{"id":23064,"date":"2022-05-20T15:30:09","date_gmt":"2022-05-20T19:30:09","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=485031"},"modified":"2022-05-25T14:57:58","modified_gmt":"2022-05-25T18:57:58","slug":"cyber-security-today-week-in-review-for-friday-may-20-2022","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-week-in-review-for-friday-may-20-2022\/","title":{"rendered":"Cyber Security Today, Week in Review for Friday May 20, 2022"},"content":{"rendered":"<p>Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday May 20th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p>&nbsp;<br \/>\n<iframe title=\"Libsyn Player\" style=\"border: none\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/23166155\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" height=\"90\" width=\"100%\" scrolling=\"no\" allowfullscreen=\"\" webkitallowfullscreen=\"\" mozallowfullscreen=\"\" oallowfullscreen=\"\" msallowfullscreen=\"\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>In a few minutes I\u2019ll be joined by David Shipley, head of Beauceron Security, to talk about some of the news from the past seven days. Here are some of the headlines:<\/p>\n<p><strong>Cyber intelligence agencies<\/strong> from five countries including the U.S. and Canada<a href=\"https:\/\/www.cisa.gov\/uscert\/sites\/default\/files\/publications\/AA22-137A-Weak_Security_Controls_and_Practices_Routinely_Exploited_for_Initial_Access.pdf\" rel=\"noopener\"> issued another reminder<\/a> that attackers routinely exploit poor security configurations, unpatched software and weak login controls. David and I will discuss their recommendations to IT leaders.<\/p>\n<p><strong>We\u2019ll also look at<\/strong> an <a href=\"https:\/\/www.itworldcanada.com\/article\/canadian-cisos-more-likely-to-push-prevention-than-detection-to-fight-ransomware-survey\/484731\" rel=\"noopener\">international survey of CISOs<\/a> about ransomware and other things that are important to them.<\/p>\n<p><strong>And we\u2019ll analyze<\/strong> the latest proposal by the European Union <a href=\"https:\/\/www.consilium.europa.eu\/en\/press\/press-releases\/2022\/05\/13\/renforcer-la-cybersecurite-et-la-resilience-a-l-echelle-de-l-ue-accord-provisoire-du-conseil-et-du-parlement-europeen\/\" rel=\"noopener\">to update cybersecurity standards<\/a> for critical infrastructure sectors in the 27 EU countries. Can we do that here?<\/p>\n<p><strong>Elsewhere,<\/strong> the Conti ransomware gang continues trying to pressure Costa Rica with its multi-million dollar financial demands. The gang, which struck some government departments last month, now says it\u2019s trying to overthrow the government with help from insiders.<\/p>\n<p><a href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1526680351858475008\" rel=\"noopener\">Microsoft warned database administrators<\/a> that hackers are going after SQL Server installations. They\u2019re using brute force attacks to break passwords for initial compromise which isn\u2019t new. What is new is they are leveraging a server tool called sqlps.exe instead of PowerShell to run malicious commands.<\/p>\n<p><strong>Hiring IT staff<\/strong> over the internet is risky, especially if they are to work in a foreign country and never come into the office. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/north-korean-devs-pose-as-us-freelancers-to-aid-drpk-govt-hackers\/\" rel=\"noopener\">The U.S. government said this week<\/a> that\u2019s more true than ever because North Korea is directing its IT-trained citizens to apply for jobs in countries around the world. The goal, the U.S. alleges, is for them to get privileged access to IT systems for either espionage or to help hacking. Some North Koreans have been seen pretending to be teleworkers from South Korea, China, Japan or Eastern European countires, the U.S. says.<\/p>\n<p><strong>And IT managers<\/strong> whose building doors have smart locks that use Bluetooth Low Energy fobs should be worried. That\u2019s because <a href=\"https:\/\/research.nccgroup.com\/2022\/05\/15\/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks\/\" rel=\"noopener\">researchers at the NCC Group have discovered<\/a> there\u2019s a way to defeat the short-range wireless system and unlock doors. The trick works on some models of Tesla cars and home door locks.<\/p>\n<p><em>(The following transcript has been edited for clarity)<\/em><\/p>\n<p class=\"western\"><strong>Howard:<\/strong> Let\u2019s start the show with the cyber intelligence advisory from the U.S., the U.K., Canada, the Netherlands and New Zealand. It\u2019s a reminder that commonly used tactics are favoured by most threat actors. Things like exploiting unsecured applications open to the internet, poorly configured remote access services like VPNs, employees falling for phishing emails and taking advantage of trusted relationships by impersonating employees or partners through hacked passwords. David, what did you get out of this report?<\/p>\n<p class=\"western\"><strong>David:<\/strong> It\u2019s the laundry list of the continual sins that bring us down. The ones that I think still need the most attention \u2014 and I\u2019m surprised that we\u2019re still struggling with this given the current environment\u2013 start off with failure to implement strong password policies. This is bare-bones basics, and I think part of this may still be tied up into old advice: Uppercase, lowercase special characters \u2014 guidelines from NIST [the U.S. National Institute of Standards and Techology] from years ago, <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-week-in-review-for-friday-may-6-2022\/482916\" rel=\"noopener\">which we talked about back on World Password Day.<\/a> I think it\u2019s really important that people adopt strong, long random passwords and encourage the use of password managers. This [weak passwords] is is a problem we have the technological tools to solve. If IT leaders really want to go the extra mile get something like <a href=\"https:\/\/www.troyhunt.com\/the-773-million-record-collection-1-data-reach\/\" rel=\"noopener\">Troy Hunt\u2019s pawned password database<\/a> and make sure your users aren\u2019t setting passwords that are already in known brute force lists. This should be basic. Maybe this is the summer we can finally cross that threshold. Secondly, I think it\u2019s really important that we get multifactor authentication rolled out where it\u2019s truly needed, properly enforced and properly administered. MFA is not a silver bullet. It can\u2019t guarantee you absolute security from criminals. But it can reduce brute force attacks by 99.9 per cent, which is amazing. That was one of the takeaways. The last one that I found particularly interesting was failure to detect or block phishing emails. What I find interesting about that is in the work that we have done. Make it easy for people to report suspicious emails. Quite a few phishing emails still get by secure email gateways, so your people are your best line of defense. But a lot of organizations, even if they have a \u2018report a fish\u2019 button, aren\u2019t triaging and dealing with these really important signals that a control is failing.<\/p>\n<p class=\"western\"><strong>Howard<\/strong>: One thing I\u2019d like to stick in here about multifactor authentication is you\u2019ve got to have backing from the CEO. Employees have to see that the CEO and all the vice-presidents are enrolled in the multifactor authentication program, because if they\u2019re not, if they think, \u2018Listen we got lots of work to do. We\u2019ve got to log into things fast. Don\u2019t bother us. Leave us out of the multifactor authentication program,\u2019 the rest of your staff are going to say why should I be enthusiastic about it?<\/p>\n<p class=\"western\"><strong>David:<\/strong> Absolutely. And this goes back to security isn\u2019t a project, security isn\u2019t a piece of technology you buy, security is not even a strategy. Security is a culture. It\u2019s a mindset and you have to lead by example. The best thing you can do is have your senior executives do a two-minute video and say, \u2018I use this every day and it\u2019s important to use. Thank you for helping us be safer.\u2019 I think the power of \u2018Thank you\u2019 is so so underappreciated. It can make all the difference in setting the right tone for your organization. The last thing about multifactor authentication \u2014 particularly for large enterprises and critical industries \u2014 that they use the app-based notification. It can quickly be approved for a smartphone. If you remember <a href=\"https:\/\/www.itworldcanada.com\/article\/okta-should-have-moved-faster-to-understand-report-on-cyber-attack-says-cso\/477469\" rel=\"noopener\">back to the Okta breach<\/a> and their third-party supplier getting hit. A one-time passcode that people enter is the best way to MFA. Give users a sufficient login time. Don\u2019t make them re-authenticate every hour.<\/p>\n<p class=\"western\"><strong>Howard:<\/strong> How do you encourage people to choose proper passwords?<\/p>\n<p class=\"western\"><strong>David:<\/strong> I think it\u2019s just absolutely vital for enterprises and small and medium-sized businesses to adopt enterprise password managers. The average American, I heard yesterday at a conference, has 150 passwords. Canadians aren\u2019t that different. There is no way you can remember that many strong, random, unique passwords. So use a password manager. And the best part is many enterprise password manager solutions offer an opportunity to protect employees\u2019 personal accounts as well, keeping them separate from the enterprise. That encourages people to be safe 24 hours a day, 365 days a year.<\/p>\n<p class=\"western\"><strong>Howard<\/strong>: You spoke of the failure to detect and block phishing, which is both a technology and human problem. How do you get to to the heart of that?<\/p>\n<p class=\"western\"><strong>David:<\/strong> The reality is there is not a single product on the market that can block all of phishing emails out there. Phishing emails evolve, they use all kinds of ever-creative tactics. Sometimes they use island hopping, which is using a trusted partner\u2019s email to attack your people. So it\u2019s a constant game of cat and mouse on the technological side. You can reduce the volume of attacks with good email controls. But even in large complex organizations no inline solutionsI\u2019ve seen stop all phishing emails. They still had phishes go through. But what was great for one organization is that their report rate of suspicious emails \u2014 both simulations and, by assumption, real ones, was north of 50 per cent. So there was a better chance that people were going to report suspicions faster than fall victim, which gives you critical intelligence to your incident response and triage teams to deal with. This whole idea of doing phishing testing and just looking at click rates is yesterday. The new metric is how many people are reporting it. And when they report in a test, celebrate it. They\u2019re going to report the real attacks that get through, and that\u2019s going to give you critical minutes to get ahead of a potentially devastating social engineering attack.<\/p>\n<p class=\"western\"><strong>Howard:<\/strong> Looking at a number of the issues raised by these cyber intelligence agencies, they aren\u2019t really hard for IT departments. Implementing tough multifactor authentication for some users, like requiring senior management and IT staff to use security keys, isn\u2019t inexpensive. But it\u2019s not a crippling cost?<\/p>\n<p class=\"western\"><strong>David<\/strong>: No. What is interesting about this report is that it highlights that people, process and culture are what hold us back in security \u2014 not a lack of technological know-how or solutions. And what I mean by the people side is management allocating sufficient resources to deal with cybersecurity. We still have a nasty human tendency to downplay risk \u2014 \u2018It\u2019s not going to happen to me.\u2019 If there\u2019s a CIO or a senior leader listening to this podcast today you have to understand in in cybercrime every single organization is getting hit. Numerous studies consistently show the threat is there. This is not fear-mongering. It\u2019s just a reality and you have to invest. Because if you don\u2019t invest in the front end you will pay $10 plus for every dollar you could have spent in prevention on cleanup from an attack.<\/p>\n<p class=\"western\"><strong>Howard:<\/strong> One of the mitigations that this report mentions is that IT needs to limit the ability of local administrator accounts to log in from a remote session. The purpose of that is if somebody gets a hold of an administrator account they can\u2019t take advantage of access. Mitigations like access control are really important.<\/p>\n<p class=\"western\"><strong>David:<\/strong> Absolutely. But the thing about access control is not the technology, it\u2019s the process. How often are you reviewing your access controls? How often do you check that you didn\u2019t introduce human error? How are you revising access when people change roles? This is the Great Resignation \u2014 there\u2019s a massive amount of employee turnover. This is where the pressures come on identity and access management.<\/p>\n<p class=\"western\"><strong>Howard:<\/strong> Another mitigation that\u2019s mentioned in this report is adopting a zero trust model. Arguably, that\u2019s the most expensive mitigation that these experts recommend.<\/p>\n<p class=\"western\"><strong>David:<\/strong> Yes. Zero trust is easy if you\u2019re just starting a business and you\u2019re using only cloud services all your devices are untrusted to begin with. But if you\u2019re a legacy business that has on-prem servers, data centers, network structures etc., this is both technologically expensive but also really complex from a planning and implementation standpoint \u2026 Please don\u2019t just fall into the latest cybersecurity trend and just dive onto the next shiny thing because we think that that\u2019s going to be the silver bullet that we don\u2019t have to worry about security anymore. Get the basics right first.<\/p>\n<p class=\"western\"><strong>Howard:<\/strong> Next on the list of issues that I want to look at is an international survey of chief information and security officers done for Proofpoint \u2026 I\u2019ll briefly summarize some of the responses in this survey of 1,400 people, 100 in each country. Here are the the the global results: 59 per cent of all of the CISOs said prevention rather than detection is the focus of their organization\u2019s defense against ransomware; 40 per cent said their organization doesn\u2019t have a policy on whether it would pay a ransom if it was successfully hit ransomware; 60 per cent respondents think that their employees understand the role they play in protecting their organization against cyber threats; and 56 per cent of CISOs think that human error is their organization\u2019s biggest cyber vulnerability.<\/p>\n<p class=\"western\"><strong>David:<\/strong> First, I am encouraged that almost 60 per cent of folks said that they wanted to focus on prevention rather than detection and response for ransomware. I think that\u2019s is smart, because it\u2019s is far less expensive to put a fire out with a fire extinguisher before it spreads and burns the entire building down. It\u2019s nice to see this proactive push. We\u2019re seeing ransomware crews get faster and faster, and in under a couple of hours go from initial access to running rampant through an organization.<\/p>\n<p class=\"western\">I am discouraged that only about 40 per cent said the organization doesn\u2019t have a policy on whether they would pay a ransom. What that tells me is that the organization actually isn\u2019t taking the threat seriously, because it\u2019s fine for the business to decide, \u2018Well, this is where we are as a business, these are all of our different risks and we can\u2019t afford to be proactive. So we\u2019re just going to roll the dice and pay the ransomware.\u2019 But if you have that uncomfortable conversation around your board and senior management it gives people an opportunity to question that, to challenge and say, \u2018What if we put in place a plan to eventually not rely on the roll the dice?\u2019<\/p>\n<p class=\"western\">In very few contexts do I ever think it\u2019s it\u2019s ethically and morally okay to pay a ransom, aside from healthcare. I would much rather see organizations have a board policy that says they\u2019re not going to pay. Draw the line in the sand. Let\u2019s take that take the gasoline that organizations have poured in the fire of ransomware away. Then, because they make that decision, they have to have a robust cyber security strategy and resourcing to reduce the risk of ransomware. They\u2019ve aligned their security investments with their approach to risk management. Maybe we need to have regulations, particularly for publicly-traded companies, saying they need to have a board policy on this \u2014 but not necessarily dictate that you can\u2019t pay the ransoms. Maybe that\u2019s a bridge too far right now. But say what your public policy is. It\u2019s an uncomfortable conversation and it may be slightly unrealistic to expect them to be transparent about what their policy is because that could be like a giant sort of \u2018Come hack me\u2019 sign to attackers. But maybe they have to have a confidential submission to a regulator.<\/p>\n<p class=\"western\">Sixty per cent of respondents say that their employees understand the role they play. Here\u2019s what\u2019s interesting: We actually surveyed our employees as part of the work we do within our actual platform, and 90 per cent-plus of employees understand the role they play. What they feel very strongly about is whether organizations are actually providing them with contextual security training related to how their business works, not just the generic vendor phishing video. They want to know why security is important to senior management. They want to know what tools are provided to them and they want to know what to do when they see a threat. If the organization isn\u2019t being specific enough they don\u2019t feel empowered.<\/p>\n<p class=\"western\">And finally, 56 per cent of CISOs think human errors are the organization\u2019s biggest cyber vulnerability. Well, 85 per cent of incidents always can be traced back to people not necessarily making a mistake but the people processing culture. I\u2019ve read a fascinating study healthcare that showed the employees cared about security, they knew how to be secure but because they were so overworked stressed and tired and the organization sent them far too many internal emails they had a startlingly high phishing click rate. In that case it\u2019s not beating more training into the employees\u2019 heads, it\u2019s how are we communicating to our employees through whatever channels so that they\u2019re not overwhelmed.<\/p>\n<p class=\"western\"><strong>Howard:<\/strong> You thought that the fact that 40 per cent of respondents said that their organization and doesn\u2019t have a policy on whether it would pay ransom means that those companies don\u2019t take ransomware seriously. I would disagree I put the following suggestion to you: What it means is they want to keep their options open. They\u2019re just not sure what to do, and in some cases they\u2019re thinking, Maybe we would pay in other cases we won\u2019t pay it depends on the situation.\u2019 So they can\u2019t have a policy.<\/p>\n<p class=\"western\"><strong>David:<\/strong> Not making a decision before a gun gets put to your head is making a decision. So if you\u2019re going to have a policy that says we may pay under the following circumstances, then make a policy. That\u2019s our policy and then on the people, resources and strategy make that a reality. I think waiting till your board is up at three o\u2019clock in the morning and you\u2019re getting minute-by-minute updates and conflicting reports from your IT team about how bad is the situation is the worst possible environment to try and make a decision.<\/p>\n<p class=\"western\"><strong>Howard:<\/strong> Issue Three: The European Union Parliament is recommending its 27 countries adopt an updated cybersecurity directive covering critical infrastructure organizations. The new standard aims to remove differences in cybersecurity requirements and implementations in each of the 27 countries. It would do this by setting minimum rules for a regulatory framework. It would lay out ways for cross-country co-operation for large cyberattacks affecting more than one country and it would give participating EU regulators the ability to impose sanctions. You see a lot of merit in this plan.<\/p>\n<p class=\"western\"><strong>David:<\/strong> I do. Let\u2019s be honest, countries are moving towards mandatory reporting frameworks, risk-based management frameworks and being able to demonstrate that you\u2019re dealing with cyber in a sane and appropriate way. So in the European context you can either have 27 different ones or you can have a standardized, harmonized approach, and that makes a lot of sense to me. What was interesting in the proposal is you\u2019ve got a month to file a report, so this is going to be interesting for large, complex ransomware attacks like we\u2019ve seen in Ireland and Newfoundland. In other places, which typically can take months to actually fully play out, how\u2019s that going to reflect the reality? Two other things are interesting: If you don\u2019t actually clean up your cybersecurity house the fine is. 10 million euros or two per cent of global revenues, whatever\u2019s higher \u2014 which is half of what they\u2019ve set for the fines for privacy violations under the GDPR. Also, senior management can be held personally liable for negligence when it comes to cybersecurity. I like this. It turns up the temperature. And it creates the right incentives where clearly the market hasn\u2019t necessarily done so.<\/p>\n<p class=\"western\"><strong>Howard:<\/strong> Could this be done in Canada or the U.S.? In Canada the federal government doesn\u2019t have to deal with the provinces on on some things. It directly regulates banks, telecom carriers airlines, railways. So could could the federal government here set minimum cyber security standards?<\/p>\n<p class=\"western\"><strong>David:<\/strong> I think so and I think it\u2019s going to be an important evolution of Canadian federalism to start recognizing that the constitution didn\u2019t contemplate the digital world that we live in today. I think it\u2019s time to have that conversation. We can\u2019t have 13 different jurisdictions [the provincies and territiroies] in this country overseeing cybersecurity. We\u2019re already heading down that way in privacy right now which is an absolute dumpster fire. Quebec hs basically adopted a very similar privacy law to GDPR. So if you\u2019re doing business across Canada you\u2019ve got different frameworks for privacy, different conditions etc. The winners of that conflict will be lawyers and privacy experts and security firms. But that\u2019s just a tax on businesses. So we need a clear common national cybersecurity standard. We are too small of an economy and too small of a country to have 13 different response agencies. We need one well-resourced federal government response agency that can help. The Newfoundland healthcare system attack is an example. Healthcare is critical infrastructure and we need a common national standard and resourcing to protect those institutions.<\/p>\n<p class=\"western\"><strong>Howard:<\/strong> But the other way of looking at it is why not put pressure on the provinces to look after things and in their jurisdictions? Businesses, retailers, law firms, municipalities, police departments all of these come under the jurisdiction of provinces \u2014 and provinces like to be independent. Why shouldn\u2019t they have to show the public that they\u2019re responsible for cybersecurity in their realm?<\/p>\n<p class=\"western\"><strong>David:<\/strong> My issue with that is the provinces in Canada are not equal in the resources they have. How could we reasonably expect Prince Edward Island to have the same robust ability to do this kind of work that Ontario could have?<\/p>\n<p class=\"western\">\u2026We have and have-not provinces for cybersecurity now. If you are a victim of a cyber crime and you are fortunate enough to live in Toronto, Calgary, Halifax or a decent size city the quality of police response you get is dramatically different than in other parts of this country. We need to scale cybersecurity at a national level.<\/p>\n<p class=\"western\"><strong>Howard:<\/strong> Last, the finals of the <a href=\"https:\/\/www.itworldcanada.com\/article\/toronto-high-school-team-wins-2022-cybertitan-cybersecurity-competition\/484871\" rel=\"noopener\">annual Canadian cybersecurity competition for middle and high school students called CyberTitan were held this week<\/a>. It\u2019s based on the CyberPatriot program in the U.S. One hundred and thirty teams from across Canada enrolled to participate this year. It\u2019s a great way to encourage teams to think about a career in IT generally and cybersecurity in particular.<\/p>\n<p class=\"western\"><strong>David:<\/strong> I love the CyberTitan Program. We were a sponsor of the regional competition here in Atlantic Canada. It gets teens thinking about careers in IT security. It\u2019s fun, It\u2019s challenging, it\u2019s attracting a lot of groups who don\u2019t traditionally consider cyber security careers, particularly young women, to get experience. And I think this is going to be key to meeting the massive talent shortage, and also the lack of diversity in this field. I\u2019m super proud that a team from Macadam, New Brunswick \u2014 which is a very small town \u2014 made it to the final. I think this is a program we should be celebrating in the same way that we celebrate when high school and middle school teams make it to the nationals in sports.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-week-in-review-for-friday-may-20-2022\/485031\">Cyber Security Today, Week in Review for Friday May 20, 2022<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode features a discussion a report on security problems IT need to address, an international survey of CISOs and the EU coming closer to beefing up security standards<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-week-in-review-for-friday-may-20-2022\/485031\">Cyber Security Today, Week in Review for Friday May 20, 2022<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":20702,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-23064","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/23064","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=23064"}],"version-history":[{"count":4,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/23064\/revisions"}],"predecessor-version":[{"id":23229,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/23064\/revisions\/23229"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20702"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=23064"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=23064"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=23064"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}