Articles of interest from the week of September 6, 2021

3 Metrics to Gauge Cybersecurity Program Health

Imagine the United Nations General Assembly with no translators—and people speaking dozens of different languages. That’s what it can be like when security teams share metrics and data with their organization’s board of directors. Metrics that measure tool efficacy, visibility, and team performance are also important to track over time to garner information on trends—another key requirement for giving context to metrics. Ideally, organizations should demonstrate how each investment in people, processes, and technology improved the security program and reduced enterprise risk. (By Colin O'Connor, Security Boulevard) Ingalls: Software or tools alone cannot effectively defend against cyberattacks. People, processes, and technology must all be integrated into any successful cybersecurity risk management strategy. Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.

Vocus Says Its Response to a Cyberattack Temporarily Triggered NZ Internet Outages

Collateral damage from DDoS attacks is quite common. ISPs often have to block some legitimate traffic initially to regain the ability to manage their networks. In some cases, filters can also cause additional load issues on routers. (By Reuters) Ingalls: DDoS attacks are becoming more common, with increased bandwidth and decreased duration. Contact us today for a risk assessment to ensure your organization has an adequate DDoS mitigation strategy.

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat. (By Brian Krebs, Krebs on Security) Ingalls: Our MDR (Managed Detection and Response) services offer layered cybersecurity controls for effective risk management and rapid response. It was designed to be a method of proactive prevention against security threats to your environment, especially zero-day threats, making it one of the industry's leading cybersecurity tools. MDR is critical when it comes to staying ahead of all kinds of threats, detecting and stopping them before they become breaches.

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

A large number of Fortigate devices were compromised by threat actors exploiting CVE-2018-13379, which allows the theft of credentials from vulnerable devices. The vulnerability was mitigated by a patch in 2019, but many devices were not patched and remained vulnerable. Fortinet has released several advisories, including as recently as June of this year, reminding customers of the severity of the vulnerability. Now, hackers have posted a list of compromised devices and credentials on a Russian-language hacker forum. (By Ravie Lakshmanan, The Hacker News) Ingalls: Our Managed Detection and Response (MDR) service offers advanced anomaly detection, threat hunting, and sophisticated response guidance utilizing a defense-in-depth approach to cybersecurity. Our cybersecurity experts can also work closely with your team to ensure that robust patch management solutions are in place, a service not offered by most MSSPs.

Microsoft Has a $20 Billion Hacking Plan, but Cybersecurity Has a Big Spending Problem

One of the biggest reasons cited by Smith and other cyber experts for the disconnect between cyber spending and return on investment in the form of better protection comes down to labor. “I think we have a real shortage,” Smith told CNBC. “Many businesses don’t have the people that they need, either to implement the protections they, in some cases, are already paying for.” (By Eric Rosenbaum, CNBC)