Due to the increasing pressures from external and internal threats, organizations responsible for critical infrastructure need to have a consistent and iterative approach to identifying, assessing, and managing cybersecurity risk. This approach is necessary regardless of an organization’s size, threat exposure, or cybersecurity sophistication today. NIST’s Framework for Improving Critical Infrastructure Cybersecurity may be helpful for organizations seeking to apply the principles and best practices of risk management to improve security and resilience.
Similar to wardriving, when you cruise a neighborhood scouting for Wi-Fi networks, warshipping allows a hacker to remotely infiltrate corporate networks by simply hiding inside a package a remote-controlled scanning device designed to penetrate the wireless network–of a company or the CEO’s home–and report back to the sender.
A new group of Intel vulnerabilities, collectively called Microarchitecture Data Sampling (MDS), were disclosed last week. The vulnerabilities allow attackers to steal data as processes run on most machines using Intel chips. The vulnerabilities affect nearly every Intel processor released in the past decade and may be especially dangerous in multi-user environments like virtualized servers in data centers.
The NIST cybersecurity practice guide, Mobile Device Security: Cloud and Hybrid Builds, demonstrates how commercially available technologies can meet your organization’s needs to secure sensitive enterprise data accessed by and/or stored on employees’ mobile devices. The document proposes a reference design on how to architect enterprise-class protection for mobile devices accessing corporate resources.
A survey released on Tuesday suggests the federal government’s recommended framework for how companies can reduce their cybersecurity risk is gaining traction.