Serious cybersecurity breaches can have an immediate and noticeable impact on a company. But what about the long-term effects that boards and managers need to consider? (By Andrew Birmingham, Which-50 Media) Ingalls: At a time when cybersecurity is more strategic to businesses than ever before, determining one’s cybersecurity risk management strategy is crucial. Our Master Risk Control: Pick A Cybersecurity Risk Management Strategy blog post provides some valuable insight on the pros and cons of both the Responsive Strategy and Proactive Strategy.
The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network (VPN) account password, the latest investigation into the incident has revealed. (By Ravie Lakshmananr, The Hacker News) Ingalls: The most effective way to avoid having your account information can be stolen, which can lead to a breach, is by enabling Multi-Factor Authentication (or MFA) and avoid reusing passwords. Here's some more information on why you need to deploy advanced user account protections like MFA.
A new report from an identity specialist reveals a massive 450 percent surge in breaches containing usernames and passwords globally. The report also finds that unauthorized access was the leading cause of breaches for the third consecutive year, increasing year-on-year for the past two years, and accounting for 43 percent of all breaches in 2020. (By Ian Barker, BetaNews) Ingalls: User account security is one of the most important parts of a proactive security strategy. Multi-factor authentication, password managers, complexity, and other risk management controls can all work together to make sure that user accounts stay secure. If you need help with implementing these controls or other cybersecurity risk management techniques, be sure to contact us so that Ingalls Information Security can help!
Post-mortem analysis of data breaches shows that most of today’s cyber-attacks are front-ended by phishing campaigns. The most recent CryptoForHealth Twitter Hacker is just one of many examples. This is not surprising, since the easiest way for a threat actor to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even worse if a stolen identity belongs to a privileged user, who has even broader access, and therefore provides the intruder with “the keys to the kingdom”. While paying close attention to established hackers tactics, techniques, and procedures (TTPs) increases an organization’s ability to implement effective cyber defense strategies, businesses need to stay abreast of emerging TTPs. A good example is vishing, which is a new take on an old scam. (By Torsten George, SecurityWeek) Ingalls: Our cybersecurity experts are highly skilled in Security Awareness Training, Risk Management, and Endpoint Protection. Mastery in all of these areas is essential to prevent voice phishing attacks. Contact Ingalls today to find out how we can protect your organization.
The cost of ransomware incidents worldwide is expected to spiral out of control, exceeding $265 billion by 2031. Ransomware is now one of the most potentially damaging -- and a very popular -- types of malware. If ransomware lands on a vulnerable system, files are usually encrypted, users are locked out, and payment is demanded, usually in cryptocurrency, in return for a decryption key. (By Charlie Osborne, ZDNet) Ingalls: To help fight Ransomware, Ingalls’ offers Managed Detection and Response (MDR), our MDR offers advanced anomaly detection, threat hunting, and sophisticated response guidance utilizing a defense-in-depth approach. Unlike a traditional Managed Security Service Provider (MSSP), Ingalls’ MDR service is geared toward proactive prevention. We do this by utilizing the very latest in cloud, big data analytics, and machine learning along with the cybersecurity industry’s leading incident response team, to identify threats to your environment and to provide the highest fidelity of monitoring, alerting and response possible.