The Cybersecurity Roundup
Don Mangiarelli Cyber Security Hawaii
Cybersecurity | FTC Safeguards Compliance Done For You | Ransomware Cleanup
Welcome to this week’s edition of The Cybersecurity Roundup!???
In this edition, we delve into the latest in cybersecurity events, starting with crucial insights on how to protect yourself from the recent National Public Data Breach. We give you resources to check if your data has been stolen and how to protect yourself from would be identity thieves. We’ll also bring you the latest stories from the cybersecurity world on data breaches so you’re up-to-date with the latest threats and defenses so you won’t be the next victim. Let’s dive in!
Before we begin, don't forget to register for the FTC Safeguards Bootcamp webinar on Tuesday 9/3 @ 11am. Register here -->https://cybersecurehawaii.com/ftc-safeguards-bootcamp-1666
Protecting Your Business from Data Breaches
In light of the recent National Public Data Breach, it’s crucial for businesses to take proactive steps to safeguard their data. Here are some key measures to consider:
Check to see if your data was exposed in the NPD Breach. This article has information on the breach and a few trustworthy websites that let you check to see if your data was compromised. It is highly advisable to freeze your credit reports at the 3 bureaus or through an identity theft protection service.
This Week’s Cybersecurity News
1. Cyber Insurance and Security Technologies
Summary: The article discusses the evolving relationship between cyber insurance and security technologies. As cyber threats grow, insurers are demanding higher security standards from businesses to qualify for coverage. This trend is driving companies to adopt advanced security measures to mitigate risks and reduce premiums. Read more
Our Take: Cyber insurance is no longer a luxury. Recently, a colleague’s client, a small five-person company, faced a ransomware attack costing $1.15 million. Their insurance covered only $1 million, leaving them to pay $150,000 out of pocket. This could devastate most small businesses. By hiring a cybersecurity-focused MSP and deploying robust defenses, businesses can lower insurance costs, often covering the majority of cybersecurity expenses. With the increasing prevalence of AI-driven attacks, it’s not a matter of “if” but “when” a business will be attacked. New regulations and shifting liabilities make cybersecurity indispensable.
领英推荐
2. Cyberattacks on Educational Institutions
Summary: A recent study revealed that 77% of educational institutions experienced a cyberattack in the past year. The article highlights the vulnerabilities in the education sector and the need for robust cybersecurity measures to protect sensitive student and staff data. Read more
Our Take: Educational facilities, often strapped for funds, have neglected cybersecurity. State, county, and city governments must invest in protecting the data they hold. The stereotype of cybercriminals as lone hackers is outdated. Today, well-funded cybercriminal organizations and hostile governments use automated attacks to exploit vulnerabilities, targeting educational institutions as easy prey.
3. Prioritizing Confidential Computing
Summary: This article emphasizes the importance of confidential computing for businesses. By ensuring that data remains encrypted even during processing, companies can significantly enhance their security posture and protect sensitive information from unauthorized access. Read more
Our Take: Businesses should take steps to ensure the confidentiality of the information they collect. Not only should all businesses have some sort of confidentiality in computing policy, but specifically businesses in industries that promote confidentiality such as legal, medical, consulting, etc. Cyber attacks are not going away and are only going to get worse and more prevalent. Businesses need to step up and take responsibility before governments legislate that responsibility onto them.
4. Iran’s Fox Kitten Group and Ransomware Attacks
Summary: The article sheds light on Iran’s Fox Kitten Group, which has been aiding ransomware attacks on U.S. targets. It explores the group’s tactics and the broader implications for national security and corporate defenses. Read more
Our Take: State-sponsored cybercriminal groups are beginning to partner with ransomware groups, splitting the loot from their attacks. State-sponsored organizations have sophisticated tools to access networks like Microsoft 365 and Google Workspace, while ransomware gangs have the expertise to exfiltrate data and cover their tracks. This dangerous combination will likely lead to more severe attacks in the future.
5. Cybercriminals Creating Fake Microsoft Accounts
Summary: Cybercriminals have exploited a vulnerability to create $750 million worth of fake Microsoft accounts. The article discusses the methods used and the impact on businesses and individuals, highlighting the need for stronger identity verification processes. Read more
Our Take: With the proliferation of attacks gaining access to legitimate email services like Microsoft 365 and Google Workspace, it is becoming increasingly difficult for organizations to stop phishing operations from reaching employees’ email accounts. Emails from these services are not tagged as spam due to their high reputation, making it harder to block such attacks. Businesses need to enhance security awareness campaigns and educate employees about email threats. IT responsibilities should be managed by experienced engineers who can implement effective defenses and respond swiftly to breaches.
Do you have questions or want more information on IT and cybersecurity services? Take advantage of our free 15-minute IT strategy session here à https://strategy.cybersecurehawaii.com to speak with one of our friendly local experts.
Mahalo,
The team at Cyber Security Hawaii
btech computer science student | proficient in python, SQL, Java, javascript, and kali linux | Ai and ML
1 个月Thanks for sharing