Articles of interest from the week of May 4, 2020

As Remote Work Becomes the Norm, Security Fight Moves to Cloud, Endpoints

A majority of firms expect to keep more employees working remotely post-pandemic, forcing businesses to undertake more comprehensive digital and cloud transformations. (By Robert Lemos, DarkReading) Ingalls: Our Managed Detection and Response (MDR) service is designed for advanced detection, threat hunting, anomaly detection and response guidance utilizing a defense-in-depth approach which monitors and correlates network activity with endpoints, logs and everything in between. 

Password psychology: People aren’t protecting themselves even though they know better

People aren’t protecting themselves from cybersecurity risks even though they know they should, a study on password psychology by LogMeIn reveals. (By Help Net Security) Ingalls: We strongly recommend to always enable two-factor authentication (2FA) or multi-factor authentication (MFA) when possible. If your MFA solutions fails, make sure your business has a plan to deal with the emergency. Our blog post provides useful information on how to build a cybersecurity incident response plan. 

Healthcare organizations sitting on 'unexploded' ransomware

While threat reports show ransomware attacks against healthcare organizations are down, experts say threat actors may be lurking in networks and waiting to strike at a later date. (By Alexander Culafi, SearchSecurity.com) Ingalls: We have seen first-hand, through incidents we have work, how attackers would wait days, weeks or even months after the initial compromise before deployment. Are you prepared to defend against ransomware?

WordPress Hacker Attacks One Million Sites in a Month

WordPress administrators are being urged to ensure all of their plug-ins are up-to-date, after researchers detected a 30-fold increase in attack traffic targeting mainly cross-site-scripting vulnerabilities. (By Phil Muncaster, Infosecurity) 

Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies

In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms across the globe. (By Mohit Kumar, The Hacker News) Ingalls: Phishing is one of the most widely used cyber-attack vectors. Even the most trained and sophisticated users can get tricked into divulging their credentials or clicking on malicious links. A very powerful solution that we've helped many clients with is the Phishing Email Helpdesk. Reach out to us today if you would like to know more about Security Awareness Training and Social Engineering.