Microsoft data breach, CISA FIDO push and cybersecurity worker shortage | Cybersecurity Weekly
Microsoft continues to make negative headlines for the second month in a row, CISA encourages Fast IDentity Online (FIDO) adoption and the growing cybersecurity worker shortage. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Microsoft confirms server misconfiguration led to 65,000+ companies’ data leak
This week marks the second month of bad news for Microsoft, who, after seeing cybercriminals compromise its Exchange Servers last month, saw an unintentional endpoint misconfiguration expose the information of thousands of customers. The Windows creator did not reveal the extent of the data leak, but SOCRadar says it affects more than 65,000 firms in 111 countries, with the exposure amounting to 2.4 terabytes of information. The threat intel company claims the information consists of product orders, invoices, partner ecosystem details and signed customer documents, among other sensitive info.
2. CISA tells orgs to go further than MFA, use FIDO authentication
Multi-factor authentication (MFA) has long been a de facto standard for organizations requiring rigid cybersecurity. But CISA director Jen Easterly called on companies and technology vendors to go one step further and include FIDO authentication in their MFA implementation plans. He further said that traditional MFA would become legacy MFA at some point, and businesses are lucky that a group of organizations formed the FIDO Alliance to make authentication simpler and more secure.
3. FBI warns of possible student loan forgiveness scams
The FBI issued an alert warning students of potential debt forgiveness scams. With the applications to have student loans forgiven now open, the agency says cybercriminals may attempt to contact borrowers and offer a gateway to the program. Students have been asked to be careful of unsolicited emails, shady text messages, phone calls and social media posts. Cybercriminals may ask for personal or financial information along with money to cover “processing fees” while acting as reps of government agencies.
4. The cybersecurity industry is short 3.4 million workers — that’s good news for cyber wages
The global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals. However, there’s still a massive shortage of 3.4 million personnel in the industry, according to the latest ISC2 Cybersecurity Workforce Study. The growing need for cybersecurity talent is expected to be followed by an increase in wages and other benefits. The ISC2 also shows that 27% of cybersecurity professionals join the industry for the potential of strong compensation packages and high salaries.
5. Cloud security incidents reported in more than 4 in 5 companies
More than 81% of companies report experiencing a security incident in the cloud over the last year and 45% experienced at least four incidents, according to new research from Venafi. The need for cloud security isn’t expected to slow down. The report also found that companies looking to host their applications on the cloud is expected to rise from 41% to 57% in the next 18 months.
Phishing simulations & training