Digital threats can have physical consequences. As we’ve seen this year, the United States government is taking the threat of ransomware seriously. That’s especially the case when it comes to physical infrastructure. If your business ⁠— like many — lives at the intersection of the Internet of Things and the things that make our world work, you need to protect those assets.

Let our news roundup this month tell you how. See what regulations are changing in terms of cybersecurity for critical infrastructure. Plus, cybersecurity careers are a hot commodity today, with skilled workers in demand. What if you don’t have what people think of as a technical background? There still might be room for you in the industry.

Quick Briefs: Top Insights From November

3-Minute Read 🕒

A New Cybersecurity Executive Order Puts the Heat on Critical Infrastructure Suppliers

A presidential executive order and five pieces of legislation passed by the House of Representatives addressed cybersecurity in the latter half of 2021. What exactly the executive order requires is still being hashed out. However, it’s a sign of a sea change. The government is taking cybersecurity, especially for infrastructures like energy and shipping, seriously. See what that means for your business

4-Minute Read 🕒

6 Potential Long-Term Impacts of a Data Breach

Were you part of any of the major consumer data breaches in the last few years? You probably felt a bit short of breath at the prospect of someone stealing your credit card information. While banks are pretty good at covering for people who got caught in a digital crime, it’s an even bigger problem if you’re the one captaining the ship. So, take a look at what organization’s leaders should know about how a data breach can disrupt operations and how to prevent problems.

3-Minute Read 🕒

Maritime Cybersecurity: A Rising Tide Lifts all Boats

Earlier this year, a digital attacker poked around in the systems of the Port of Houston. While they didn’t end up disrupting anything, the vulnerability in the 25-mile port highlights how big maritime operations need to keep a spyglass eye out for cyberattacks. After all, there may not be an IT person on board every ship, even though so much of shipping involves digital systems. See how to integrate good cybersecurity practices into your shipping business.

Worth Your While: In-Depth Coverage To Sharpen Your Skills & Tighten Security

6-Minute Read 🕒

Non-Traditional Cybersecurity Career Paths – One Experience Informs Another

As writers, we sometimes see ourselves as coming from a different world as people who end up in tech careers. But the two skill sets might have more in common than we think. The real-life cybersecurity professionals we interviewed came from all kinds of backgrounds. See how those experiences, from professional poker playing to performing arts, help people in their tech jobs today.

6-Minute Read 🕒

The Future of Cybersecurity: What Will it Look Like in 2031?

Hit the gas on the DeLorean, Marty. We’re taking a quick jaunt into the future to follow today’s cybersecurity trends to where they might be in 2031. Is the cloud really the way of tomorrow? Maybe not, says one of our three cybersecurity experts who weighed in on this Q&A.

7-Minute Read 🕒

From Thanos to Prometheus: When Ransomware Encryption Goes Wrong

The ransomware family called Thanos has been causing trouble. But IBM X-Force Red is on the job, and even — unusually for a ransomware case — ended up actively helping the organization that had been attacked. See what they discovered when they reverse-engineered some samples of the Prometheus malware, built on the base code of the Thanos malware. When Thanos is the problem, you’re going to find superheroes, too.

November’s Expert Insight: Threat Detection and Response With Open XDR

What is XDR? Extended detection and response offers cybersecurity professionals improved visibility and faster detection, investigation and response across multiple security layers. However, most people don’t know how it works — or how it’s built on the backbone of open-source, with security researchers providing their code to anyone. How does XDR work? Read on to find out — and about how to tell whether “open” in this case really means open.

Want to keep up with today’s cybersecurity news and best practices? Watch this space for the Security Intelligence newsletter.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…