WebCE's Weekly Wrap-Up: October 12-18

In the midst of Cybersecurity Awareness Month, each of this week’s top stories highlight the growing importance and evolving landscape of cyberdefense.  

An eye-opening 93% of hackers see AI as a new attack vector—something we’ve already seen in hacks of Gmail accounts, prompting one Cybercrime Agency to recommend two-factor authentication for everyone worldwide. In response, cybersecurity professionals have found their own uses for AI in detecting threats and automating processes in what has become “a constant game of whack-a-mole.” 

While AI offers promise for cybersecurity teams, it should not be seen as a substitute for the Human Firewall, or the collective cybersecurity awareness of employees to defend against cyber threats.

One way to improve this awareness? Spend 3 hours in IKEA. 

Read this week’s top stories to find out more.  

If you have a story you’d like us to include in next week’s Weekly Wrap-Up, contact us! 

This Week’s Top Stories 

1. What Spending 3 Hours in IKEA Taught Me About Cybersecurity Awareness (KnowBe4) 

   
   

   Who knew that between the MALM dressers and POÄNG chairs, I'd find the techniques that can be used to make any security awareness program more engaging. 

   
   

2. 5 Traits of a Human Firewall: The Heart of Cybersecurity (WebCE) 

   
   

   A human firewall is something more personal and even more crucial for cybersecurity—it's the collective behavior of employees, who act as the last line of defense against cyber threats. 

   
   

3. What is the cost of a data breach? (CSO) 

   
   

   “Stolen patents, engineering designs, trade secrets, copyrights, investment plans, and other proprietary and confidential information can lead to loss of competitive advantage, loss of revenue, and lasting and potentially irreparable economic damage to the company.” 

   
   

4. Cybercrime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users (Forbes) 

   
   

   “If you have the option, enable 2-step verification to ensure you have twice the protection for all your accounts.” Two-step verification, often referred to as two-factor authentication, cannot guarantee account security, but it sure makes it a lot harder for hackers and scammers to get into your accounts. 

   
   

5. Microsoft reports rising cyberattacks on critical infrastructure, blurred lines between state and criminal actors, need for deterrents (Industrial Cyber) 

   
   

   According to the fifth annual Microsoft Digital Defense Report, data reveals that its customers encounter over 600 million cybercriminal and nation-state attacks daily, encompassing threats like ransomware, phishing, and identity theft. 

   
   

6. 93% of Hackers Believe Enterprise AI Tools Create a New Attack Vector (Security Magazine) 

   
   

   “This report reinforces what we have stated this past year — AI is game-changing for business and organizations, however, it is also a productivity breakthrough for hackers to attack at scale at near zero cost.” 

   
   

7. Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks (New York Department of Financial Services) 

   
   

   Financial firms need to focus on the rising threat of AI-driven cyberattacks, NY regulator says in industry letter that also includes best practices to mitigate these threats.

   
   

8. AI Models in Cybersecurity: From Misuse to Abuse (Security Week) 

   
   

   In a constant game of whack-a-mole, both defenders and attackers are harnessing AI to tip the balance of power in their respective favor. 

   
   

9. AI in Cybersecurity Automation (Kaspersky) 

   
   

   AI has a place in the detection toolkit, but not as a silver bullet able to solve all detection problems in cybersecurity, or work completely autonomously. 

   
   

10. CISA, FBI Call for Enhanced Security in Software Product Development Process (Tech Monitor) 

    
    

    “It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop. These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” said CISA director, Jen Easterly. 

This Week’s Top Podcast 

Once the Panic Subsides You’ll Appreciate This Phishing Test (CISO Series Podcast) 

How should organizations use phishing tests? At best, they can provide context into employee behaviors. But at worst they can undermine trust in the security team, or even cause a public health scare. No one is arguing against building security awareness, but do phishing tests serve to do that? 

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Jerich Beason, CISO, WM. Joining us is Teresa Tonthat, vp, associate CIO, Texas Children’s Hospital. This episode was recorded live at HOU.SEC.CON.