CYRIN Newsletter

Follow the latest news from the CYRIN Cybersecurity Training Team!

An ongoing series to help secure you and your organization. Check back regularly for updates.

The Role of Software Bills of Materials (SBOMs) in Cybersecurity Posted: March 24 2024

If you’ve worked in engineering or manufacturing, you’re already familiar with a bill of materials, or BOM: “a list of all the parts needed to manufacture a specific product – from raw materials to subcomponents and everything in between, along with quantities of each one needed to correctly finish that product.” What role does a Software Bill of Materials (SBOM) play? [read more]

Cybersecurity, Volt Typhoon, and the Grid Posted: Febuary 19 2024

The grid is where it all begins. As the foundational piece of the nation’s infrastructure, a cyber-attack on the grid can put all critical infrastructure at risk. A major attack on the grid could be transformational and catastrophic, impacting water, sewer, power, communications, and financial systems, eventually impacting food, transportation, and healthcare. [read more]

The Shortage of Cybersecurity Workers—Is AI the Answer? Posted: January 17 2024

It seems like 2024 is starting off like 2023 with AI one of the hottest topics of 2023, and still a hot topic in 2024. According to Wikipedia, the most viewed article in 2023 was about ChatGPT, more popular even than the Barbie movie or Taylor Swift... [read more]

2024: It’s a New Year in Cybersecurity Posted: December 13 2023

As we wrap up another year, we look ahead now to 2024 and what experts say will be the most crucial areas of potential risk in the rapidly changing world of cybersecurity, where cyber threats continue to become more and more sophisticated. [read more]

The Cybersecurity Reporting Maze — Who’s Running the Show? Posted: November 17 2023

It seems like a good idea to share information with other people in your sector and even government agencies so that they can spread the alarm about cyber breaches at your company, school, or organization. A great example of that was a recent breach at digital identity management services provider Okta which reported that some of its customers were targeted and it probably happened because an employee logged into a personal Google account on a company laptop. [read more]

A New ISAC For the Food Industry Tightens Up the Supply Chain Posted: October 13 2023

In May of this year something unusual happened: the food and agriculture industry formed an ISAC, called the Food and Ag-ISAC or Food and Agriculture Information Sharing and Analysis Center. Cyber experts have repeatedly cited the sector’s lack of its own ISAC as a dangerous security gap in the industry’s ability to get a full picture of the tremendous risks it faces. [read more]

Cybersecurity and Healthcare: One Sector That’s Ailing Posted: September 12 2023

Healthcare records contain some of the most valuable and valued personal information we have. But are those records safe, and if they’re not what does it mean? What are the disastrous potential consequences if rogue agents were to hack or get hold of these records and documents that contain some of the most intimate details of our lives? [read more]

What Can MSSPs Do For You? History, Opportunities, and Risks Posted: August 17 2023

Security. How do you manage it in today’s complex environment? Managed Security Service Providers (MSSPs) say they have the resources and expertise to help companies and agencies operate more securely by providing integrated and constant monitoring of security devices and systems. [read more]

What’s the Problem with Open-Source Software and Cybersecurity? Posted: July 18 2023

The internet runs on open-source software (OSS). It’s probably fair to say that open source is everywhere. The Linux kernel, one of the building blocks of open source, is literally embedded in everything from most super computers, cloud computing, billions of phones, and most operating systems. [read more]

As We Hit the Summer Season, Some Suggested Cyber Reading Posted: June 15 2023

This summer we’ve rounded up some interesting cybersecurity stories that in some cases are creating news headlines and making waves in the industry. We thought some of these should make your summer reading list. [read more]

How Did the Last 28 Months Impact the RSA Security Show in April in San Francisco? Posted: May 22 2023

Something happened last month that hasn’t fully happened in 28 months, as some 40,000 cybersecurity individuals convened in person at the RSA conference in San Francisco. A lot has happened in those nearly three years. [read more]

Cybersecurity and the Military: How to Find and Keep the Right People Posted: April 24 2023

There is a lot in the news today about privacy, cyber, AI, and ChatGPT. Everyone is concerned about our networks, our technical advantage or disadvantage; who is watching us and who is protecting us? [read more]

ChatGPT and Cybersecurity Posted: March 22 2023

We know from recent news reports and publicity surrounding it that ChatGPT is having a major impact on the tech scene, with wider implications for many industries and people in ways that are yet to be imagined. [read more]

Houston, Do We Have a Problem? Cybersecurity and the New Space Race Posted: February 21 2023

Satellites and terrestrial networks are nearly fully integrated, from telecommunications to GPS to reliable internet access in remote communities around the world. In 2023, the space age is deeply connected to everything we do on land. How will this impact cybersecurity? [read more]

Advanced Persistent Threats: The Back Door Threat to Cybersecurity Posted: January 18 2023

Advanced Persistent Threats (APTs) pose a unique challenge with motives, techniques, and tactics that differ from traditional cyberattacks. APTs evade existing security measures and fly under the radar. [read more]

What’s in Store for 2023: Cybersecurity Trends Posted: December 14 2022

As we turn the page on 2022, cybersecurity threats are continuing to create problems for businesses, institutions, and individuals. What might be the top cybersecurity issues for 2023? [read more]

As the Year Comes to an End, Check Out Some Fascinating Reading for Cybersecurity Posted: November 14 2022

As we approach the end of the year, we’ve collected a brief look at some of the more interesting cybersecurity and scientific stories of 2022. [read more]

Is the Electrical Grid Safe? And Who is Watching the Store? Posted: October 24 2022

How vulnerable is the country’s electrical grid? What happens when it is even temporarily compromised — and what safeguards might be put in place to prevent a collapse? [read more]

Artificial Intelligence (AI) and its Impact on the Future of Cybersecurity Posted: September 20 2022

It seemed simple enough: in 2014 the California Public Utilities Commission (CPUC) directed the State’s three largest utilities to come up with a program to address the threat of wildfires. [read more]

The World has a Shortage of Cybersecurity Workers, Part Two Posted: August 22 2022

In part two of our series, we’ll see what some organizations are doing to fill the gap. [read more]

The World has a Shortage of Cybersecurity Workers Posted: July 28 2022

Part one of a two-part series on the shortage of cybersecurity professionals. We’ve heard and read the resports for years — we do not have enough cybersecurity workers — either in the U.S. or internationally. [read more]

Quantum Computing: The Next Big Threat to Cyber Security? Posted: June 22 2022

Quantum computing sounds like the stuff of science fiction. Isn’t it too far in the future to worry about? Why are top cyber security officials so alarmed about quantum computing as the next big cyber threat? [read more]

The Colonial Pipeline Attack — One Year Ago: Was It America’s Sputnik Moment? Posted: May 23 2022

It seems that May is the month of anniversaries for cybersecurity. Last year it was Colonial Pipeline. Five years ago, it was the North Korea-backed WannaCry cyberattack. Many have speculated that recent events have created a “tipping point.” [read more]

The Metaverse and Cybersecurity — Two Worlds Collide Posted: April 27 2022

The metaverse represents the idea of an immersive, next generational virtual 3D world. It promises to connect all sorts of digital environments in a digitized mimicry of the actual world we live in. How is the metaverse set to change cybersecurity in the years ahead? [read more]

Cybersecurity Never Sleeps — Four Sectors in Change Posted: March 24 2022

In these dynamic, ever-changing, anxiety-producing times things have amped up in Cybersecurity, and it’s true now, more than ever, that Cybersecurity never sleeps. Russia’s invasion of Ukraine – and the likelihood of cyberattacks abroad – has only increased attention on the urgent need for cybersecurity. [read more]

Protecting Infrastructure: The Vulnerability of the Nation's Grid and Water Supply Posted: February 23 2022

“It’s rare that four government agencies issue a joint advisory on a potential threat to the basic health and welfare of the entire U.S. population,” Mark Montgomery and Samatha F. Ravich write in the Washington Post. “But that’s what happened in October... [read more]

Log4j – Will it haunt cybersecurity for years? Posted: January 24 2022

Log4j – it’s considered one of the most significant vulnerabilities that will haunt cybersecurity professionals for years. On December 9, 2021, the Apache Software Foundation “disclosed a massive vulnerability in Log4j,” its Java logging library. This disclosure “triggered a cat-and-mouse game as IT professionals raced to secure their systems against cybercriminals looking to exploit a huge, now-known issue.” [read more]

What's ahead in 2022? Posted: December 9 2021

If 2021 has taught us anything, it’s to expect the unexpected. Just when you think something is a sure bet, you get a course correction and it just doesn’t happen the way you anticipated. But that doesn’t seem to stop anyone (including us!) from making predictions about what 2022 has in store for the world of cybersecurity... [read more]

What does the recently passed infrastructure bill mean for Cyber? Posted: November 22 2021

The infrastructure bill signed by President Biden contains about $2 billion set aside for cybersecurity investments. Half of that funding, Cybersecurity Dive reports, “is for the State, Local, Tribal and Territorial (SLTT) Cyber Grant Program within the Cybersecurity and Infrastructure Security Agency (CISA) over four years.” [read more]

The great jobs migration affects cyber security at all levels Posted: October 27 2021

Finding workers, protecting workers, keeping workers, and training workers. Whether it’s the government, the private sector, or colleges and universities, the great jobs and training migration is moving on all levels. Some people called it the great resignation when some 4 million people quit their jobs in August in the US alone. [read more]

Ransomware – It may be time for a new approach Posted: September 29 2021

Ransomware attacks have thrived during the pandemic, the numbers rising 62% globally last year to 305 million attacks. The world-wide cost to business in 2020 was $20 billion, up from $11.5 billion a year earlier. [read more]

The world of work is changing – how do we keep up with our colleagues and all the information that is shaping our future? Posted: August 18 2021

How do you build community when in-person events are transformed into virtual or hybrid events? How do you generate camaraderie among employees when so many of us are still working from home? How do you stay current about cybersecurity when so many conferences have moved online? [read more]

Ten Years ago someone stole the keys to the Cyber Security Vault. Since then, things have never been the same. Posted: July 28 2021

Ten years ago, the computer systems of the corporate security giant RSA were hacked. The intruders’ final target? [read more]

Where Have All the Cyber Workers Gone? Posted: June 25 2021

According to CNN, in the weeks just before the Colonial Pipeline ransomware attack, the company had posted a job listing for a cybersecurity manager... [read more]

The Colonial Pipeline Attack — America’s Sputnik Moment? Posted: May 25 2021

It could be the tipping point. Some are calling it America’s “Sputnik” moment. The Colonial pipeline attack. It brings back images from the 1970s of the oil embargo, rationing, and long lines at the gas pumps. Should the attack on the Colonial pipeline be considered an act of war? Is this the final act in a long string of events that will change how we think about cybersecurity? [read more]

The Big Bid for Infrastructure, Clean Energy, and what it might mean for Cyber Security Posted: April 22 2021

President Biden unveiled a $2 trillion-dollar jobs and infrastructure plan at the end of March that includes at least $100 billion for a variety of infrastructure priorities, including modernizing the electric power grid. The grid has become increasingly vulnerable to a growing number of cyberattacks, so security experts are looking closely at Biden’s proposal to see what kind of funding it contains to address cybersecurity... [read more]

One Year into the Pandemic: How will it change Cyber Security? Posted: March 24 2021

One year ago. The pandemic hit. And if you think about it, in many ways the world has been upside down ever since. So what have we learned during this time and how does it affect us moving forward - in cyber and other critical areas? Have we "jumped into the future," doing many things now that we thought were coming in 5–10 years? [read more]

Is Your Water Safe — from Cyber Attacks? Posted: February 24 2021

So far, 2021 has seen some serious cyberattacks – with significant consequences. First there was the massive SolarWinds attack. Soon after, the Florida Municipal Water supply was attacked, with hackers tampering with the internal controls and attempting to poison the water supply in the city of Oldsmar with massive amounts of lye. “It was a wake-up call...” [read more]

Supply Chain or Man-in-the-Middle: Are You Safe? Posted: January 26 2021

At the end of 2020, Russia pulled off what Wired called “the biggest espionage hack on record.” At its most basic level, it was a supply chain compromise that led to what many in the industry call a “man-in-the-middle” attack. Except that SolarWinds was inadvertently the man in the middle. [read more]

Five, and Maybe More, Cyber Security Trends for 2021 Posted: December 15 2020

It feels strange to predict anything that might happen in 2021 given how little anyone could have predicted what happened in 2020. A pandemic? Remote work? Remote school? What other dystopic possibilities should we be ready for? [read more]

Cyber Tools: Practice Makes Protected Posted: November 19 2020

In Malcolm Gladwell’s bestseller Outliers, he wrote about the “ten-thousand-hour rule.” No one succeeds at a high level without innate talent, he wrote. But no one succeeds without practice, either: “achievement is talent plus preparation...” [read more]

Cyber Piracy on the High Seas Posted: October 22 2020

What if pirates didn’t have to board ships they wanted to rob? What if they could do all of their piracy from their laptops? [read more]

What It Takes to Become a Cyber Security Professional Posted: September 23 2020

Picture your dream job. Maybe the salaries are competitive. Maybe there’s a shortage of well-trained professionals in the industry, so your skills will be sought after and you will have your pick of positions. Maybe the work is innovative and different every day. Maybe you get to be part of a team. And maybe you get to help make the world a better place... [read more]

CAE-CD: Creating the Next Generation of Cyber Defenders Posted: August 25 2020

How do you generate a pipeline of talented people with the best possible cybersecurity training, who are prepared and ready to robustly defend government, commercial institutions, and corporate America? You create the Center for Academic Excellence in Cyber Defense (CAE-CD) program... [read more]

Disrupted by a Virus, Cyber Security Shows Go Virtual Posted: July 29 2020

“Shockingly enough, I’ve never been to Defcon,” says longtime security researcher Ben Adida in a Wired article about the cancellation of the well-known event. “It’s never been a convenient time for me to travel. This might be the first year I attend. Remotely!” The pandemic has rendered things virtual that would have seemed impossible before... [read more]

Pandemics, Phishing, Remote Workers, and VPNs Posted: June 29 2020

Employees working from home and depending on third-party tools for day-to-day operations have rendered businesses and their networks more vulnerable to attacks. Cybercriminals are always adjusting their methodologies; they’re experts at exploiting any possible opening. And the current pandemic has only increased our exposure to cyberattacks... [read more]

Crisis, Cybersecurity, and Education Posted: May 27 2020

The pandemic is changing everything, and if you are involved with cybersecurity and education, this crisis will affect you directly in subtle and not so subtle ways. We took a look at two industries heavily impacted by current events: higher education and utilities. These two arenas highlight how technology is affected by changes wrought by the current crisis—and also how technology and cyber security are helping these two distinctly different communities navigate these challenging times... [read more]

Why Training Matters, or Why Cyber Training for Utilities is an Asset, not an Expense Posted: April 28 2020

There’s nothing like a pandemic to remind us of the importance of preparation—and the high costs that come with not being prepared. Human beings, corporations, the Utility Industry—we’re all vulnerable to anticipated attacks, but we’re also at risk due to attacks we cannot anticipate... [read more]

Leave the Lights On: Four Cyber Threats that should keep Utility Operators and Cyber Defenders up at Night Posted: March 18 2020

The modernization of Industrial Control Systems (ICS) in the electric power industry will render the industry vulnerable to increased cyber security risks. The network of power plants and power lines that connect homes and businesses is among the world’s most critical infrastructures—and developments in technology have increased the utility’s “attack surface.” The once clear dividing lines between the grid’s physical systems and its technological systems have been blurred... [read more]

The Ever-Growing Cybersecurity Talent Gap—and How to Bridge It Posted: February 11 2020

Cyberattacks are growing in frequency and intensity. Every day there’s a new hack or breach reported in the news. We’re more connected than ever—and our devices are connected, too: refrigerators, cars, televisions, phones, doorbells, you name it. Plus, we continue to store increasing amounts of vulnerable and private information online, documents like medical records. In many ways, the electric grid is America’s first line of defense... [read more]

Learn More About How CYRIN Online Training Can Benefit You