Back To Resource Center

Published: January 19, 2024

Security 3-2-1 Week of 1/19/24

By Annie articles

3 Interesting Articles

The FBI is adding more cyber-focused agents to U.S. embassies
Cyber Scoop: The FBI is bolstering its fight against cybercrime by increasing the number of agents stationed at U.S. embassies abroad. With six new cyber assistant legal attachés (ALATs) added, bringing the total to 22, the focus is on enhancing global cooperation in cybercrime investigations. These agents, part of the FBI’s legal attaché program, will be posted in key locations including New Delhi, Rome, and Brasilia, marking a nearly 40% increase in cyber-focused personnel. This expansion reflects a strategic shift towards proactive disruption of cybercriminal networks and infrastructure, rather than just post-incident investigations. Key operations like the Genesis Market disruption, which involved 17 countries and led to significant arrests and actions, underscore the necessity of international collaboration. The FBI’s efforts are increasingly concentrated on combating ransomware and cyber threats to critical infrastructure, relying on strong partnerships with global law enforcement and intelligence agencies.

SEC X Account Hack Draws Senate Outrage
Dark Reading: Two U.S. Senators have criticized the SEC for its inadequate cybersecurity measures following the January 9 compromise of its Twitter account. They described the lack of multifactor authentication (MFA) on the account as “inexcusable” and are urging an investigation into the SEC’s cybersecurity practices, particularly its use of phishing-resistant MFA. The Senators highlighted the risks of such breaches, including potential market manipulation and loss of public trust. Since Twitter’s policy change in March 2020, which limits text-based two-factor authentication to premium subscribers, other organizations have also suffered breaches. The Senators are questioning why the SEC did not adopt alternative MFA methods, such as third-party apps or security keys, after Twitter’s policy change. They emphasized that the SEC’s failure to secure its accounts, especially with phishing-resistant hardware tokens, contradicts its own rigorous standards for enterprise cybersecurity.

Museum World Hit by Cyberattack on Widely Used Software
NY Times ($): Several museums, including the Museum of Fine Arts Boston and the Rubin Museum of Art in New York, experienced disruptions in displaying their collections online due to a cyberattack on Gallery Systems, a provider of digital display and document management for cultural organizations. The attack, detected on December 28, led to encrypted and inoperative systems, affecting tools like eMuseum for online collection searches and TMS for internal data management. Some museums have restored partial functionality, but issues persist. This incident is part of a growing trend of cyberattacks targeting cultural institutions. While the full extent and impact of this cyberattack are still unknown, the incident highlights the significant value of digital information in the art world, as it can contain irreplaceable research and documentation about artifacts.

2 Stats You Should Know

Cybersecurity is a rapidly growing market, and it is projected to surge in value globally from $153.6bn in 2022 to $424.9bn by 2030. (source)

A recent report identified a lack of knowledgeable personnel, inadequate resources, and poor company culture as the top three obstacles to a team’s confidence in addressing compliance risks. (source)

1 More Thing

In the dynamic field of cybersecurity, podcasts offer security leaders a valuable resource to stay informed about industry trends, challenges, and best practices. These podcasts, recommended by industry experts, cover a range of topics from security news to insightful interviews with industry professionals:

  1. Troy Hunt’s Weekly Update: Host Troy Hunt discusses the latest in security breaches, drawing from his experience as the owner of Have I Been Pwned. His insights into threat actor behaviors and broader cybersecurity trends make this a go-to resource.
  2. Risky.Biz: Hosted by Patrick Gray and Adam Boileau, this podcast offers in-depth analysis on cybersecurity trends and technologies, featuring perspectives from various experts. It covers diverse topics, including potential impacts on elections and cybersecurity policy.
  3. Darknet Diaries: Host Jack Rhysider narrates true stories from the darker side of the internet, including hacktivism, cybercrime, and more. This podcast provides a gritty, real-life look at cybersecurity incidents.
  4. CISO Series: Cybersecurity journalist David Spark and veteran CISOs Mike Johnson and Andy Ellis discuss various aspects of cybersecurity leadership in a talk show format, providing insights into the challenges faced by cybersecurity leaders.
  5. Cyber Security Headlines by the CISO Series: This daily podcast offers quick, relevant updates on pressing cybersecurity news, making it ideal for professionals looking to stay informed about the latest developments.
  6. SANS Internet Storm Center: A weekday podcast that provides a brief summary of current network security-related events, offering listeners a concise yet informative take on the latest happenings in cybersecurity.
  7. CISOs in Cars: Host Kunal Agarwal chats with leading figures in cybersecurity, offering insights into becoming a security leader and showcasing CISOs beyond their professional roles.
  8. Redefining CyberSecurity: Host Sean Martin brings together executives and practitioners to discuss the importance of information security investments and the impact of these investments on business and society.
  9. Cloud N Clear: Hosted by Tony Safoian and other cloud technology leaders, this podcast covers a range of topics from cloud security to broader technology landscape discussions.
  10. Beer ISAC OT/ICS Security Podcast Playlist: A curated playlist of OT and ICS cybersecurity-related podcast episodes, providing insights into the impacts on critical infrastructure and cyber-physical systems.
  11. Mik+One: Host Mik Kersten covers a variety of topics from AI and DevOps to broader technology discussions, offering insights into themes crucial for CIOs/CISOs in technology and business.
  12. Cyber Security & Cloud Podcast: Host Francesco Cipollone engages with experts on cloud and application security, exploring in-depth discussions on these key areas.

These podcasts provide a wealth of knowledge and perspectives beneficial for cybersecurity professionals looking to stay ahead in a rapidly evolving industry.

Our large and diverse network of experts is here to help...

Charles M.


Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.

Ellen K.

GRC Expert

Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.

Zachary C.

Founder and CRO

Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.