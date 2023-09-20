Transparency and knowledge sharing are essential in the realm of cybersecurity. In order for organizations to enhance their cybersecurity practices, they must examine incidents that have taken place at other companies and learn from them. This approach allows for collective defense and better preparedness.

Charles Carmakal, Chief Technology Officer of Mandiant, highlights the hesitation that often surrounds sharing information about data security events, due to the stigma associated with such incidents. However, he emphasizes that we all benefit from openly sharing insights and lessons learned from the various security attacks we encounter regularly.

In a conversation with Jeff Lunglhofer, Chief Information Security Officer at Coinbase Global Inc., Carmakal discussed the importance of open conversations, robust authentication methods, key protection, and the value of information sharing among organizations.

One prevalent tactic in cyberattacks is social engineering, wherein threat actors deceive employees into revealing access information. In a recent example at Coinbase, an employee was tricked into providing their username and password on a phishing website through persuasive tactics employed the threat actor. This incident demonstrated the scope and complexity of a social engineering attack.

There is also the issue of “push fatigue,” where users may become desensitized to authentication prompts, potentially compromising security. To address this, stronger authentication methods like One-Time Passwords (OTP) and physical security tokens, such as YubiKeys, are recommended to enhance security while maintaining convenience.

Sharing knowledge and experiences is vital in the ongoing fight against cyber threats. By openly discussing incidents and implementing effective cybersecurity measures, organizations can collectively strengthen their defenses and minimize the risk of future attacks.

Sources:

– Interview with Charles Carmakal and Jeff Lunglhofer at the mWISE Conference, theCUBE