Welcome to the Cybersec Cafe's weekly series, Tuesday, I Learned (TIL)!

Each week in the TIL series you can expect:

• Did You Know?

  • 3 Tips, Tricks, or Facts to level up your cybersecurity game

• Worth Reading

  • 2 Blog Posts packed with informative content

• Your Thoughts?

  • A Thought-provoking discussion where we dive into important cybersecurity issues or offer our perspective on relevant topics.

Did You Know?

1. Data Breaches in the US Cost Twice as much as the Global Average
   According to IBM’s 2023 Cost of a Data Breach, the average cost of a data breach is $9.44 in the US while the global average is $4.45 million. This is a 15% increase over 3 years and the highest overall in the world.

2. FBI’s Most Wanted
   The Jabberzeus organization are a group of individuals involved in installing malicious software known as GameOver Zeus, and were apart of the FBI’s most wanted list back in the early 2010’s. The malware would capture bank account information of unsuspecting victim, and it is believed the total amount of financial loss from all victim’s totals over $100 million.

3. Unrecoverable Funds
   Advanced cyberattacks are incredibly difficult to detect, and even more difficult to recover from. It’s estimated 68% of funds stolen during cyberattacks are unrecoverable. When you take into account that the average time to detect malicious activity is 170 days, there is quite a lot of damages that can be done.

Worth the Read

1. Substation Pentest
   In an increasing digital world, this article highlights the importance of Operational Technology security. There have been countless reports in the last couple of years stating the United States needs to increase their physical security around substations for our power grid, but just as important is the cybersecurity. This article gives a demo pentest exercise of hacking a substation, and is worth the read.

2. The Latest Cybersecurity Tech
   Struggling to stay up to date with all of the cutting edge technologies and ideologies constantly entering the industry? Here’s a post with some great summaries and resources to refresh your mind.

Your Thoughts?

Split-SIEM Architecture

In the realm of cybersecurity, one concept gaining traction among forward-thinking teams is the Split-SIEM architecture – a departure from the conventional centralized approach. This alternative promises flexibility and customization, allowing organizations to cherry-pick specialized tools or craft bespoke solutions tailored to their unique needs. While the allure of such freedom is undeniable, it's not without its challenges. The Split-SIEM introduces complexities in investigation procedures and data management, demanding a high level of technical expertise and resource allocation. Yet, for teams equipped with the necessary talent and bandwidth, this approach offers unparalleled potential to maximize the value of their security operations.

In my view, the debate between the traditional and split architectures boils down to a fundamental question: what serves your organization best? For those seeking simplicity and convenience, the traditional model may suffice, offering bundled solutions and vendor support. However, for teams craving innovation and autonomy, the split approach beckons, promising unparalleled customization and control over security operations. It's a paradigm shift that requires careful consideration and strategic planning, weighing the benefits against the inherent complexities.

Having navigated this terrain with my own team, I've come to appreciate the importance of taking a holistic view, considering not just immediate needs but long-term objectives. It's a journey that demands creativity, out-of-the-box thinking, and a willingness to embrace change. In the ever-evolving landscape of cybersecurity, there's no one-size-fits-all solution. Instead, success lies in finding the right balance between tradition and innovation, tailored to the unique needs and aspirations of your organization.

If you were building a SOC from the ground up, which approach would you choose?

Leave a comment

Securely Yours,

The Cybersec Cafe

Just a heads up, The Cybersec Cafe's got a pretty cool weekly cadence.

Every week, expect to dive into the hacker’s mindset in our Methodology Walkthroughs or explore Deep Dive articles on various cybersecurity topics.

. . .

Oh, and if you want even more content and updates, hop over to Ryan G. Cox on Twitter/X or my Website. Can't wait to keep sharing and learning together!