Articles of interest from the week of June 21, 2021

Why Cybersecurity Has Become a “Team Sport”

At a recent online round-table event, hosted by the New Statesman and sponsored by technology company BlackBerry, industry experts gathered to discuss cybersecurity strategy going forward. A holistic approach, the attendees agreed, was needed – one that blended technical provision, staff training, media handling, and recovery planning. (By New Statesman) Ingalls: Let Ingalls be a part of your cybersecurity team. Since 2010, we’ve been in war rooms and boardrooms investigating targeted attacks by criminals and nation-state-sponsored hackers. In this time of heightened activity, we know that IT teams are struggling to keep pace with the volume of security alerts and responses needed to keep environments protected. Contact us to learn more about our Managed Detection and Response (MDR) and Incident Response (IR) options.

Microsoft Warns: Now Attackers Are Using a Call Center To Trick You Into Downloading Ransomware

Microsoft's cybersecurity researchers are now on the hunt for BazarCall, a criminal group that's using call centers to infect PCs with malware called BazarLoader – a malware loader that's been used to distribute ransomware. (By Liam Tung, ZDNet) Ingalls: Unfortunately, ransomware remains a serious threat to all industries and accounts for nearly a quarter of all malware-based attacks. Ransomware has become so widespread and commonplace that a normal attack garners neither the shock of security professionals nor the attention of the media. Are You Prepared To Defend Against Ransomware?

#HowTo: Protect Medical Institutions from Cyber-Attacks

Despite not being obvious targets for cyber-criminals, healthcare institutions are increasingly falling victim to digital attacks, now more so than ever. While at the start of the pandemic, medical institutions thought that cyber-criminals would not dare disrupt their operations - at least not while they take care of the sick and study the virus - that hope has been all but shattered. If anything, malicious actors are taking advantage of the havoc caused by COVID-19 to infiltrate overstretched hospital systems and steal invaluable patient data and critical research information. In the last quarter of 2020 alone, cyber-criminals exposed nearly 10 million records in 88 breaches. (By Shimrit Tzur-David, Infosecurity Magazine) Ingalls: The most important decision a business can make regarding cybersecurity risk management is to determine their cybersecurity risk management strategy. Our blog covers the pros and cons of both Responsive and Proactive Strategies.

Three Key Elements of a Defense-in-Depth Approach to Phishing

Phishing is probably the oldest and the most potent attack vector threatening today’s organizations. More than 90% of all cyber-attacks begin with phishing emails. Google reportedly blocks 18 million scam emails every day and registered a record two million phishing websites last year. And phishing attacks don’t look like they are going away anytime soon. In fact, they are going to become even more targeted as organized crime syndicates get their hands on dark web data dumps. Fighting and mitigating these attacks can be challenging and requires multiple layers of defense. Let’s explore the top three elements of a multi-layered, defense-in-depth approach.(By Perry Carpenter, Infosecurity Magazine) Ingalls: phishing attacks are a good example of why you need endpoint protection. Our Managed Detection and Response (MDR) service is designed for advanced detection, threat hunting, anomaly detection, and response guidance utilizing a defense-in-depth approach that monitors and correlates network activity with endpoints, logs, and everything in between.

The Widespread Implications of Cyber Attacks

Whenever an organization suffers a cyber attack, there is a significant human impact, which everyday citizens are only now just starting to realize the full impacts and consequences of. Cybersecurity is no longer something boards and businesses can relegate to the IT department. It has far-reaching broader implications on trust, wellbeing, and the community. (By Anna Leibel and Claire Pales, SmartCompany) Ingalls: No one plans to fail; however, failing to plan will often lead to a disaster when it comes to cybersecurity risk management. Depending on your organization’s size and stakeholders (regulators, shareholders, etc.), having a bad plan can cost your organization even more than if it had no plan at all! We've seen many different versions of breach victims with no plan, good plans, bad plans, and half a plan or less. Our experience in preparing the right plan for your organization can mean the difference between resolving a serious problem with little to no impact or having a minor issue balloon into shareholder lawsuits, regulatory fines, and other nightmares. Contact us today to discuss how you can prepare for successfully managing a cybersecurity crisis by having the right Incident Response Plan.