Cybersecurity Monthly Newsletter January 2022

In this issue:

• Cybersecurity Shorts

• Software Updates

Happy New Year! We hope 2022 has been good to you so far. In the world of cybersecurity, it is only the first month of the year, but we have already seen data breaches, hacks, and fraud. Read on to learn more about:

• The most dangerous password habit you might be doing
• Cybersecurity trends for 2022
• Software you should update immediately
• And more

Cybersecurity shorts

Is your business ready to navigate cybersecurity threats? Since the start of the Covid-19 pandemic, many technology professionals have encountered the need to support hybrid and remote work environments. Organizations and companies must have the appropriate access to cybersecurity solutions. If not, this will result in vulnerabilities and increased risk. Read more about how your business can navigate cyberthreats here.

Government addresses cybersecurity issues in K-12 schools. The recently signed K-12 Cybersecurity Act gives the Cybersecurity and Infrastructure Security Agency 120 days to study the cyber risks K-12 schools face and gives them the ability to recommend guidelines to help schools improve their cybersecurity posture. Here, you can read more about why this is an important topic and some of the research that has gone into implementing this act.

U.S. still lacks cyber strategies. Federal cybersecurity remains in jeopardy despite decades of efforts. Previous attempts to execute a national strategy have sought to address the responsibilities of the private sector, which controls the vast majority of critical infrastructure. But why do attempts keep falling short? You can read more here.

Reuse your passwords? Hackers are on to you. Recently, more than 1 million online accounts across 17 well-known companies have fallen victim to hacking attempts. These hackers reused previously stolen passwords swirling around the internet. This ploy is known as a “credential stuffing attack” which involves a cybercriminal repeatedly trying to access someone’s account by utilizing usernames and passwords that previously have been made public.

Don’t expect a cybersecurity slowdown in 2022. Even though 2021 was a year unlike any other–with more than $20 billion invested in the cybersecurity sector–industry experts are predicting 2022 may build off that momentum. Last year’s investment was driven to new extremes by sectors including the cloud, API security, health care IT and insurance, and it is predicted that 2022 will see increased cybersecurity in sectors such as crypto and compliance and auditing.

Password manager LastPass has data breach scare. After investigating the incident, LastPass announced that there is no evidence of a data breach following users’ reports stating they were notified of unauthorized login attempts. The senior director of LogMeIn Global PR, Nikolett Bacso-Albaum, recently stated that the alerts users received were related to a “fairly common bot-related activity” that involved malicious attempts to log in to LastPass accounts that had previously been made public in past breaches. 

FTC warns of potential penalties for Log4j vulnerabilities. The Federal Trading Commission (FTC) put out a statement warning companies there could be legal repercussions if they fail to remedy a recent software vulnerability in the open-source tool Log4j software used throughout the tech industry and found in products built by companies like Amazon, Google, and Microsoft. The FTC also states that it plans to apply its legal authority to protect consumers in cases of “similar known vulnerabilities in the future.” Additionally, the FTC pointed companies to guidance from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which has issued a series of alerts and advisories on how to patch these issues. You can read more about the FTC’s statement here.

Bipartisan group of Senators requests cybersecurity updates on infrastructure. A group of senators has written the Department of Homeland Security (DHS) and the Department of Transportation (DOT) seeking information about specific measures regarding planned cyber defense of U.S. critical infrastructure. The senators believe that many state and local transit systems are not equipped to implement more than basic cybersecurity protections; they are requesting information about how the DHS and DOT are meeting certain responsibilities.

Software Updates

Microsoft: Over 120 security vulnerabilities are addressed in this month’s Microsoft update. Nine of these security flaws are considered critical and some are already being exploited by hackers. Your device should prompt you to update automatically but you can read more here.

SERVICES WE OFFER RELATED TO THIS TOPIC

The information contained in this post is for general use and educational purposes only.  However, we do offer specific services to our clients to help them implement the strategies mentioned above.  For specific information and to determine if these services may be a good fit for you, please select any of the services listed below.