Welcome to our first weekly roundup, where we catch up on Horizon3.ai in the news, plus developing topics in cybersecurity across the world, including an award nomination, plus cybersecurity updates for education and M&A.
“Some of the most high-impact technologies emerge not from the mainstay security companies, but businesses many have never heard of – yet,” writes SC Media. The businesses in this category are within their first two years of initial release and serve as “notable contributors within a community shaping future innovation.”
You can also check out the full list of 2022 nominees as well.
Cybersecurity and education
Meanwhile, Horizon3.ai experts weighed in on breaking news recently. When the privately held, Illinois-based Lincoln College closed its doors, it did so not just because of the financial impact of the pandemic but because of a devastating cyberattack they were unable to recover from. “All systems required for recruitment, retention, and fundraising efforts were inoperable,” the college said in its official statement.
Information Security Buzz asked five experts about the closure, and Horizon3.ai’s Brad Hong, Customer Success Lead, offered his thoughts, noting that “…it’s a civic duty for institutes to enforce a strict cyber security process to protect the nation’s next generation of brain trusts.”
Hong noted that the education sector is a tempting target for attackers and often struggle with their cybersecurity stack, and he offers great advice for what these institutions can do next to protect themselves.
Corporate M&A under attack
CPO Magazine wrote about a group specifically targeting corporate mergers and acquisitions (M&A), “embedding itself in networks for anywhere from several weeks to over a year and monitoring emails for insider information.”
Horizon3.ai’s own Zach Hanley, Chief Attack Engineer, weighed in, discussing how these and other actors evolve their tactics, and also how their tactics continue to be successful:
“While their tactics have adapted on the post-compromise side, the most popular initial compromise remains credential compromise – most often from weak passwords,” Hanley told CPO Magazine.” By tightly enforcing a strong password policy which includes blacklisting commonly used base terms, organizations can work to prevent BEC from taking place.”
Other quick hits hitting the airwaves
Bleeping Computer discussed how Costa Rica recently declared a national emergency after Conti ransomware attacks.
Krebs on Security rote about how the DEA is investigating a breach of a law enforcement data portal that taps into 16 different law enforcement agencies.
ThreatPost talked about reducing your organization’s “blast radius” for cyberattacks.