War spawns cyberattacks, Patch Tuesday is not just for Microsoft, the value of cybersecurity awareness and training
By John Bruggeman, virtual Chief Information Security Officer
War spawns cyberattacks against various targets????
The war taking place in Israel and Palestine that started on October 7 has spawned a flood of attacks on both Israeli and non-Israeli companies and NGOs. Many of the attacks are in a “hacktivist”-type, DDoS style that attempt to take a website offline, but Check Point is quoted in a Bloomberg article that more sophisticated attacks are on the horizon.
There will be collateral damage as the war continues, both on the ground and in cyberspace as data and access to information prove to be key points of tactical focus for all sides. You may not have a direct connection to any of the involved parties, but could suffer attacks because hacktivist organizations are not always precise in their attacks.
What to do?
The key takeaway is to have a response plan in place if you are attacked. CBTS has response plan templates available if you don't have one of your own. We are here to help you improve your cybersecurity and protect your data.
To learn more about the cyberattacks you can read this Bloomberg article.
Patch Tuesday, it’s not just for Microsoft products anymore
Most IT professionals are familiar with “Patch Tuesday”, which is the second Tuesday of the month and was started by Microsoft in 2003—yes, over 20 years ago!
A lot has changed over the last 20 years, and now other companies have joined in on the monthly patch cycle. Here is a quick list of the major companies that released patches in the month of October:
The key here is that no company is immune to having vulnerable software or hardware. If you look at the U.S. Cybersecurity Infrastructure Security Agency (CISA), you will see they have a list of actively exploited vulnerabilities, along with a comprehensive database of vulnerabilities.
Cybercriminals actively look for vulnerabilities and reverse engineer the patches to find out what vulnerability was fixed.?Once they know what is vulnerable, they design an exploit to take advantage of that weakness.
领英推荐
Because there are so many patches, you need to have a patch management program to mitigate the risk of having vulnerable software exposed.
What to do?
The good news is that CBTS provides managed patching! We have a top tier team that currently patches over 40,000 devices for dozens of customers. Get more secure and reduce your risk by signing up for managed patching.
The value of cybersecurity awareness and training
October was Cybersecurity Awareness Month, and I wrote a blog post for Forbes Technology Council that promoted cybersecurity awareness and training.
A lot of people view their employees as the weakest link, which isn’t a good message to send to the people who help the company succeed.
A better message for employees to hear is, “You can help prevent attacks!” Let your employees know that you can empower them to help spot phishing e-mails and business e-mail compromise (BEC) attacks as they happen.
How do you do that?
By providing good training and ways for them to test that training in a safe manner with phishing e-mail tests. I recommend doing e-mail training once a month, and to provide rewards for the people who spot the most phishing e-mails in a given quarter.
You can also read the article I wrote for CIO Review on the same topic. I explain the steps you can take to reduce risk in your organization.
About the author
John Bruggeman is a veteran technologist, CTO, and CISO with nearly 30 years of experience building and running enterprise IT and shepherding information security programs toward maturity. He helps companies, boards, and C-level committees improve and develop their cybersecurity programs, create risk registers, and implement compliance controls using industry-standard frameworks like CIS, NIST, and ISO
100% guaranteed Placement with Awdiz
1 年CBTS team I know one reference who is looking job as a NOC engineer chennai. If you have any opening pls let me know