Articles of interest from the week of October 4, 2021

6 Minimum Security Practices To Implement Before Working on Best Practices

We all want to abide by security best practices, but who decides what is best? If something is best for one firm, it is best for all? Too often we do not take the time to analyze what we are protecting to ensure we are protecting it as well as we can. There are, however, some basic techniques that can be deployed in nearly all organizations. I’m calling these recommendations “minimum practices.” Here are six to consider. (By Susan Bradley, CSO) Ingalls: At a time when cybersecurity is more strategic to businesses than ever before, determining one’s cybersecurity risk management strategy is crucial. Our Master Risk Control: Pick A Cybersecurity Risk Management Strategy blog post provides some valuable insight on the different options.

New Python Ransomware Targets Virtual Machines, ESXi Hypervisors To Encrypt Disks

A new strain of Python-based malware has been used in a "sniper" campaign to achieve encryption on a corporate system in less than three hours. (By Charlie Osborne, ZDNet) Ingalls: To help fight Ransomware, Ingalls’ offers Managed Detection and Response (MDR), our MDR offers advanced anomaly detection, threat hunting and sophisticated response guidance utilizing a defense-in-depth approach.  

A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries

A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in the U.S., Russia, India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. (By Ravie Lakshmanan, The Hacker News) 

To Avoid Cyberattacks, Companies Need To Think Like Hackers

To truly protect themselves, organizations need to get past the belief that the more money they spend, and the more security systems they implement, the better protected they will be. True security comes from looking at IT systems as hackers would and implementing heavy protection at the most vulnerable points of these systems – the points most attractive to infiltrators. By considering the tactics hackers are most likely to use, organizations can protect their most important assets.. (By Itay Peled, Help Net Security) Ingalls: We believe it is important that there are affordable and effective cybersecurity solutions for organizations of every size. We offer best-in-class information security solutions suitable for the largest enterprise companies at a price point that is affordable for SMBs. Request a demo for your company today.

How to Build an Incident-Response Plan, Before Security Disaster Strikes

In a startling discovery, a recent report found that 98 percent of companies have experienced at least one cloud data breach in the past 18 months, compared to 79 percent last year. The same report disclosed that nearly 60 percent of the 200 CISOs and security decision-makers surveyed considered lack of visibility, and inadequate identity and access management, a major threat to their cloud infrastructure. (By Joseph Carson, Threatpost) Ingalls: No one plans to fail; however, failing to plan will often lead to a disaster when it comes to cybersecurity risk management. Depending on your organization’s size and stakeholders (regulators, shareholders, etc.), having a bad plan can cost your organization even more than if it had no plan at all! We've seen many different versions of breach victims with no plan, good plans, bad plans, and half a plan or less. Our experience in preparing the right plan for your organization can mean the difference between resolving a serious problem with little to no impact or having a minor issue balloon into shareholder lawsuits, regulatory fines, and other nightmares. Contact us today to discuss how you can prepare for successfully managing a cybersecurity crisis by having the right Incident Response Plan.