Be Aware, Get Prepared, Defend Yourself
And it’s never over…. If the log4j crisis has proven anything, it is in justifying why the Center for Internet Security (CIS®) Top 18 controls are so vital. Rather than mandating controls to counter every possible attack vector (NIST 800-53 et al), the CIS Top 18 controls are periodically refreshed and reprioritized based on real-world … Continue reading It Ain’t Over Till It’s Over
Log4j remediation is much more than just patching. Here are additional steps you may not have considered in your Log4j response: Do you know if you have Log4j, or any of the other libraries in which Log4j is embedded, in the apps you have developed internally? (You do have a way to track and manage … Continue reading Additional steps to remediate log4j
PWC’s timeline of the days leading up to the deployment of Conti ransomware on May 14. PwC, as reported by Brian Krebs, conducted a great post mortem analysis of the ransomware attack on Ireland's public health system. It highlights two persistent failures that I see consistently. For all the harping on log4j (the latest disaster … Continue reading No organization is immune
Once you know what threats are most concerning to your business, you next need to look at the common ways in which these attacks are carried out. The aim of this chapter is to teach you the primary means by which threat actors will attack organizations. You will use knowledge in the next chapter to … Continue reading HRM Draft: Chapter 4 – Know Their Attacks
All too often, when discussing what could happen should a company suffer a cyber attack, security leaders will fall back into techno-babble and discuss the technical details of the potential incident. This is frustrating for business leaders who do not have a technical background, and this damages executive support for the security function. If the … Continue reading HRM Draft: Chapter 3 – Recognize the Threats
Heuristic Security 