Selling fake Ferrari NFTs
Leading supercar maker, Ferrari, had one of its subdomains breached.
The attackers used the subdomain to host fake Ferrari NFTs. They made around US$800 before the fake NFT site was discovered and taken down.
Take Action:
“Our site is ‘static’. The only risk is website defacement.” - this adage does not hold true. Consider this attack vector. Especially if you are a well recognised brand.
Cybersecurity - Supply Chain Risk Management (C-SCRM)
With cybersecurity threats for supply chain increasing in more and more creative ways, NIST released an updated version of the NIST SP 800-161r1. This standard focuses on connecting Enterprise Risk Management (ERM) and SCRM.
Enterprise risks, handled at the board level by a ‘board risk committee’ and having a Chief Risk Officer (CRO), most of the times, finds itself disconnected with cyber risks and are an additional step removed from C-SCRM! This standard is a step in the right direction.
Take Action:
While you cannot make the board read the standard, you can present to them the multi level approach that the standard recommends and setup an organisation structure that can bridge the gap between ERM and SCRM.
Useful? CyberInsights is a weekly post about two new items in cybersecurity which helps the cybersecurity professional think. Subscribe to it here.