People often pay more attention to the benefits of modern technology than its problems — in part because so far, the consequences have been tolerable, experts said during a Chicago Ideas Week event Thursday.
“That’s changing,” said Joshua Corman, founder of I Am The Cavalry, a grassroots organization focused on computer security and how it impacts public safety. “Through this overdependence on undependable (information technology), we have created conditions where the actions of any outlier or adversary can have way too much of an impact on our lives.”
Netizen Blog and News
The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.
recent posts
- How Living-Off-the-Land Attacks Bypass Traditional Security Controls
- June 2026 Patch Tuesday: Microsoft Addresses 200 Flaws, Including BitLocker and HTTP/2 Zero-Days
- Netizen: Monday Security Brief (6/8/2026)
- Why Traditional Patch Cycles Are Breaking Under AI-Speed Exploitation
- Kali365: The Phishing Kit Built for Microsoft 365 Token Theft
about
-
-
Early on July 4, hackers redirected traffic from Stearns County’s website to a site that claimed to be “testing some tricks.” A similar hack happened two days later in Leon County, Florida.
In the aftermath of both breaches, employees from both county’s information services departments worked tirelessly to analyze the threat and prevent future ones.
Stearns County Information Services Manager Dick Deal-Hansen said his staff confirmed the local breach was only a surface-level target of the website, and no county information was compromised. -
Accenture have become the latest major cybersecurity provider to be left red-faced regarding their own security. While it appears that major damage was averted, Accenture reportedly left a large cache of sensitive information without password protection on their cloud storage.
Cybersecurity has become one of the hot topics for businesses around the world. In the wake of numerous high profile attacks, consulting firms have increasingly been asked for assistance in shoring up their clients’ defences. However, the very advisory firms expected to deliver these solutions have themselves been the subject of high profile breaches in recent months. -
It’s a constant battle between profitable business investments and “unprofitable” security investments to protect the current bottom-line. Despite the headlines, growth-oriented executives tend to prioritize other expenses.
Despite repeated major, high-profile breaches, most cybersecurity teams still struggle to get sufficient funding.
“After this hack, cybersecurity budgets are bound to increase.” We’ve all thought it. But, curiously, it may not always happen.
It’s a constant battle between profitable business investments and “unprofitable” security investments to protect the current bottom-line. Despite the headlines, growth-oriented executives tend to prioritize other expenses. -
Why you need to go beyond compliance.
Businesses will continue to face a ton of cyber threats, some of which will impact organizations severely enough to require security measures that will reach far beyond compliance. A Ponemon Institute study showed that the average compromised record cost approximately $194 per record. Loss of business due to cyber breaches were estimated to be approximately $3 million.
As you can see, it’s important to make sure that the risk of cyber breaches is taken seriously.
Compliance standards will enable your organization to establish a solid baseline to deal with known risks, but this does nothing to address new and changing threats. Also, more sophisticated threats and vulnerabilities aren’t always known or covered in compliance. You need to have a risk-based approach to this, so that your organization will have a more cost-effective and comprehensive management of these risks. -
The growing complexity (Part 1) of today’s networks and the growing sophistication of today’s threats has outpaced the ability of most traditional security devices to keep up. Until now, the approach of far too many IT teams has been to simply throw more money at the problem by adding yet another device into their security wiring closet. Billions have been spent on this approach every year for decades, and we really don’t have much to show for it. If cybersecurity is an arms race, the good guys aren’t winning.
Instead, security professionals can take a handful of simple, basic steps to better protect their networks.
First, it’s worth noting that 90 percent of all organization face attacks on application vulnerabilities that are at least three years old. 60 percent of these attacks target vulnerabilities that are ten years old. And they continue to be successful – so much so that we have seen cybercriminals switch development resources from new ways to break into networks to more sophisticated tools to use once they get inside. Because for many of these attackers, the assumption is that they are going to get in. -
It seems like CSOs are always seeing flashing red lights on their security dashboards these days, warning them of another breach or risk of compromise. There are so many security events happening day in and day out that it’s difficult to decide what’s the top priority. That’s a good metaphor for the state of cybersecurity efforts across the globe – we’re in a constant state of flashing red.
That is, if we even see the attack coming, which we increasingly don’t. Recent breach disclosures, once again, show that not only do defenses get bypassed, but malware is also often able to sit inside a compromised network undetected for months collecting and exfiltrating massive amounts of data. -
Cybersecurity initiatives for government agencies — in fact, other organizations, too — have to be proactive and iterative.
According to the US Office of Management and Budget, federal agencies reported 30,899 cybersecurity incidents to the Department of Homeland Security last year. Threats are evolving across multiple vectors as the number of potential entry points expands exponentially with the proliferation of connected devices and the Internet of Things (IoT). IHS Markit predicts that the number of connected devices will increase from 15.4 billion in 2015 to 30.7 billion by 2020, and 75.4 billion by 2025.
Last fall, the Mirai botnet recruited connected devices such as webcams and DVRs to disrupt websites including Spotify, Twitter, and PayPal. Also last year, white hat security researchers demonstrated how to execute a ransomware attack on smart thermostats, and cyberattacks on the Ukraine electric grid have been carried out over the past two years. -
Finding the cybersecurity leaders of tomorrow means being realistic about job descriptions and providing training and mentoring for non-traditional tech people.
Attrition is up, and cyber attacks are on the rise. With continued burnout and a growing skills gap in an industry where mentorship is a lost art, how can enterprises prepare for resiliency?
Feeding the pipeline to fill the jobs of today and tomorrow means IT leaders must change their hiring biases, broaden their gaze, and offer a workplace that appeals to millennials — because they are the future of cybersecurity. -
Charles Darwin’s theory of evolution, introduced in 1859 in ‘On the Origin of Species,’ focused on natural selection—which evolved into the well-known phrase “survival of the fittest.” Applying that to the cybersecurity industry means that only some businesses can compete in the modern cybersecurity landscape and survive the natural selection, and that might not be such a bad thing.
Cybersecurity companies that can’t adapt to the pressures of new threats may slowly dwindle away. Small cybersecurity companies may not be able to survive in an industry driven by larger competitors, panelists said at a recent Center for Strategic & International Studies event in Washington.
Netizen Blog and News 