Day one at a new gig may come with a new computer and a coffee mug, but hackers have their eye on a different kind of welcome swag: system access.

In May, the cybersecurity firm Dragos revealed a cunning act of new-hire impersonation: Threat actors compromised an employee’s personal email and then began the company’s onboarding process.

The spear-phishing tactic exemplified an increasing cleverness in account-takeover maneuvers—human-targeting efforts that require orgs to take inventory of their defense technologies and enhance the training of HR professionals. Human resources, along with today’s cybersecurity professionals, are up against attackers who are just as innovative as defenders.

“We have relentless and very creative adversaries,” said Luke Tenery, partner at the global advisory firm StoneTurn.

Read more here.—BH

Achieving compliance isn’t the most straightforward process. Secureframe helps businesses get there easily through a comprehensive automation platform—without all the twists and turns.

Secureframe uses 100+ integrations, built-in security training, vendor and risk management, and more to make compliance uncomplicated. And once you achieve it, they’ll help you keep it by continuously detecting and remediating misconfigurations across your tech stack.

In need of cloud remediation? Secureframe has your back. Secureframe’s Comply AI for remediation makes fixing failing controls simple and speedy so you can secure your cloud environment and get audit ready.

Whether you need SOC 2, ISO 27001, or anything in between, Secureframe’s experts can guide you through every step of the process. So don’t delay—book a demo.

When processes like tool procurement can’t provide the right solution for the job, you’re better off building one yourself. That’s exactly what Comcast did with its new data fabric tool, designed internally over a three-year period before its commercial debut, to help companies with cybersecurity and data center management.

Internal development allowed Comcast to refine the software, called DataBee, and assess its cost-saving and security benefits, Nicole Bucala, VP and general manager of Comcast’s Cybersecurity BU, told IT Brew. That helped the company sidestep tool procurement and build out a single solution on their own.

“You go down one path and you learn a little bit, then you pivot, then you learn a little bit, then you pivot again,” Bucala said.

New beginnings. “Data fabric” refers to the integration architecture that allows users to work within data centers and clouds to manage data and information. Data compartmentalization and management are quickly becoming major issues for institutions that have huge amounts of information to sort through and oversee—data that can be located in servers, the cloud, or a hybrid model.

DataBee works by scrubbing and siloing data at rates that allow big companies and organizations to target and expose cybersecurity threats.

Read more here.—EH

The Cybersecurity and Infrastructure Security Agency (CISA) hasn’t been around for very long—formed in 2018, it’s one of the youngest federal agencies that exists. It’s probably best known for circulating alerts and advisories about hardware and software exploits that have the potential to wreak havoc across the economy.

But CISA isn’t just waiting and watching for threats—it’s also actively developing free security software to counter them. The intent is to identify holes in the nation’s preparedness that aren’t being adequately countered by commercial providers, or for which solutions might not be widely accessible, and help plug them. Enter: the goose.

Specifically, CISA’s Untitled Goose Tool, a utility that helps scan for malicious intrusions in Microsoft cloud environments like Azure, Azure Active Directory, and Microsoft 365. Developed in partnership with Sandia National Laboratories and released in March, it’s available to download for free on GitHub.

Yes, and it’s named after Untitled Goose Game, the surprise hit 2019 video game where players control a cranky goose that struts around town, tormenting unfortunate villagers with avian mischief.

Keep reading here.—TM

Today’s top IT reads.

Stat: 97%. That’s the percentage of 241 surveyed high-level executives who think there will be a shortage of mechanical engineering talent in the future. (Insider)

Quote: “We’ll make clear to students that they should always think critically when taking in information as input, be it from humans or software.”—David J. Malan, a computer science professor at Harvard University, on introducing an AI-based teaching assistant (the Harvard Crimson)

Read: Do you have repositories that are vulnerable to “repojacking”? (Aqua Security)

Game changer: With AI + automation on the rise, nearly half (46%) of organizations plan to increase their automation this year. Want more stats? Appfire’s new report has tons of insights on automation’s impact. Read it.*

^{*This is sponsored advertising content.}