If you, or your kids, are fans of Minecraft – you might be wise to not download any new mods of plugins for a while.

Read more in my article on the Tripwire State of Security blog.

Read More

The capabilities will expedite content generation and enhance decision-making processes

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

When most people think about social media and cybersecurity, they typically think about hackers taking over Instagram accounts or Facebook Messenger scammers taking private information. It’s for good reason that this is top-of-mind. The Identity Theft Resource Center’s 2022 Consumer Impact Report revealed that social media account takeovers have grown by 1,000% in one year. 

Putting yourself out there on social media platforms opens up your personal information to cyber threats. However, social media can be used for good, rather than evil, when it comes to cybersecurity. Learn how to educate your social media following on everyday cybersecurity risks.

Create Cybersecurity content relevant to your audience

Not every company or content creator posting on social media is in the cybersecurity niche, not to mention any offshoots or umbrella niches like technology. Of course, if you do fall into a tech niche and have an audience that’s interested specifically in cybersecurity, you can certainly post on social media about the topic.

However, virtually any industry could benefit from creating cybersecurity content. When planning quality content for your social pages, identify your content niche and determine what aspects of cybersecurity would be most beneficial and interesting to your audience. You can also capitalize on current trends on social media or in the news when designing an informational content campaign around cybersecurity.

Let’s look at how cybersecurity topics can be approached from a variety of industry angles.

B2B

If you are a shared workspace company, for example, your followers are likely interested in ways to establish network security in a hybrid workplace. Followers of a hiring software company likely want to see how to hire more securely online. If your business caters to other businesses, you can create educational cybersecurity content to help them stay safe while using your services or otherwise doing things related to your product or services.

Healthcare

While creating content aimed at public services is different than B2B audiences, cybersecurity information is especially relevant. In a time when interest in virtual healthcare services is booming, patients and providers alike need to be aware of HIPAA laws. For instance, a social media post about the security risks and ethical concerns of doctors emailing and texting patients is an important and highly relevant topic.

Education

Like many healthcare practices have incorporated virtual visits, many schools have started providing virtual classes. If your business is in the education sphere at all, your followers would likely benefit from engaging content about keeping student information private in online classrooms.

Lifestyle

If your brand is in a lifestyle category, you may not think this has much to do with cybersecurity. However, think about the ways in which your followers engage with your brand. If you sell products on a website, make a social post about how to create a secure login for your site when purchasing to reduce the risk of data theft. Further, you can inform your consumers how you’re taking steps to securely process payments and handle customer information. This will instill trust in your brand.

If you don’t sell tangible products or services in this way, you can still find something to do with cybersecurity that will benefit your audience. People use online services all the time, and not everyone is up to date with the latest ways to catch phishing scams or create safe passwords. If your followers are interested in a certain fashion brand and you are aware of an email scam under that brand’s name, you can post about it on social media to help spread awareness.

Pick the right platform and format

Regardless of your industry, it’s clear that all audiences can benefit from some level of cybersecurity education. Similar to how your content will differ, each creator will also benefit from posting on varying social platforms. Some of the most popular social media sites for sharing informative posts include:

Twitter: platform for text posts, accompanying images, and links;
Reddit: site for more nuanced, forum-style discussions;
Quora: site with question-and-answer-style discussions;
Instagram: app with primarily image-based with short-form video and live streaming options;
Facebook: platform affiliated with and similar to Instagram but with longer text posts and groups;
LinkedIn: professional networking platform with longer text posts and videos;
YouTube: leader in the long-form video space with the option for Shorts and live streaming;
Twitch: live streaming platform primarily for gamers;
Pinterest: image-based sharing platform;
TikTok: short-form video content platform with live streaming options.

TikTok, in particular, is interested in promoting cybersecurity education, so you may have enhanced luck on the platform. Short-form TikTok videos are brief enough to keep viewers’ attention, but you also have enough options to successfully pack in cybersecurity knowledge. For example, you could make a video using a trending sound about how to spot insider threats, pointing to each tip. The platform shows users the content they will be most interested in, so you are more likely to reach the right audience and spread cybersecurity awareness.

If you already have a social media presence, you likely know which platforms garner you the most engagement currently. Start by testing the performance of cybersecurity education posts on your chosen platforms. Then, analyze the data and adjust accordingly.

Using social media for Cybersecurity awareness

Whatever industry you’re in, your social media following will be able to benefit from cybersecurity education. Data privacy is top-of-mind for most social media users, so cater to their unique needs with your content.

Read More

Google Cloud has launched its Cryptomining Protection Program for Security Command Center (SCC) Premium customers with up to $1 million to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks. SCC Premium customers will have access to the new product for free. SCC Premium works with a pay-as-you-go pricing, and as one-year and multi-year fixed-price subscriptions. 

According to Google Cybersecurity Action Team (GCAT) September 2022 Threat Horizons Report, threat actors frequently targeted weak and default passwords to access Google Cloud accounts. Once inside the compromised cloud accounts, they performed cryptomining 65% of the time.

To read this article in full, please click here

Read More

BastionZero has announced the release of SplitCert to provide password-free authentication access to databases. It uses Mutual TLS (mTLS) and cryptographic multi-party computation (MPC) to provide certificate-based authentication for popular, self-hosted Postgres and MongoDB databases, according to the vendor. Other new BastionZero platform features include passwordless access support for GCP cloud SQL and AWS RDS via a new desktop app, along with password-free support for Microsoft Windows servers with Remote Desktop Protocol (RDP), BastionZero said.

To read this article in full, please click here

Read More

Cybersecurity vendor Guardz has announced the release of a new AI-powered phishing protection solution to help small- and medium-sized businesses (SMBs) and managed service providers (MSPs) prevent phishing attacks. It uses AI to provide small businesses and the MSPs that support them automatic phishing detection and remediation capabilities by combining email security, web browsing protection, perimeter posture, and awareness into one native solution, according to the firm.

The release comes in the wake of the Verizon 2023 Data Breach Investigations Report, which cited phishing as the second most common way threat actors infiltrate organizations, behind stolen credentials. It also found that three-quarters of all data breaches observed in the past year involved some form of human element, with the number of recorded business email compromise (BEC) attacks doubling. Meanwhile, the emergence of sophisticated generative AI chat technology built on large language models (LMMs) has changed the phishing game significantly, with researchers already demonstrating how OpenAI’s ChatGPT can enhance phishing attacks by making them harder to detect and easier to pull off.

To read this article in full, please click here

Read More

IT infrastructure services provider Kyndryl has announced a new cybersecurity incident response and forensics (CSIRF) service as well as a new threat intelligence collaboration with AWS. The CSIRF will help customers proactively prepare for and respond to threats by applying the latest threat intelligence and experience from Kyndryl’s security experts, the firm said. Its partnership with AWS will combine operational IT data across cybersecurity, compliance, and resilience to provide actionable insights and security intelligence driven by industry standards and best practice methods, it added.

CSIRF service offers incident response, threat intelligence, compliance monitoring

Kyndryl’s new CSIRF service helps customers investigate and respond to detected security incidents by leveraging capabilities such as incident triage, incident response, threat intelligence, and compliance monitoring and management, the firm said in a press release. Customers also have the option to select proactive services that may reduce the time to respond to an incident, it added.

To read this article in full, please click here

Read More

Enterprise security company Barracuda has warned its customers against using email security gateway (ESG) appliances impacted by a recently disclosed zero-day exploit and to replace them immediately.

A patch for the vulnerability, which has been exploited since October 2022, had been issued by Barracuda last month to stop the exploit from allowing ESG backdooring.

To read this article in full, please click here

Read More