our government to train and prepare itself for these types of threats.

As the article mentions, this move is quite a few years late in terms of a best practices approach to cybersecurity.  Let’s hope it passes and our government can take another small step forward in the fight against cyber crime.  Let’s also hope that all other branches of our government see the value of this training and follow suit!

Cyber Security is About Culture and People, not Technology

Rarely do I agree as strongly with a post as I do with this content from the team at KnowBe4.  Successful cybersecurity defense is rooted in an aware and engaged organizational culture.  An organization needs consistent and effective security awareness training, and that training needs to be accepted and adopted and placed into action by all employees.  Everyone in the organization has a role and a responsibility in the success of the cybersecurity program.

NEW! KnowBe4 Offers No-Cost Children’s Interactive Cybersecurity Activity Kit

I am a big fan of any resource that can lead to keeping kids safer while online.  This is a link to free material including workbooks and videos from the team at KnowBe4.  Please take a look and consider sharing this with your kids or with local school resources.  It is very important we move the cIT security conversation forward with young internet users.

Krebs – How the U.S. Govt. Shutdown Harms Security

This is yet another reason why, regardless which side of the political aisle you call home, the current partial government shutdown is a bad thing.  We cannot afford as a nation to allow our cybersecurity to be weakened, even for a brief window of time.  Thank you, Mr. Krebs for shining a bright light on this issue.

Chile to revolutionize cybersecurity after the recent cyberattack

Read this article carefully.  It appears to be a discussion of how a bank survived a cyber attack and is working to become stronger through lessons learned.  The article discussed how preventative controls limited the attack and mitigated the losses.  It even discusses two new lines of defense the bank intends to deploy – reaching out to the international community for guidance, and reviewing current cybersecurity frameworks to improve internal processes.  What is buried in the last lines of the article is the scariest piece of information about the bank that is largely overlooked.  The current existing cybersecurity regulations for the bank dates to 1993.  Yes, you read that correctly – 1993.

Due diligence is not revisiting your cybersecurity plan once every couple of decades.  Almost every modern security framework discusses at least an annual review with additional reviews any time a new, significant threat is discovered or when a significant change is deployed within the organization.  Kudos to Chile for taking steps to modernize, but it never should have taken this long.

An Industry In Transition: Key Tech Trends In 2018

This is certainly an interesting read.  I particularly agree that a shift to Integrity and Availability is coming.  Users are finally starting to understand that cyber threats are not purely matters involving the confidentiality of data.  Uptime and reliability of information are becoming more and more paramount in the minds of the average data consumer.

I am also intrigued by the various paths that blockchain technology is taking.  This is a technology evolution worth paying close attention to.

A Sneak Peek at the New NIST Cybersecurity Framework

This is and will continue to be an important standard to understand and to reference as you make cybersecurity decisions for your organization or for your customers.  Though only directly applicable to federal institutions, the NIST Framework is the basis for many other compliance requirements including the FFIEC Cybersecurity model.

The Pitfalls of Cyber Insurance

The mystery of Cyber Insurance is certainly worth solving and this article is a good first step to understanding what an organization does and does not receive when purchasing cyber insurance.  It can be an excellent tool in the overall toolbox of cyber attack preparedness, but it is in no way a replacement for sound cybersecurity practices.