The Human Side of Incident Response
Anyone who has heard me (Jennifer Lyn Walker) speak (on the Cyber Threat Briefing, at a conference, or podcast) knows that I like to focus on the human side of cybersecurity. Therefore, it should come as no surprise that this post – Tackle the Human Side of Incident Response with SOAR and Threat Intelligence – by Flashpoint resonates with me.
Patching in the OT environment is a perpetual predicament, but passing over patches is permanently problematic. Simply ignoring a patch because it is impractical or impossible to implement is profoundly poor policy. So what are the preferred practices when patching isn’t possible? According to Verve Industrial, the options greatly depend on whether the system you intend to remediate has embedded vulnerabilities or a Windows/userspace application.
The FBI has published a Private Industry Notification (PIN) warning that cyber criminals are implementing auto-forwarding on victims’ web-based email clients to conceal their activities. As the PIN explains, the web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cybersecurity administrators. The cyber criminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).
The Center for Internet Security (CIS) has just published the report Exploited Protocols, Remote Desktop Protocol (RDP), which is intended to provide an overview of what RDP is, the attacks associated with this protocol, and how an organization can best protect itself against an RDP-based attack. The information provided in this report is very timely given the increased usage of RDPs as organizations stood up remote environments for employees to utilize when the COVID-19 pandemic struck.
With more Americans expected to shop online this holiday season due to the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency (CISA) has launched a public awareness initiative to inform consumers of common risks and encourage basic cybersecurity practices. Over the course of the next month, it plans to share safety information for consumers to keep in mind as they navigate the world-wide web. As part of this, CISA’s “Holiday Online Shopping” website includes easy-to-follow safety tips for online shopping, and additional resources to promote healthy shopping practices.
As we stated earlier, if Bleeping Computer’s The Week in Ransomware series is a must review, you’ll also want to follow along with a new multi-part series by Control Global executive editor Jim Montague.
Unless you manufacture all of your own components, every organization faces significant risk from their supply chain, and perhaps even more so from the smart/connected technology supply chain.
The Ford Foundation has released a Cybersecurity Assessment Tool (CAT), which is designed to measure the maturity, resiliency, and strength of an organization’s cybersecurity efforts. While the CAT appears intended primarily for non-technical groups, its creators note that it can be used by any organization undertaking a cybersecurity journey. The tool is designed to be taken as a survey in one 30-minute sitting.
Multiple FBI Warnings
The FBI has published a TLP:WHITE FLASH message containing indicators of compromise associated with the Ragnar Locker ransomware, which the FBI notes has been deployed against an increasing number of victims. This product also contains a list of recommended mitigation measures and encourages recipients to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch) at (855)-292-3937 or CyWatch@fbi.gov.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
