Dukes

The Dukes, also known as APT29 and Cozy Bear, is a prominent threat actor in the cybersecurity landscape. They are known for their sophisticated attacks on organizations, particularly those that have adopted cloud services. Recently, they have shown a significant shift in tactics to adapt to this growing trend. The Dukes' activities pose a serious threat to information security and require robust defenses, including what Curtis Dukes, CIS Executive Vice President and General Manager of Security Best Practices, refers to as "reasonable cybersecurity." Curtis Dukes has been instrumental in advocating for improved cybersecurity measures. He suggests lobbying the National Association of Insurance Commissioners to develop national, standardized policies that would simplify management for organizations and establish minimum requirements for basic policies. However, he acknowledges that the absence of a national statutory minimum standard of information security makes it challenging to enhance cybersecurity on a wholesale basis. Despite these challenges, Dukes views the recent cybersecurity bill in Iowa as a positive step towards improvement. Dukes also emphasizes the importance of implementing recognized security controls, which he believes are crucial in securing enterprises and safeguarding against current and emerging threats. He notes that while upgrading end-of-life software seems like an obvious solution to some cybersecurity issues, it isn't always straightforward for organizations due to various factors such as resource limitations and the specialized functions of certain devices. In light of these complexities, Dukes supports the new accreditation as a significant stride towards enhancing security practices.