Light Dark
April 28, 2021 By Megan Crouse 3 min read
Security Services
Zero Trust
CISO

The COVID-19 supply chain finds itself under fire in this month’s cybersecurity intelligence news. Learn about how another type of supply chain — the cloud through which we download a lot of our software — can also be a risk. And, how could your business make meaningful changes to your cybersecurity posture? Start on your journey to make the whole organization safer in just a month.

Sometimes, setting up a security team is like preparing for a big game. You need the right training, the right tools and the right people, and having all three makes all three better. So, another question we wanted to address this month is: how do you coordinate all of that at once? Check out our top advice and news from April.

Quick briefs: Top insights from April

3-Minute Read 🕒

How vulnerability management can stop a data breach

Today’s attack surface is always growing, with more applications and personal devices connecting to business networks. See how to turn the attack surface from a football field to a narrow swim lane with vulnerability management. And just like in sports, that means drafting the right people for the team. Experts in both offense and defense can take advantage of organized vulnerability management.

2-Minute Read 🕒

Over half of malware delivered via cloud applications

More than half of malware attacks in 2020 were delivered via cloud applications, a study from Netskope shows. That isn’t a surprise, since cloud adoption is becoming so common, but it can be a good heads-up. These attacks don’t have to be complicated — 58% of the attacks the survey found were just infected Microsoft Office documents. Is your organization managing employees’ access to cloud apps safely? This way, you can shut doors like this in front of attackers.

4-Minute Read 🕒

Clean sweep: A 30-day guide to a new cybersecurity plan

Take a broom to your dusty cybersecurity plan with this quick spring cleaning. Our 30-day plan presents practical steps for business leaders to make decisions about where their organizations stand when it comes to digital safety. Have a specific use case that you’re not sure how to handle? The plan is versatile enough to meet individual needs while staying within a standard schedule. By the end you’ll know how to build your cybersecurity needs in and solve some problems with automated systems.

Worth your while: In-depth coverage to sharpen your skills & tighten security

6-Minute Read 🕒

AI security: How human bias limits artificial intelligence

Human bias sneaks into the way we program artificial intelligence, too. Facial recognition and other image processing are always becoming more sophisticated. We need to be careful not to pass on assumptions to the technology we make. What if information may be harmful to one group and harmless to another? Julie Carpenter of California Polytechnic State University teaches the tech world about how to be sure our AI doesn’t just repeat our mistakes.

5-Minute Read 🕒

An update: The COVID-19 vaccine’s global cold chain continues to be a target

Attackers are using spear-phishing — personalized spam emails that use real contact information to trick executives into giving away personal or business information — to break into the physical COVID-19 vaccine cold chain. Threat actors are getting smarter. They’re neatening up the lure on phishing emails. Common signs of fakes, like misspellings or incorrect logos, aren’t always present anymore. Executives should be careful of emails impersonating legitimate business contacts.

5-Minute Read 🕒

3 reasons cyberattacks are increasing (and how zero trust can help)

With more and more people working at home, the problem of unknown devices is just getting bigger. It’s like how bugs sometimes emerge into the house in the spring. Attacks can come from gaps so small we don’t usually think about them. Our solution is zero trust, with which you can check access every time to keep out unexpected and unwanted intrusions. Take a look at the most common causes of cyberattacks today and how zero trust can close those gaps.

April’s expert insight: Threat actors’ most targeted industries in 2020

Where does your industry fall? See the full list of the most targeted industries and why attackers see them as the best pickings in this article.

Want to keep up with today’s cybersecurity news and best practices? Watch this space for the Security Intelligence newsletter.

 |  |  | 
Megan Crouse
Freelance Writer and Editor

More from Security Services
April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

January 29, 2024

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature