Services PIP America protects the value in your organization by managing operational risk in the cyber era
About Us Our unique partnership of top-tier consultants and U.S. military leaders aims to secure and grow American critical infrastructure, private enterprise and government Find out more about our team
Leadership Team Our people are world-class. Drawn from the highest levels of the U.S military and top-tier industry firms, they have deep industry and implementation experience Meet our Leadership Team
HighlightedPIPers Our people are world-class. Drawn from the highest levels of the U.S military and top-tier industry firms, they have deep industry and implementation experience Meet our Team
Contact Us Thank you for your interest. Get in touch with your questions or feedback Contact us to find out how we can help you
by Dawn Dunkerley Contributing Editor They Come in the Night: Ransomware Deployment Trends – Fire Eye Threat Research We noted several initial infection vectors across multiple ransomware incidents, including RDP, phishing with a malicious link or attachment, and drive by download of malware facilitating follow-on activity.Contain and remediate infections quickly to prevent attackers from conducting follow-on activity or selling access to other threat actors for further exploitation. Editor’s note: As I was looking to pull together this month’s post, I was almost overwhelmed with the uptick in ransomware-related reporting. If that means that we are having more, or just having more reporting, I cannot be sure; however, this Mandiant report is still quality reading for weary eyes. The point that “if initial infections are detected, contained, and remediated quickly, the significant damage and cost associated with a ransomware infection could be avoided” may seem obvious, but we continue to see organizations that haven’t planned and exercised for these events. Prevention is important, but response and recovery when the bad times come cannot be ignored. READ MORE Securing the MSP: Best Practices for Vetting Cybersecurity Vendors– Malwarebytes Labs What’s concerning from a Chief Security Officer’s (CSO’s) perspective is the veneer of legitimacy many cybersecurity vendors are capable of producing: Scammy security companies generally have slick, professional websites, convincing sales engineers, legions of onshore support administrators, and almost invariably, one or more executives with ties to a government intelligence agency, whether in the US or abroad.What these threat alerts amount to tends to be a drag on organizational resources, as in-house security personnel are tasked with vetting ever-increasing quantities of data that don’t address business needs. Editor’s note: This is an exceptional quote from this article: “Some infosec vendors really do try their best to provide a valuable product to the end user, but still fall awfully short of the mark. The problem here isn’t that they’re not trying to deliver a good product—it’s that they don’t necessarily understand what “good” is to you.” I really pondered this… while we do see truly “scammy” vendors, most often there are good vendors that just aren’t right for your particular organizational gaps. It’s easy to be overwhelmed by the number of tools and service providers, so a good, honest look at the critical cyber assets and how they are under- and over-defended. Rational decisions are important, even in these times. READ MORE Fresh Virus Misery for Illinois: Public Health Agency Taken Down by… Web Ransomware. Great Timing, Scumbags– The Register The Champaign Urbana Public Health District (CHUPD) in Illinois, covering 210,00 folks, including the state’s biggest university, said today it has had to set up an alternate website as it deals with a ransomware infection that took down its primary site.At the time of writing, the district’s alternate website was operational and displaying some basic contact information about the deadly coronavirus outbreak. Editor’s Note: And “scene”… even through an above note discussed the never-ending flood of ransomware reporting, I had to point this one out, chiefly because my mentor had correctly predicted attacks against public health agencies would increase in the face of the COVID-19 (Coronavirus) epidemic. Scumbags, indeed. READ MORE Beyond Burnout: What Is Cybersecurity Doing to Us? – Dark Reading Infosec professionals may feel not only fatigued, but isolated, unwell, and unsafe. And the problem may hurt both them and the businesses they aim to protect. Editor’s Note: I do put this in quite on purpose, hoping that my friends and colleagues in the field (as well as their leadership) will consider what the constant barrage of attacks are doing to their teams. Perhaps more so than ever, it’s exhausting to be a cyber professional. To quote the article: “Cybersecurity professionals are trying to save everyone. Does someone need to save them? The Impact: ‘The Only Ones to Feel Any Pain’Over 400 CISOs and 400 C-suite executives revealed some sobering truths in a survey recently conducted by Vanson Bourne on behalf of Nominet. The “CISO Stress Report” found: 21% of CISOs said they have taken a leave of absence because of job-related stress. Some CISOs took this significant step even though many reported being afraid to take sick days (41%) and neglecting to take all of their allotted time off (35%). 48% of CISOs said their work stress has impacted their mental health, and 35% said it has impacted their physical health.40% of CISOs said their work stress has impacted their relationships with their families or children, 32% said it has impacted their relationships with spouses or romantic partners, and 32% said it has impacted their relationships with friends.23% said they are using medication or alcohol to manage stress.94% of American CISOs and 95% of UK CISOs reported working more than their contracted hours – on average, 10 hours per week more. In addition, 83% of American C-suite execs and 73% of UK execs confirmed they do, indeed, expect security teams to work longer hours.” Emotions are high, attacks are nonstop, and generally budgets are not keeping up. It’s very common to feel alone and unappreciated, and that can lead to a downward spiral. Please don’t ever hesitate to reach out to me personally if you are feeling these things, and know that, as a community, we are fighting the good fight every day, no matter the odds. Somehow knowing that helps me every day. READ MORE Leave a Reply Cancel reply Your email address will not be published. Required fields are marked *Comment Name * Email * Website
