You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.

NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

• Cyber Bits & Bytes

• Cyber Stats

• Early Warning - Top Five Most Common Cyber Attacks

• Featured Article - 7 Metrics to Measure the Effectiveness of Your Cybersecurity Strategy

• Cyber Quote - Cybersecurity Quote by Chris Pirillo

• Free Cybersecurity Resources - eBooks, tools, apps & services

• Trending Story - Why Reporting an Incident Only Makes the Cybersecurity Community Stronger

• Cybersecurity News Highlights

• Cyber Scam of the Week - Watch Out for Silicon Valley Bank Scams

• Social Posts of the Week

Cyber Bits & Bytes

The new & dangerous way Log4j is being exploited - Read more in this CyberTalk.org article.

Cohesity aims an OpenAI-powered chatbot to secure your data sets As reported in NetworkWorld, Generative AI is coming to both line-of-business data analysis as well as security, as Cohesity deepens its ties to Microsoft.

Windows admins warned to patch critical MSMQ QueueJumper bug by Microsoft as reported by Bleepin Computer. Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month's Patch Tuesday and exposing hundreds of thousands of systems to attacks.

Cyber Stats

Here are some of the top cybersecurity statistics:

• The global cybersecurity market is predicted to reach up to $352.25 billion by 2026, with an annual growth rate of 14.5%

• Every 39 seconds, one cyber attack takes place worldwide

• The average time to identify a breach is 212 days, and the average cost of a malware attack on a company is around $2.4 million

• Young adults 18-24 are the most likely victims of cyber attacks, and they often spend money to recover from the incidents

• AI in the cybersecurity market is growing at a CAGR of 23.6% and will reach a market value of $46.3 billion in 2027 3

Sources: cybertalk.org, getastra.com, forbes.com, boisestate.edu, csoonline.com, and fortninet.com.

Early Warning - Top 5 Most Common Types of Cyber Attacks

Cyber attacks are continuing to grow and are becoming more sophisticated.

1. Malware

2. Denial-of-Service (DoS) Attacks

3. Phishing

4. Spoofing

5. Identity-Based Attacks

Sources: Bing.com, fortinet.com, and crowdstrike.com

Featured Original Article

7 Metrics to Measure the Effectiveness of Your Cybersecurity Strategy

Do you ask yourself is our cybersecurity strategy working? Is it cost-effective? Are we getting real value for what we are paying for? Is our leadership confident in our efforts? In today's chaotic world where the number and sophistication of threats are rising, it is very challenging. It seems every day the news cycle reports on yet another organization victim of a cyber-attack. So, it is important to have confidence and assurance that your cybersecurity strategy is performing.

To ensure that your cybersecurity strategy and measures are effective and up to date, it's essential to monitor and track performance using specific tactical metrics. We will cover seven key metrics that should be measured to ascertain the effectiveness of your organization's cybersecurity strategy.

Analyzing Your Cybersecurity Performance with Key Metrics

Quantitative assessments and key performance indicators (KPIs) play a crucial role in understanding how well your cybersecurity program is performing. These metrics can provide valuable insights into the areas that may require improvement or additional investment, while also highlighting the aspects of your strategy that are working as intended. By focusing on these essential metrics, you can optimize your cybersecurity strategy, allocate resources more effectively, and bolster your organization's overall security posture.

Let's dive deeper into these key metrics and explore how they can help you improve your cybersecurity performance:

1. Number of security incidents detected and resolved

Monitoring the number of confirmed security incidents detected and resolved within a given period allows you to measure how well your security team is identifying, addressing, and mitigating potential threats. A higher number of resolved incidents signifies a proactive and successful security team, while a lower number may indicate underreporting or insufficient detection capabilities.

It's important to note that not all security incidents are created equal, so making an informed judgment call on what incidents to include based on their level of severity is important for getting valid metrics. If you include lower-severity incidents or do not separate them out, it may cloud the measurement a bit. Tracking the types of security incidents, such as data breaches, malware infections, or unauthorized access, can provide deeper insights into where vulnerabilities may exist within your organization. For example, a high number of data breaches may indicate weak access controls or inadequate encryption protocols.

2. Time to detect and respond to security incidents

An important capability of effective cybersecurity is the ability to quickly identify and respond to potential security incidents. Measuring the time, it takes to detect an incident and subsequently respond to it provides valuable insights into the efficiency of your security team and the effectiveness of the tools and procedures you have in place. Note: this is what many managed security vendors use to measure and report to validate their efforts.

Minimizing the time, it takes to detect and respond to security incidents can dramatically reduce the potential impact and damage caused by a breach or attack. It can also help you identify areas or gaps where your incident response plan may need improvement.

3. Number of vulnerabilities identified and remediated

Known gaps or unaddressed vulnerabilities within your organization's systems and applications can leave you exposed to potential cyberattacks. Frequently scanning your IT environment for known vulnerabilities and continually tracking the number of identified risks, as well as your remediation efforts, can help ensure that your organization is properly addressing and patching these security gaps.

In addition to tracking the total number of vulnerabilities, it's important to monitor the severity and age of the identified vulnerabilities, prioritizing the most severe risks to minimize their potential. This can help you allocate resources more effectively and ensure that high-risk vulnerabilities are addressed promptly, lowering the risk to your organization.

Read more of this article here.

Cyber Quote

Free Resources

• eBook: "9 Things Leaders Should Know About Cyber Insurance"

• CSO Online: "The CSO guide to top security conferences"

• CISA Releases ESXiArgs Ransomware Recovery Script

• SANS Security Policy Templates

• Web Security Academy - Free, online web security training

• CISA - Free Cybersecurity Tools and Services

• At Bay - Free Cyber risk Calculator

Trending Story

Other Bytes

Cyber Scam of the Week

Watch Out for Silicon Valley Bank Scams

Recently, the US-based Silicon Valley Bank (SVB) recently shut down due to failure to meet its financial obligations. This collapse has caused public panic, and unfortunately, cybercriminals take advantage of high-profile news stories to catch your attention and manipulate your emotions.

In the coming weeks, we expect to see cybercriminals referencing the collapse of SVB in phishing attacks and disinformation campaigns. Cybercriminals are already taking advantage of this event to try to steal your sensitive information. For example, cybercriminals may send you emails offering money or financial advice in response to the bank failure. These emails may appear to come from trusted financial services, but interacting with these emails can lead to cyber criminals taking your banking information or funds.

Follow the tips below to stay safe from similar scams:

• Always think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively.

• Watch out for sensational or shocking headlines about SVB. These headlines could lead to articles that contain disinformation, or false information designed to intentionally mislead you.

• Be cautious of unexpected payout opportunities. Remember, if something seems too good to be true, it probably is!

This Cyber Scam is provided by our sponsors: Netsync & KnowBe4

Cybersecurity Social

Just a couple of interesting social posts

The Critical Intersection Newsletter