Cybersecurity Awareness/Hygiene – Proofpoint BEC Taxonomy Series - Updated June 24, 2021
Proofpoint BEC Taxonomy Series: Lures and Tasks (Part 5)
Cybersecurity
More Cyber Resources from MITRE!
So much from MITRE, so little time!! The NSA has announced plans to fund the development of a new MITRE project called D3FEND. The goal of D3FEND is to provide a knowledge base of defensive countermeasures and their relationships to offensive/adversary techniques. D3FEND has a similar look and feel, and is a complement to the MITRE ATT&CK® Framework knowledgebase of cyber adversary behavior.
Ransomware Roundup (Overload) Continues – June 24, 2021
With much focus on ransomware in recent weeks, it seems prudent to continue including some of the more notable developments for awareness. Today’s roundup includes threats, incidents, musings, and recent response guidance resources.
Threats
Security Awareness – Now’s a Good Time to Review your Phishing Defenses
With all of the attention on ransomware lately, we can’t forget about phishing. Given the propensity for phishing to be the leading attack vector resulting in compromises – including ransomware – organizations need to continuously review their defense in depth strategies to combat phishing. Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, reviews three key elements of a good phishing defense approach that includes: policies, procedures and documentation; technical defenses; and security awareness training.
Even More Ransomware Roundups – June 22, 2021
From ransomware attacks to analysis of threats, we have more notables on ransomware activity plaguing the threat landscape. Understanding the behaviors and traits of ransomware groups helps us improve our defenses and not be sitting ducks.
Ransomware Response and Preparedness Highlights (June 22, 2021)
There is still much being written and conjectured about ransomware this week, including response and preparedness. Paying or not paying continues to garner much attention. Here are a few of the notable musings.
Patching Vulnerabilities is Hard, Exploiting Unpatched Vulnerabilities…Not So Much
WaterISAC is aware of several reports of threat actors leveraging multiple vulnerabilities to exploit unpatched systems in the water and wastewater sector. Members are encouraged to review and address the following vulnerability advisories and updates for products used within their environments.
Another Ransomware Roundup – June 17, 2020
There is still no shortage of ransomware posts this week. Here are a few of the more notables:
Incident Response and Preparedness – Security Metrics to Help CEOs Answer the Tough Questions After an Attack
Cybersecurity is difficult to quantify into metrics, just ask any CISO. Furthermore, after a cyber attack, CEOs need to be prepared for whatever questioning comes their way. A recent post by Proofpoint examines some possible media questions and looks at what information CISOs can provide to senior leadership to help ensure they are able to deliver solid answers. Conversely, the endeavor to honestly answer these questions should also result in a more prepared and resilient organization, as these aren’t just talking points, but validated and confirmed adherence to best practices.
ICS/SCADA Resilience – Top 20 Secure PLC Coding Practices
The much anticipated Top 20 Secure PLC Coding Practices was released today. This list is reportedly the brain-child of water sector veteran Jake Brodsky and was presented during an S4x20 Conference session. According to Dale Peterson, as this initiative was too important to slip away, he made it an official S4 project to organize and recruit engineers who could create a quality list. The coding practices are intended to be used by automation engineers and technicians that program and maintain PLCs.
Pages
