Staying on top of your home or business’ cybersecurity requires vigilance and a proper source of regularly updated cybersecurity resources that keep up with the industry’s news and trends. Thankfully, the internet provides access to a wealth of collaborative websites, databases, and organizations that are all designed to help keep you informed and your system safe from hackers.
What makes a good cybersecurity resource?
A double-edged sword, the internet is home to sources of incredibly useful information as well as a tremendous amount of clickbait, sensationalism, misinformation, and editorializing. The best sources for cybersecurity information are those that are not intended to exclusively critique or opine for a broad audience, but rather to inform and educate those directly involved with online safety.
Official government websites (those that end in “.gov”) provide data in a raw, easily understood context. These websites forgo fancy design and multimedia experiences in favor of data.
News sites can be a bit trickier to vet, and even more challenging to deem appropriate for the kind of security content you are specifically in search of. However, a brief list of trusted cybersecurity-focused news and blog sites is provided to help those interested in IT stay privy to breaking news as well as theory regarding the current and future state of online security.
It is recommended that you bookmark these resources and check them at least once a week to remain informed on the latest in cybersecurity. Some of these sources also allow for newsletter signups, delivering the headlines directly to your inbox for easy perusal.
Databases and official government cybersecurity resources
These resources provide the rawest data available, either in the form of official government communications or exploit and vulnerability explanations delivered by the coders, hackers, and programmers that discovered them.
Cybersecurity & Infrastructure Security Agency (CISA)
“CISA builds the national capacity to defend against cyber-attacks and works with the federal government to provide cybersecurity tools, incident response services, and assessment capabilities to safeguard the federal civilian executive branch networks that support the essential operations of partner departments and agencies.”
CISA is an official U.S. government organization that provides information to help fortify against current cybercrime and protect against upcoming threats. Partnering with those in both government and the private sector, CISA is able to present and leverage its resources to provide a robust, up to date and easy-to-read listing of the latest vulnerability patches, company statements, and mitigation techniques.
Among CISA’s wealth of resources and information, their Current Activity page is worth a regular check. This page is continually updated with recommendations from leading IT providers such as Microsoft and Google, as well as reports and newsletters from the FBI and other organizations on how to best handle current vulnerabilities.
“The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them in a freely-available and easy-to-navigate database.”
The Exploit Database is an easy-to-use resource that is continually refreshed with exploit and bug discovery submissions from users all over the world. Those who want to ensure that their current infrastructure is properly patched, or just want to have a better understanding of some of the exploits that have been used against their systems, can search the database for keywords related to their inquiry and receive immediate results based on experiences that others have logged. Exploit submissions are reviewed for legitimacy before appearing on the site.
The National Institute of Standards and Technology’s National Vulnerability Database
“The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation’s oldest physical science laboratories. Today, NIST measurements support the smallest of technologies to the largest and most complex of human-made creations.”
NIST’s National Vulnerability Database (NVD) is similar to Exploit Database in that it allows users to search for keywords related to any software, hardware or product that they want to investigate for potential vulnerabilities. Unlike Exploit Database, however, NVD is a government resource. Search results are sourced not from public submissions but “populated by NIST or from a source of Acceptance Level Provider.”
Being that there are pros and cons to NIST and Exploit Database’s standards when it comes to their listings, their differing sources and techniques can help you to formulate a more holistic understanding of your cybersecurity by using both resources in your research.
Cybersecurity news and blogs
These sites provide headline news and current events in the field of cybersecurity. They have been chosen due to their prioritization of information over editorialization, and are excellent sources of daily IT trends.
“ZDNet brings together the reach of global and the depth of local, delivering 24/7 news coverage and analysis on the trends, technologies, and opportunities that matter to IT professionals and decision makers.”
Zero Day is ZDNet’s cybersecurity-focused news blog. Here you will find experienced industry writers bringing you the latest in online security and IT news. Conveniently, you can subscribe to receive newsletters from ZDNet about specific topics, “security” is one of them. ZDNet is a well-regarded publication, known for its integrity and reliability when it comes to keeping on the cutting edge of tech news.
“Threatpost is a long-running, independent source of news and analysis about the cybersecurity landscape, covering breaking news and threat research, malware and vulnerability analysis, long-term trends and everything in-between.”
Threatpost is an excellent source for no-nonsense cybersecurity news, often delivered in short, easy-to-digest articles that invite further research for those interested in a deeper dive. Specializing in shedding light on malicious hackers and ransomware, Threatpost makes an interesting read even for those with only a high-level interest in cybersecurity events.
“Infosecurity Magazine has over twelve years of experience providing knowledge and insight into the information security industry. Its multiple award-winning editorial content provides compelling features both online and in print that focus on hot topics and trends, in-depth news analysis, and opinion columns from industry experts.”
Based in Europe, Infosecurity Magazine provides content that can range from a bombshell international security revelation to the final verdict on a small town hacker who had their day in court after compromising their local high school’s network. This wide spectrum of coverage makes for interesting writing, but also allows readers some insight into the peripheral effects of cybersecurity by providing stories pertaining to law enforcement as well as independent hackers that often get lost in the headlines covering major ransomware gangs composed of organized criminals.
While many podcasts tend to favor style, personality, and delivery over substance, there is still information and context to be gained from programs that are firmly planted in the fields of IT and cybersecurity. Consider these recommendations if you are looking to enrich your understanding of cybersecurity by learning about the real-world implications of data security and our increasingly digital lives.
“This is a podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all the things that dwell on the hidden parts of the network.”
Host Jack Rhysider, who previously worked for ten years as a network security engineer for a fortune 500 company, provides true stories about cybersecurity incidents and the hackers that both perpetuate and defend against them. While usually focusing on past events, this podcast is great for IT professionals who want to engage with the history of their profession’s most notorious events and figures.
“Technological and digital news from around the world.”
Digital Planet is the BBC’s official internet security and safety podcast. Delivering headline news while also investigating the effects of our online habits, this program is a must-listen for those interested in the space that exists between our reality and cyberspace.
Deep dives into cybersecurity resources can yield surprising information, but the majority of attacks and hacks are the result of IT departments not following a few basic cybersecurity principles:
- Use tough passwords. Be sure to use strong login credentials and change them regularly. Use a password generator to create hard to guess phrases.
- Delete your cookies. Delete the cookies saved in your web browser regularly to help prevent your online activity from being tracked.
- Update your hardware. Replace outdated gear with refurbished firewalls or network switches from a reputable dealer.
- Browse in secret with a virtual private network (VPN). Using a VPN will enhance your privacy by keeping your network activity hidden from hackers.
- Update your software. From your OS to your favorite apps, make sure that whatever stands between you and your internet usage is patched with the latest security updates.