Author: blogmirnet

Register now: Improve data security with Microsoft Purview

Event delivery: digital
For your business to succeed in today’s decentralized, data-rich workplace, you need to be able to gain visibility and easy access to your entire data estate while safeguarding against threats. Join us at Microsoft Tech Brief: Improve Data Security with Microsoft Purview, a free event, to understand how to improve your organization’s security posture by discovering, protecting, and preventing the loss of data and managing insider risk across clouds, apps, and endpoints. You’ll learn how to use AI to close visibility gaps and more easily detect insider risks. You’ll also learn how to identify, manage, and reduce data vulnerabilities in a single portal.
You’ll have the opportunity to:  Identify the value of a unified approach to data security in decentralized work environments. Understand how to help SecOps teams discover, protect, and prevent the loss of data. Learn how to accelerate the detection of insider risk and identification and classification of sensitive data with AI and machine learning. Space is limited. Register for free today. Delivery language: English

Closed captioning provided in English Microsoft Teams delivers a rich, interactive experience that works best with the Teams app. We recommend downloading the app if you don’t have it, as not all browsers are supported. When you join this event, your name, email, or phone number may be viewable by other session participants in the attendee list. By joining this event, you’re agreeing to this experience.
Where: Online
When: Wednesday, May 22, 2024, 2:00 – 4:00 PM (GMT-04:00)
 
Microsoft Tech Brief: Improve Data Security with Microsoft Purview
 
Register now >

Cybersecurity Resources for Small to Medium-Sized Manufacturers

Event Date: May 2, 2024

Event Time: 2:00 p.m. to 2:45 p.m. ET

Event Location: Virtual

Event Description:

Join us on May 2, 2024, for a 30-minute fireside chat with the NIST MEP Program Office. During this webinar we will highlight the cybersecurity resources available to the nation’s small and medium-sized manufacturers (SMMs).

SMMs are increasingly relying on data, information, and technologies to run their operations in a competitive and efficient manner. With this increased reliance on technology and connectivity comes an increased cybersecurity threat surface to the business and to the entire supply chain in which they contribute.

Defending an SMM’s assets from cybersecurity threats can be challenging. However, because these organizations often have less complex information technology (IT) and operational technology (OT) infrastructures, many can more readily take basic steps to defend their information and systems. 

The MEP National Network helps manufacturers of all sizes manage their cybersecurity and privacy risks by providing guidance, solutions, and training that is practical, actionable, and cost-effective.  

During this webinar, we’ll have a robust discussion to provide attendees with:

  • An introduction to the MEP National Network
  • An overview of the MEP cybersecurity services and resources
  • Basic steps an SMM can take to manage their cybersecurity risks
  • Information about how to locate an MEP Center in your area

We’ll reserve time at the end of the webinar to address questions.

Speakers: 

  • Dr. Jyoti Malhotra, Division Chief, National Programs, NIST MEP
  • Savann Thorn, IT Specialist (Security), NIST MEP
  • Daniel Eliot, Lead for Small Business Engagement, Applied Cybersecurity Division, NIST

Register Here

Analysis of the BazaCall/BazarCall Phishing Method

The US Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) released this Analyst Note with insight into BazaCall campaigns in the healthcare sector. Even though the analysis is focused on the Healthcare and Public Health (HPH) Sector, all agencies and organizations are encouraged to review the information contained in the Analyst Note.

Operating since as early as 2000, the threat actors behind BazaCall (also known as BazarCall), an advanced social engineering method, have been observed using multiple tactics, techniques, and procedures (TTPs) to breach targeted networks and lure unsuspecting victims into downloading its malicious malware. Many of these threat groups are offshoots of the defunct, notorious Russia-linked Conti gang, known to have aggressively targeted the HPH sector. Over time, these groups have since adopted and independently developed their own targeted phishing tactics that continuously evolve to target victims.
 
This HC3 Analyst Note provides an overview and examination of these groups, their TTPs, target industries and victim countries, impact to the HPH sector, indicators of compromise, and recommended defense and mitigations. This advisory is being provided to assist all agencies and organizations in guarding against the persistent malicious actions of cyber criminals.

Join us to see the latest Windows Server and AI innovations

 
Join us on April 16 to learn about the latest Azure product innovations and see how they’ll help your organization maintain a competitive edge. Find out how migrating Windows Server and SQL Server to a secure, optimized, and agile foundation on Azure prepares your organization for AI and fuels innovation. Register for the Migrate to Innovate digital event now to: Be the first to see what’s included in the upcoming Windows Server 2025 release. Get first access to viewing product demos of new AI innovations, including Microsoft Copilot. Learn about the latest updates on intelligent Azure databases to power your data and AI workloads. Discover strategies for gaining cloud agility, including running VMware workloads across cloud, hybrid, or on-premises environments. Join us for deep dive sessions, real customer scenarios, and live Q&A with Microsoft product and migration experts.
 
Migrate to Innovate: Be AI Ready, Be Secure
Tuesday, April 16, 2024
9:00 AM–11:00 AM Pacific Time (UTC-7)

Register here

Explore the AI assistant that helps you defend at machine speed

  Protect at the speed and scale of AI with Copilot for Security   Fragmented security stacks, too many alerts, and not enough staff are some of the biggest obstacles security teams face today. Tip the scales in your favor with Copilot for Security—a generative AI assistant that makes security professionals 22% faster, according to a recent study.* Get the latest news about Copilot, which is now generally available: Learn how Copilot helps security teams catch what others miss, outpace cyberattackers, and strengthen team expertise.Explore the new licensing model that makes Copilot affordable and accessible to a wider range of organizations.Discover new capabilities to help you secure AI and protect your entire digital estate. * Microsoft Copilot for Security randomized controlled trial (RCT) with experienced security analysts conducted by Microsoft Office of the Chief Economist, January 2024.  
  Read the blog   

Incident Response Recommendations and Considerations for Cybersecurity Risk Management | Comment on SP 800-61 Revision 3 Initial Public Draft

Incident response is a critical part of cybersecurity risk management and should be integrated across organizational operations. The six Functions of the NIST Cybersecurity Framework (CSF) 2.0 all play vital roles in incident response.

NIST is releasing the initial public draft of Special Publication (SP) 800-61r3 (Revision 3), Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile, for public comment. This publication seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities, as described by CSF 2.0. Doing so can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency and effectiveness of their incident detection, response, and recovery activities.

The public comment period is open through May 20, 2024. See the publication details for a copy of the draft and instructions for submitting comments.

Readers are encouraged to utilize online resources on NIST’s new Incident Response project page in conjunction with this document to access additional information on implementing these recommendations and considerations.

Join Microsoft leaders and executives as they discuss the AI transformation

AI is changing the modern workplace at an unprecedented pace. Adopting AI-powered tools across your organization can supercharge productivity and creativity. Secure and responsible generative AI solutions, such as Copilot for Microsoft 365, elevate your AI investment with real gains in efficiency and innovation. This essential AI companion works across your data estate to deliver undeniable value—70% of early adopters said they were more productive, and 68% reported that it improved the quality of their work.1 Join Microsoft leaders and executives as they discuss how AI can advance your journey to a high-powered organization. Explore how you can: Jump-start the AI transformation with data security and compliance Enhance communication and collaboration with AI-powered tools Adopt and measure your AI transformation Register now to learn how secure and responsible AI can transform your organization. 1 “Work Trend Index Special Report: What Can Copilot’s Earliest Users Teach Us About Generative AI at Work?,” Microsoft, November 2023.
 
The AI Advantage: Maximizing Productivity in the Modern Workplace
 
Register now >

Out for Comment | CSF 2.0, NIST SP 800-53 OLIR Crosswalk

NIST has released for comment an ‘OLIR Crosswalk’ between the recently released NIST Cybersecurity Framework 2.0 (CSF) and NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations. This Crosswalk directly shows where the outcomes NIST SP 800-53 control(s) identified meets at least part of the respective CSF Subcategory. Comments are due via email to [email protected] by April 27, 2024, at 11:59 PM EST.

About OLIR

The National Online Informative References (OLIR) Program is a NIST program to facilitate subject matter experts in mapping/crosswalk relationships between elements of documents across cybersecurity, privacy, and other information and communications technology domains. View our catalog, download mappings, and participate (submit mappings).

These same mappings are also available and browse and download on the CPRT site for select NIST guidance documents

Learn More

Cybersecurity Resources for Small to Medium-Sized Manufacturers

Event Date: May 2, 2024

Event Time: 2:00 p.m. to 2:45 p.m. ET

Event Location: Virtual

Event Description:

Join us on May 2, 2024, for a 30-minute fireside chat with the NIST MEP Program Office. During this webinar we will highlight the cybersecurity resources available to the nation’s small and medium-sized manufacturers (SMMs).

SMMs are increasingly relying on data, information, and technologies to run their operations in a competitive and efficient manner. With this increased reliance on technology and connectivity comes an increased cybersecurity threat surface to the business and to the entire supply chain in which they contribute.

Defending an SMM’s assets from cybersecurity threats can be challenging. However, because these organizations often have less complex information technology (IT) and operational technology (OT) infrastructures, many can more readily take basic steps to defend their information and systems. 

The MEP National Network helps manufacturers of all sizes manage their cybersecurity and privacy risks by providing guidance, solutions, and training that is practical, actionable, and cost-effective.  

During this webinar, we’ll have a robust discussion to provide attendees with:

  • An introduction to the MEP National Network
  • An overview of the MEP cybersecurity services and resources
  • Basic steps an SMM can take to manage their cybersecurity risks
  • Information about how to locate an MEP Center in your area

We’ll reserve time at the end of the webinar to address questions.

Speakers: 

  • Dr. Jyoti Malhotra, Division Chief, National Programs, NIST MEP
  • Savann Thorn, IT Specialist (Security), NIST MEP
  • Daniel Eliot, Lead for Small Business Engagement, Applied Cybersecurity Division, NIST

Register Here

FTC Reports $1.1 Billion in Losses from Impersonation Scams in 2023

The Federal Trade Commission (FTC) released a report stating that over $1.1 billion in losses from impersonation scams were reported in 2023. The FTC’s report shows that 330,000 incidents were business impersonation scams, and nearly 160,000 were government impersonation scams, accounting for almost half of the frauds reported to the agency. Reports also show an increase in multi-stage impersonation scams where threat actors pose as more than one organization in a single scam. Threat actors may initially begin the scam by posing as an employee of a trusted organization and then transfer the target to someone claiming to be from a bank or government agency to add legitimacy to their scam.
Phone calls are still the top reported initial stage of impersonation scams but have seen a sharp decline compared to 2020. Emails are a close second, followed by text messages, and both have steadily increased in usage over the past few years. The below list of scams accounted for nearly half of the reported 2023 scams.  
Copycat Account Security Alerts: Threat actors initiate fraudulent messages of suspicious account activity or unauthorized charges, claiming to be from a trusted organization or bank. They try to persuade their target to transfer funds or move money to a Bitcoin ATM, claiming it will help “protect” their funds. Phony Subscription Renewals: Users receive a notice claiming that a subscription or account will auto-renew, often claiming the charge will be for a few hundred dollars. Threat actors sometimes try to convince their target to allow them to connect to their computer, making it appear that they “accidentally” refunded too much money to the target. The threat actors demand that the refund be returned, often through the purchase of gift cards. Fake Giveaways, Discounts, or Money to Claim: Threat actors send a message about a giveaway, discount, or unclaimed money. These messages appear to be sent from organizations, such as internet service providers, retailers, or the Publishers Clearing House. These scams require purchasing gift cards or transferring funds to receive a gift or discount. Bogus Problems with the Law: Threat actors impersonating government agents contact the target, claiming their identity has been used to commit a serious crime. They offer to help fix the problem, often by having their targets purchase gift cards or transfer funds to Bitcoin ATMs (or “safety lockers”) to protect their funds during the supposed investigation. Made-up Package Delivery Problems: Threat actors send messages claiming to be from carrier services, stating they are having problems making the delivery. These messages will include a link to the spoofed website of the carrier’s website, which may prompt for credit card or bank account information for a small redelivery fee. 
On April 1, the FTC announced a new rule regarding the impersonation of government agencies and businesses. This rule gives the agency more robust tools to fight and deter potential scammers. Due to the new rule, the FTC can file federal court cases seeking money back for victimized consumers and pursue civil penalties against those who violate the rules.