17 Sep 2019

Deception Needs to be an Essential Element of Your Cyber Defense Strategy

In the cyber defense community, we talk about a wide-range of risk mitigating technologies, strategies, and activities.  We talk about attacker deterrence and increasing costs for the attacker.  We invest in endpoint agents, threat intelligence, DLM, and other mitigating technologies on a daily basis.

Here’s why one of the most compelling emerging use cases for increasing attacker costs is through the use of deception.

Read More
10 Sep 2019

Mitigating Risks To America’s Cognitive Infrastructure

This is the second of a series on our nation’s most neglected critical infrastructure, our cognitive infrastructure. The first post dove into the nature of the challenge and why it is so important for our future that the threats to our cognitive infrastructure are understood and addressed. This post flows from that one and suggests ways the nation can mitigate many of these risks.

Read More
09 Sep 2019

Should social media organizations be subject to strict privacy regulation?

Four out of five (80%) IT security professionals believe that governments should introduce new security and privacy legislation, and they feel this is particularly true for legislation dealing with the data collection and storage practices of social media companies. However, the vast majority (82%) of respondents said that lawmakers have

Read More
06 Sep 2019

Most citizens are against local governments paying ransomware attackers

Three in four (75%) US taxpayers are worried out ransomware threats to their private data and 80% are worried about how the threat impacts local governments, a new survey by Morning Consult and IBM shows. Around 60% of respondents don’t want targeted government entities to pay ransomware actors, and over

Read More
05 Sep 2019

US Lawmakers Propose Bill to Fortify Federal Cybersecurity

US lawmakers will introduce the Advancing Cybersecurity Diagnostics and Mitigation Act to the US House of Representatives this week. The law aims to bolster the government’s cybersecurity program by providing state, local, and tribal governments with access to the Continuous Diagnostics and Mitigation (CDM) program that has been in use

Read More
03 Sep 2019

America’s Most Critical Infrastructure is also Our Most Neglected Infrastructure

This special report is the first of a two-part series designed to both inform OODA members on the nature of challenges to our nation’s most critical infrastructure and provide recommendations for action that can mitigate these challenges. Our thesis is that America’s most critical infrastructure is our cognitive infrastructure. This is also the most attacked and least defended. In short, our most important critical infrastructure is also our most neglected infrastructure.

Read More
30 Aug 2019

US Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say

In June of this year, US security experts destroyed a database used by Iran’s Islamic Revolutionary Guards Corps (IRGC) to plan attacks against international oil tankers in the Persian Gulf, US officials told The New York Times earlier this week. They claim the cyberattack significantly undermined the IRGC’s efforts to

Read More
29 Aug 2019

State and local governments increasingly targeted by ransomware attacks

So far this year, ransomware has hit over 70 local government entities in the United States, a new Barracuda Networks report shows. The most prevalent ransomware strains used to target local governments are Ryuk, SamSam, LockerGoga, and RobbinHood, while email is the number one threat vector. Fleming Shi of Barracuda

Read More
29 Aug 2019

NATO: Attack Like WannaCry Could Prompt “Collective Defense Commitment”

A massive cyberattack on NATO targets, like the 2017 WannaCry outbreak that infected hundreds of thousands of computers across the globe, could result a collective response under Article 5 of the alliance’s founding treaty, NATO secretary general Jens Stoltenberg wrote in Prospect Magazine earlier this week. Stoltenberg stated that the

Read More
28 Aug 2019

US officials fear ransomware attack against 2020 election

The US Cybersecurity Infrastructure Security Agency (CISA), which is a division of the Homeland Security Department, has launched an initiative to help state election officials improve the security of voter registration databases in order to prevent ransomware attacks in the period leading up to the 2020 presidential election. CISA aims

Read More