February 2018 archive

Here 8 mistakes to avoid when build a successful cybersecurity program for your organization. #achsysadmin #thecybersecuritymindset #alexhubbard #ciso #vciso #sysadmin #cyber #cybersecurity #cybersecurityawareness

Top 4 SaaS threats for 2023 - Misconfigurations - SaaS-to-SaaS Access - Device-to-SaaS Risk - Identity and Access Governance https://thehackernews.com/2022/12/top-4-saas-security-threats-for-2023.html

If you're a Fortinet shop, be sure to update your FortiOS as soon as possible. https://www.fortiguard.com/psirt/FG-IR-22-398 #vciso #patchmanagement #fortinet

This breach is not related to Uber's September incident according to Bleeping Computer, it is a new one. Uber believes this happened through a third-party. This is why it is so critical to have a good third-party vendor review and management program. I've already seen an uptick in clients receiving questionnaires from their clients or vendor asking what they are doing to keep their data secure. This is going to continue as threats become more advance. https://www.bleepingcomputer.com/news/security/uber-suffers-new-data-breach-after-attack-on-vendor-info-leaked-online/ #vciso #cybersecurity #breach #uber

Gone are the days where you fill out a questionnaire to get cyber insurance. Providers now want to see things like SOC2 compliance and security hardening activities. Many are reviewing your awareness training programs, security policies and the like. https://www.csoonline.com/article/3681852/what-you-should-know-when-considering-cyber-insurance-in-2023.html #vciso #cybersecurity

"Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind an ongoing Hosted Exchange outage described as an "isolated disruption."" https://www.bleepingcomputer.com/news/security/rackspace-confirms-outage-was-caused-by-ransomware-attack/ #vciso #ransomware #cybersecurity

CISA notifications are a great way to get the latest information about vulnerabilities. It's free to sign up! Great way to stay informed. #vciso #ciso #cybersecurity #vulnerabilities #cisa https://www.cisa.gov/uscert/mailing-lists-and-feeds

I got a good chuckle out of this. Be careful what you click on. Phishing messages are getting trickier and trickier. #vciso #securityawareness #phishing

Having a good third-party management policy and regular review is crucial in today's environment. Additionally, knowing and tracking all of your assets, while tough, is also a critical aspect of a mature cybersecurity program. According to this article, the "average enterprise uses 1400 cloud services". This can be a lot of leg work to track. An asset can be anything from a physical system to a virtual appliance and anything in between. Understanding what your assets are, what their vulnerabilities or weak points might be, can help you develop remediation strategies. https://www.darkreading.com/attacks-breaches/the-next-generation-of-supply-chain-attacks-is-here-to-stay #vciso #cybersecurity #supplychain