A lot of security is invisible in black boxes. This is how a lot of my clients perceive. Frankly, they are not entirely wrong here.
When my security team goes into evaluating and fixing an organization’s network before they fall for a ransomware attack or data breach, I always see at least a few serious problems related to service accounts—vendors that needed access at one point in time, who have carte blanche access to your network OR vendors that have requested that your network is configured in a certain way (the specifics of which make you and your data more vulnerable to attacks).
This year when I attended the Black Hat Conference in Las Vegas—an event that all of the major security companies and cybersecurity experts make an effort to attend—some startling statistics were ringing throughout the halls, catching security-minded experts’ ears.
continue reading
I know I’ve brought this up several times at this point, but those of you with lingering Windows 7 machines within your network are growing targets of cybercrime.
After news broke a couple of weeks ago about devastating attacks coming out from an attack specifically targeting vulnerabilities within the Windows 7 operating system, I want you to rethink your strategic approach to replacing your Windows 7 machines—especially those of you that are setting and forgetting the issue for a later date.
What this new attack is doing is targeting an exploit that Windows has already released a patch for.
The issue?
Many organizations are FAILING to patch Windows 7 machines, thinking they are no longer worth the effort. This is putting your entire network at jeopardy of a serious data breach—or even worse—a major ransomware attack. This vulnerability, named BlueKeep is enabling cyber criminals to easily deliver malicious code onto those Windows 7 machines and subsequently spreading viruses throughout your network.
continue reading
When I was little my mom would force me to wash my hands before dinner after coming in from playing with the chickens in the coop (yes, I grew up on a farm way up in Northern Michigan and was very prone to getting dirty).
I’d run to the sink, splash a little water on my dirty fingers and then head on into the kitchen for whatever mom was whipping up.
I put little effort in really getting clean, kind of negating the true reasons why Mom really wanted my hands washed before I joined my parents at the table for dinner.
As I grew up, I saw why hand washing was important, but really didn’t know how much washing was enough. Not until I was told specifically that 20 seconds of hand washing was the magic number (I believe this is equivalent to 2 rounds of “Happy Birthday To You”) that I started forming a habit of 20-second hand washing before eating.
Why in the heck am I bringing up hand washing today?
continue reading
I’m sure you’re thinking “I’ve already been spending hard earned money on equipment that is keeping me safe, why would I do anything else?”
The reality of cyber crime in 2019 is far different from when it was first emerging 10 or even 20 years ago. Way back in the early 2000’s, the extent of a crime might be simply someone interested in testing the boundaries of what they could do or where they could access online.
Maybe someone was looking to maliciously use data, such as credit card numbers or other personal information to impersonate your identity, but channels to accessing this data were less talked about back then compared to today.
While technology such as firewalls and spam filtering have made theft and security less of an issue over the past years, criminals are evolving with technologies.
continue reading
You are in need of a computer for your office, for your kids, for your mom—fill in the blank. You head into Best Buy, Walmart, or the closest shop with at least a couple computer options. Prices seem reasonable and guess what? There’s a new operating system—one that hasn’t been advertised much.
When you’re at the store talking to a rep, you really don’t notice anything. You ask about Windows 10, they tell you it’s included!
So, as most would, you pull out your credit card or check book and make a purchase, assured that this is your computer and that, if needed, you can customize it with whatever software you want.
Come to find…
Your brand new computer now has Windows 10 S.
To pay or not to pay the ransom?
That has been a major hurdle for organizations across the US. Local governments, manufacturing, accounting, even hospitals—have all ended up concluding that paying the ransom was the only way to get their systems up and running.
This dilemma—the one in which you will have to make a serious decision about whether you pay criminals to give back your data or recover in spite of them and their threats.
While in general, the FBI has stated time and time again to NOT PAY THE RANSOM—because in doing so you are waving a big red target stating that you’re willing to pay—not to mention the fact that you’re filling their coffers and allowing them to grow they cyber crime businesses.
The reality in 2019 is that many folks have succumbed to attacks and now are paying hefty ransoms either because their cyber insurance providers told them that’s all they’d be able to cover or because they had no other options (they simply weren’t prepared for a recovery effort).
Scores of municipalities and businesses caught with their networks frozen and ability to work halted have made the hard decision to pay the ransom.
continue reading
