InfoSecSherpa Newsletter — 04 May 2021
3 min readMay 4, 2021
- Let’s get emotional: The business case for the soft-skilled chief information security officer
(Arabian Business, 04 May 2021)
The emotionally intelligent CISO must ensure each team member is prepared to recognise the hallmarks within data that warrant further investigation, says Paul Baird. - Biden on cyber security after 100 days: A good start, but now comes the hard part
(Synopsys, 03 May 2021)
Cyber security experts weigh in on what we’ve learned about President Biden’s cyber security strategy in his first 100 days in office. - Cybersecurity Ignorance Is Dangerous
(Foreign Policy, 03 May 2021)
A new book gets the policy recommendations right while making technical errors that could undermine trust in its conclusions.
By Tarah Wheeler, an information security researcher and social scientist, and a cybersecurity fellow at the Harvard Kennedy School. - NSA releases cybersecurity advisory on ensuring security of operational technology
(Security Magazine, 04 May 2021)
This guidance provides a pragmatic evaluation methodology to assess how to best improve OT and control system cybersecurity for mission success, to include understanding necessary resources for secure systems. - 80% Indian cos struggle to educate employees on cybersecurity: Survey
(SiFy, 04 May 2021)
The survey identified that in India, the executives assume that their organisation will never get attacked. This was followed by the assumption that even though their organisation may be compromised, there is nothing they can do to stop it. - How cybersecurity skills are changing lives in South Africa
(World Economic Forum, 04 May 2021)
One solution to close the cybersecurity skills gap is emerging in South Africa, where marginalized youth are training at academies in Cape Town and Johannesburg. - Analysts of US company discuss upcoming cyber threats in 2021
(MENAFN, 04 May 2021)
Cybersecurity specialists of the US Fortinet company annually publish forecasts of the future cyber threats. - New Windows ‘Pingback’ malware uses ICMP for covert communication
(Bleeping Computer, 04 May 2021)
Today, researchers have disclosed their findings on a novel Windows malware sample that uses Internet Control Message Protocol (ICMP) for its command-and-control (C2) activities. Dubbed “Pingback,” this malware targets Microsoft Windows 64-bit systems, and uses DLL Hijacking to gain persistence. - The Key to Cybersecurity is an Educated Workforce
(IT Security Expert, 04 May 2021)
Forrester’s latest report re-iterates this, as it states that “Organisations with strong security cultures have employees who are educated, enabled, and enthusiastic about their personal cyber safety and that of their employer.” - Despite many false alarms, Linux malware scares still abound
(IT Wire, 04 May 2021)
Despite numerous false alarms from security firms in the past — which have been enthusiastically spread by technology writers — it still appears that all a security firm or group of researchers has to do to gain some headlines is to write a post mentioning Linux and malware in the same sentence.
