We often hear from folks that they already have cyber security because they have anti-virus or a firewall. They feel like that is enough to protect them from cyber attacks. However, this is a false sense of security. Here’s why.
First, phishing attacks account for most cyber attacks. The result of a successful phishing attempt can range from access to your organization’s data, theft of customer or employee personal information, ransomware and more. These can be detrimental to your organization’s reputation, whether that is a loss in business (or going out of business) or a loss of faith in elected leadership. Anti-virus and firewalls will not protect you from an employee clicking on a bad link.
One of the cyber security tools that can be added to your layered security is endpoint detection/protection and response (EDR) on each endpoint. This technology will continuously monitor these devices to detect such threats as ransomware and malware. Another technology that provides network threat detection is SIEM software. (SIEM is Security Information and Event Management.) SIEM collects log and event data from devices, networks, applications, etc., and analyzes it to determine if there is an attack within the network. Active threats can be detected, stopped, and remediated in real-time with these tools. Continuous monitoring and threat analysis are supplemented via a Security Operations Center (SOC) staffed with threat detection and analysis experts. Events are evaluated by both artificial intelligence and human analysts. The SOC operates 24×7 and will stop attacks and restore your operations quickly.
In addition to technology tools, good cyber security includes security awareness training for all personnel. This is not just a “one and done” effort. Continuous training and phishing simulations help employees understand that the threat is real, they are the front line and they must be part of the security team via good cyber hygiene.
Good cyber security works hand-in-hand with your IT (information technology) team. While the IT team works to install and maintain your operational technology (internet, WiFi, printers, email, software, etc.), the cyber security team works with them to protect those resources. Often we hear IT teams express their relief that a separate cyber security team is onboard because they are not responsible for keeping up with the latest threats, vulnerabilities, etc. Many times organizations falsely assume that their IT team performs cyber security. They may implement anti-virus or firewalls, but they likely are not fully implementing a security suite that will conduct threat hunting and continuous monitoring.
Lastly, a vital role a cyber security team will fulfill is the implementation of updates and patching. This effort will often be very closely aligned with the IT team. The cyber security team keeps current on vulnerabilities and exploits that are discovered and is able to find solutions via patching or configuration changes that will eliminate or mitigate those vulnerabilities before they can be exploited. A county official may be a member of the Multi-State ISAC (MS-ISAC) and receive cyber security advisories but not know how to respond (i.e., implement the technical fix). A good cyber security team has a master list of all the software, hardware, equipment, etc. that an organization uses and will be able to quickly ascertain if the organization has the vulnerability. If so, they will work with the IT team to implement the solution.
CYBER NEWS
Hackers send almost 4,000 fake job offer emails every day: report
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
therecord.media • Share
Hotels in hackers’ sights as technology replaces personal touch
Hotels in hackers’ sights as technology replaces personal touch
Hospitality businesses are the third most targeted for cyber attacks as they gather more customer data
www.ft.com • Share
Red Cross servers ‘were hacked via unpatched ManageEngine flaw’
Red Cross servers ‘were hacked via unpatched ManageEngine flaw’
Humanitarian organization failed to apply fix rolled out a couple of months earlier
portswigger.net • Share
Local Governments Are Attractive Targets for Hackers and Are Ill-Prepared
Local Governments Are Attractive Targets for Hackers and Are Ill-Prepared
Nearly one-third of cities and counties would be unable to tell if they were under attack in cyberspace. Many lack sound IT practices, while rigid policies, politics and bureaucracy can hinder better defense practices.
www.governing.com • Share
TIP OF THE WEEK
Your Friendly Basic Cyber Security Reminder
In every cyber security awareness training program, some basic cyber hygiene reminders must be repeated to keep them fresh in your daily activities. Here are the basics as a reminder:
Multi-Factor Authentication (MFA) is the biggest thing you can do to protect yourself and your organization from unauthorized access. It is also becoming required for many organizations and for obtaining cyber insurance.
Use long passwords (or passphrases) with numbers and symbols. Do Not use the same passwords for more than one account, and be sure to change your password periodically.
Use a password manager
Do Not use public WiFi unless you can access a VPN
Perform regular updates to keep patching current
Use passcodes on your devices and use any other security access tools if available (facial recognition, thumbprint, etc.)
Protect physical access to your devices. Lock up your laptop when you are not using it, or lock your office when you leave.
Change the default password on your router.
When receiving an email, hover over a link to see the URL
DO NOT click links in emails or texts from someone you don’t know
VOCABULARY WORD
Endpoint: An endpoint is any device that connects to the network. These include desktops, laptops, mobile phones, tablets, servers, etc.
CYBER FUNNY