Items listed under "Cyber Threats"

Cybersecurity – Incident Response

People and organizations tend to focus on methods to prevent cyber attacks on their digital systems. While prevention is an important aspect of cybersecurity, it does not address an equally important piece of the cybersecurity puzzle – what to do when an...  [Read More]

If You Only Do One Thing….Data Privacy Day!

Thursday, January 28 is Data Privacy Day. This special day is celebrated across Europe, Canada, and the United States. The purpose of Data Privacy Day is to promote an awareness of data security, not only in the cyber community, but in the...  [Read More]

Encouragement, Mentoring, Admonishment

A wise man —a father figure to me— once explained that he would almost always begin mentoring on some need for change through encouragement. Encouragement failing, he would exhort. Exhortation failing, he would admonish. In the realm of cybersecurity, I perceive a...  [Read More]

Senate Takes More Action

Late last year the US Senate voted overwhelmingly to pass CISA, the Cybersecurity Information Sharing Act. That piece of legislation requires organizations to share cyber information between private entities and various government agencies in an effort reduce the impact of breaches to...  [Read More]

The Executive Wire Scam

Dear Social Engineering Diary, Phishing attacks have been with us for many the years. This sub-type of spam involves sending a mass of emails with a generic message that often seeks money. A more limited scope of attack that resurfaces from time...  [Read More]

Martin Luther King Day…and Thoughts on Cybersecurity

Monday, January 18th is Martin Luther King Day, a federal holiday that is observed the third Monday of January in recognition of his life’s work. Dr. King once said “The function of education is to teach one to think intensively and to think...  [Read More]

Dorkbot

In recent years there have been a substantial number of new and modified malware samples attacking our digital systems. Some have had mundane names, while others have had more flamboyant names, e.g. POODLE. Much like the latter, a recent sample has emerged...  [Read More]

Social Engineering Strikes Again!

Everyone with a vested interest in cybersecurity was at first shocked at the media headlines “CIA Director John Brennan and DHS Secretary Jeh Johnson emails hacked”. Once over the initial shock and reading below the headlines it became clear that it was...  [Read More]

Cybersecurity Is Alive and Well in US Nuclear Power Plants

The Nuclear Power Industry is working hard to protect their plants from cybersecurity attacks. The NRC issued 10 CFR 73.54 “Protection of digital computer and communication systems and networks” which requires power plant licensees to protect their systems and networks. They must...  [Read More]

Cybersecurity – Access Control

Cybersecurity controls are methods for mitigating risks to digital systems that can be applied to provide a higher assurance that those systems are protected. While this provides actions that help to prevent attacks, that does not mean hackers are not trying to...  [Read More]