Tag: cyber measures
Cybercriminals crack MFA defenses
Cybercriminals are now using social engineering techniques developed to crack passwords to break through multi-factor authentication (MFA) defenses, such as sending a code to another device, such as the user’s smartphone. According to the UK’s National Cyber Security Centre (NCSC) report, Not all types of MFA are created equal...: “Attackers have realized that many of the same social engineering techniques that tricked us into handing over passwords can also be updated to overcome some methods of MFA. We’ve seen the success of attacks against MFA-protected accounts increasing over the past couple of years.”
Closing the chasm between cyber and CEOs
Risk is the common language that will close the knowledge and credibility chasm that frequently separates chief information security officers (CISOs) from their boards. Even in large organisations, the CISO is rarely awarded the authority granted automatically to the chief financial officer (CFO) and some other c-suite executives. But this is already starting to change as new laws on both sides of the Atlantic are making not only CISOs but also chief executive officers (CEOs) responsible by law for significant but essentially preventable cyber-breaches. The US Securities and Exchange Commission (SEC) last year is known to have notified the CFO and the CISO of SolarWinds about potential enforcement actions related to the 2020 cyberattack against the company’s Orion software platform, which the company had disclosed in a regulatory filing with the agency. This was further compounded when in October, the SEC finally charged SolarWinds and its CISO Timothy Brown with fraud and internal control failures for allegedly misleading investors about its cybersecurity practices leading up to the Sunburst attack discovered in December 2020.