My takeaways from last week – Sept 27, 2021

Each Monday I’m publishing a list of quick thoughts and top readings on cybersecurity from the previous week. Here is my take from the week of September 20th:

An excellent article on advanced phishing: Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?

“Hackers are upping their game, using an approach I call “Deep Sea Phishing,” which is the use of a combination of the techniques described below to become more aggressive. To keep pace, cybersecurity innovators have been working diligently to develop tools, techniques and resources to improve defenses. But how can organizations fight against evolving threats that have yet to be launched—or even conceived of?”

On the “ethics” of ransomware gangs: How REvil May Have Ripped Off Its Own Affiliates

There’s no honor amongst thieves, but this is beyond rude: Malware specialists have found evidence of how REvil’s leadership may have screwed their own affiliates out of their cut of ransomware payouts.

Some great tips on how to manage Cyber Risk: 5 Tips for Achieving Better Cybersecurity Risk Management

“When thinking about cybersecurity risk management, think about the last time you were comparing health-insurance policies. Each policy offers a means to protect yourself and your family from financial losses (e.g. from hospital coverage), and many policies include things that are designed to reduce the likelihood of those losses occurring in the first place (e.g fitness benefits, preventative healthcare, etc.).”

Better to learn from other’s failure than from your own: 6 Lessons From Major Data Breaches This Year

Data breaches can have many causes, but most of them boil down to an organization failing to do something or detect something they should have if they had been following security best practices. Even so, these attacks can reveal a lot about the bad guys’ tactics, techniques, and procedures, the state of malware, and developing trends on the threat horizon.