5.24.23 > Brian Kenyon Multi-factor authentication is — thankfully — a normal part of our digital experience. Whether at work, connecting with your bank, or logging in to social media, we’re used to the extra step of entering a short code or acknowledging a push notification during login. Attackers are on the hunt In recent years, attackers have grown an arsenal of capabilities — varying from sophisticated to straight-forward — to bypass the security MFA provides. Examples from recent incidents that included MFA bypasses are the SolarWinds breach, which was carried out by Russian state-actors the NOBELIUM APT; the Nvidia ...

5.17.23 > Kristine (Kristy) Livingston This year the Cyber Security Summit theme is “Resilience Unlocked”. As we discuss and plan cyber resiliency in our security programs, leaders must prepare for resilience on their teams, the careers of the people on their team, and their own lives. Resilience in our Teams: Resilience is the preparation for when things do not go as expected. Many time we are focused solely on the technology or the business process, but we should remember the people that perform the tasks as well. When we lose people due to layoff, injury, or illness our teams must ...

5.15.23 > Scott Singer The impact of a cybersecurity attack on a medical device can have negative effects on patient safety.  In addition, there are privacy concerns that can arise from the data gathered from such devices.  Whether it is patient safety or patient privacy, the FDA is now putting out specific guidance in a recently released policy. Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act | FDA Beginning October 1, 2023, medical devices that are considered cyber devices (defined below) will be required to meet certain ...

5.10. 23 SPECIAL NEWS ALERT CISA and Partners Disclose Snake Malware Threat From Russian Cyber Actors 05/09/2023 11:00 AM EDT Today, CISA and partners released a joint advisory for a sophisticated cyber espionage tool used by Russian cyber actors. Hunting Russian Intelligence “Snake” Malware provides technical descriptions of the malware’s host architecture and network communications, and mitigations to help detect and defend against this threat. CISA urges organizations to review the advisory for more information and apply the recommended mitigations and detection guidance. For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to ...

5.8.23 > Aimee Martin Let’s start with definitions.  Although there are many different definitions out there for security and compliance, here is a simplistic version: Security – systems, controls, and processes a company designs to internally protect assets. Compliance – meeting the standards a third-party has determined best practice or legal requirement. They are NOT the same.  You can be compliant and not secure, and you can be secure but not compliant. Compliant but not secure – are able to check the boxes, have strong policies and procedures, but they are inconsistently adopted and often do not meet the “spirit ...

5.3.23 > Shayla Treadwell, Ph.D. As a cybersecurity professional, working in a volatile, uncertain, complex, and ambiguous world means consistently putting out fires. When thinking about putting out small fires, typically one would think of working through small problems that need to be solved quickly before they become bigger. But what happens when there are many small fires? What risks do you open your organization up to when people unintentionally open themselves up to risk? Targeting unintentional insider threats all organizations to build security-first cultures while building organizational resiliency so that if something goes wrong you don’t simply bounce back ...

5.1.23 > CDR Chip Laingen, USN (Ret.), MPA My current roles in business and academia have afforded me two uniquely rewarding perches from which to view innovation, both in terms of the creation of products and services, and the leadership and management of them. As the director of a large technology-focused business alliance, I’m immersed in the corporate cultures and strategic plans of many diverse businesses, large and small.  And as a graduate faculty member for masters-level degree programs, I’m privileged to witness mid-career professionals study challenges within their firms and put forth recommendations to fix them through their capstone ...

4.24.23 > Matt Hoyland for Island "Sometimes changing one thing changes everything.  The Browser is the Enterprises most used application, but Browser's traditional focus has been for Advertisements and Content Delivery.  Our friends at Island reimagine the Browser to give Enterprises full control of their data and how it interacts with other applications.  The TAG Cyber team recently took a look at the Enterprise Browser, and makes a very compelling case on why it should be included in compliance frameworks." This note introduces a set of cybersecurity requirements that should be integrated into the browser and included in major compliance frameworks to counter common ...

4.19.23 > Tony Sager I just checked – my first connection to the Minnesota Cyber Summit was in 2016 as a speaker.   In fact, I think it was the first time I had ever set foot in the State of Minnesota. How the cyber-time flies (even if progress feels glacial!)   I forget the details, but the connection between the non-profit Center for Internet Security and the Minnesota cyber community was triggered by Colonel Stefanie Horvath (now BGEN) of the MN National Guard. One thing led to another, and I was invited to give a talk at the event. (Making Best ...