Top News in Cyber Defence

White Tuque Newsletter | January 2024

CyberSafe Chronicles

Newsletter Content

Tuque's Take on the News

X (formerly Twitter) users fed up with constant stream of malicious crypto ads

Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams.

Like all advertising platforms, X, formerly known as Twitter, claims to show advertisements based on a user’s activity, leading to ads that match users’ interests. These scams include links to Telegram channels promoting pump and dumps, phishing pages, and links to sites hosting crypto drainers, which are malicious scripts that steal all the assets in a connected wallet.

Read More… 

White Tuque’s Take: With the rise of malicious ads on the X platform, users should take caution when browsing on X. It is important not to click links immediately, and its best to verify the information on a separate platform as X becomes more unstable and unreliable.

-Henry

How often and how much time should you spend training your staff? Let us help you develop a strategy that makes sense for your business, supports your goals for the future, and is meaningful to your team! Tell us more about your business: www.whitetuque.com/help.

82% of Companies Struggle to Manage Security Exposure

A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them.

The figure comes from XM Cyber’s 2024 State of Security Posture Report, which offers insights from a survey of 300 Chief Information Security Officers (CISOs) and security decision-makers from major US and UK organizations. The report explores how organizations are approaching cybersecurity challenges, shedding light on trends and issues within the industry. Read More…

White Tuque’s Take: Companies today don’t have the luxury of picking and choosing where to apply preventive security practices. It is important that practices like patching, configuration management, and intrusion prevention are viewed as functions that need to cross technology and organizational silos. Applying risk-based prioritization to fixing security gaps can be a possible solution as no company has infinite resources to address its problems.

-Laura

We have subscription-based services that can help you find and auto-close vulnerabilities, monitor threats with managed detection and response (MDR), and more! Tell us more about your concerns at www.whitetuque.com/help

Toronto Zoo latest public body to be hit by cybersecurity attack

The Toronto Zoo announced Monday it’s been hit by a recent cybersecurity attack and as a result customer response times may be impacted.

In a news release, the zoo said it experienced a ransomware attack that was first detected last Friday. The zoo said animal wellbeing, care and support systems have not been impacted by the attack, and the zoo will continue to be open to guests. Additionally, it said its website wasn’t impacted, ticket purchases can continue online and notes that it doesn’t have any credit card information stored on hand. Read More…

White Tuque’s Take: Zoos are rather unique when you put your ‘black hat’ on and think about the value what Zoos have. What may be even scarier, is that if you consider what IT systems power at zoos, imagine being able to control critical functions like, feeding systems, HVAC, water and power. All of which if not kept online, could result in the deaths of animals, many of which cannot be replaced.  That is the leverage threat actors are looking for in order to get paid.

If you rely on technology or data, bad guys want to use that against you no matter your organizations industry or cause.  If your organization isn’t considering cybersecurity in 2024, maybe it is time to revisit that.

-Rob

Want to know how your industry is affected by cybersecurity and how you can secure your organization? White Tuque can help you navigate the threat landscape and develop a roadmap to mitigate your cyber risk, no matter the size of your business. Learn more at www.whitetuque.com/help.

It's Time to Take a Modern Approach to Password Management

Our world has rapidly moved towards digitalization, enabling individuals to carry out more than 90% of their daily tasks via mobile apps or web pages. From paying bills, booking flights, attending health consultations to possessing a full map of one’s DNA lineage; digital platforms have made life easier than ever before.

However, the average person owns around 35 accounts linked to a traditional string-based password, which serves as the primary, and in some cases, only way to safeguard their personal information. Read More..

White Tuque’s Take: The cyber world continues to evolve rapidly and the first thing attackers try to exploit are user passwords. They prey on the user’s nature to use repetitive and easy-to-remember passwords across applications to gain access at one point and exploit all the systems. The purpose of passwords are hence defeated, so it’s time for authentication processes to evolve. Decentralization, as the article suggests, is one such method along with password managers that can manage passwords without users having to remember long and complex passwords.

-Sree

Don’t think you have time for more training? Our approach is streamlined and refined to be relevant and tangibly useful for promoting best practices. Visit www.whitetuque.com/help to learn more.

Hear from Our Experts

Cyber Insurance – You Can’t Stop There

Many organizations have taken the leap into the cyber insurance market over the last few years. Not only for peace of mind but also because the industries they are in expect it.

But, most organizations are consistently failing to appropriately measure their overall cyber risk and what they must do in order to maintain compliance with the policy terms.

Beyond that, the process for acquiring cyber insurance is far from straightforward. Carriers are now conducting deep-dive assessments into your security posture to help determine the risk they are taking by providing a policy. What carriers find during these assessments can determine the policy terms and conditions, as well as your pricing.

Read More…

White Tuque partners with SafeHouse Initiative

The SafeHouse Initiative was founded to provide education and awareness to business leaders around the concepts of Business Continuity and Cybersecurity. Coming together through an open exchange of ideas with insurance carriers, CIOs, and CTOs who feel the current technologies available are insufficient to prevent costly operational downtime and prevent cyberattacks in all forms.

“It is an honour to collaborate with the very best in cyber and technology resilience on something so important. The SafeHouse Initiative is not only an opportunity to share knowledge we have gained preparing for or dealing with ‘very bad days,’ but an active group who are working together to ensure we do our part to help keep critical infrastructure online while guiding business leaders on their resilience journey.

“On a personal note, as a lifelong crisis and incident manager, there is not much in the way of certifications, professional groups, or conferences for incident managers. Being able to represent White Tuque at this table is special. I’m really looking forward to seeing the good that SafeHouse Initiative will do through their subject matter experts’ interdisciplinary collaborations.”

– Robert D. Stewart,  White Tuque Founder & CEO

 

White Tuque's Corner

Leveraging People, Process, and Technology in Cybersecurity with Laura Payne
Laura Payne, Chief Enablement Officer at White Tuque, recorded a podcast with, Marie Wiese as part of their Trailblazers series. Don’t miss out on this exciting conversation about the value of mentorship in the advancement of women’s careers in security and to hear Laura’s insights on what’s going on in the world of cybersecurity!
Listen Here

Would you like more information on this topic?

White Tuque Newsletter | December 2023

CyberSafe Chronicles Tuque’s Take on the News Feds brace for implementation of SEC cyber disclosure rules The U.S. government is readying to implement contentious new disclosure rules for digital attacks that could both create headaches

Vulnerability Management at QSC Orlando

By Raymond Kyte VCM Team Lead Qualys Security Conference (QSC) is an annual highlight for everyone in the Qualys ecosystem. It’s a yearly chance to connect directly with the decision makers, front-line staff, and customers

White Tuque Newsletter | November 2023

CyberSafe Chronicles Newsletter Content Tuque’s Take on the News CISA working on updated National Cyber Incident Response Plan The Cybersecurity and Infrastructure Security Agency (CISA) is working with industry stakeholders and government agencies on a

Work With Us.