Yes we can fix this mess, but do we want to ? That's another story
Alexandre BLANC Cyber Security
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
Before going to the list of key #cybersecurity event we saw this week, I wanted to quickly speak about solutions. I present all these incidents and news, hoping that people who read, actually understand better the threat landscape and get better prepared.
Today, and for a while, there are technical solutions against all the incidents we see, many many options are available, allowing you to place the right security controls, at the right place, to properly mitigate risks, and mostly remove the impact of incidents.
Yes, you need to spend some money, and yes, you need just a little effort. But in the end, this is way better than being the next one in the news, feeding criminals and transnational criminal organizations with your data, your customers data, your employees data etc.
Yes, backup are absolutely needed, but no, they are not a proper strategy AGAINST ransomwares and breaches. They are just corrective controls, it means, they are in, too late. They are absolutely needed, but in case of data loss etc, can't help against data theft.
If you know what you do, and you have a good security architecture, you know your inventory, data flows, assets, you're good. If you don't know all of this, then, get support from MSSP. I sure work for VARS Corporation , so, I know the tools we use, and I can honestly tell you, they work. We mitigate incidents. There are certainly others, providing similar service levels, so go, find your managed security partner, and get your stuff in order. We can obviously be the one.
We all offer, maturity audit, cyber security audit, gap analysis against a framework (NIST CSF, ISO, CMMC, you name it, mostly sharing the same goal and means anyways), but if you have to take action, for quick win, go for XDR, Email advanced security, dark web monitoring, as starting point. That good old 80 / 20 rule.... FACT, no BS, that the best bang for your bucks to begin with.
领英推荐
An absolute key point to me : Mix the providers, integrated solutions, but different tools, it's almost digital suicide to rely on a single tool provider. A huge SPOF (single point of failure), you must apply the basics, which is overlapping security controls, and these, from different vendors. Because when vendor 1 backend is hacked (like solarwinds, or azure, or mostly all of them), you need to have a trigger from vendor 2 solution.
Now, our usual coverage of the week on my blog here with 74 points !!!!
Click on the link above for this week bullets.
Have a great week end all, as usual, zero BS cyber security.
Senior Talent Acquisition Specialist | Automation, specializing in AI Sourcing, Candidate Engagement, & Data-Driven Hiring | Innovating Candidate Engagement using AI-Powered Talent Acquisition
3 年SecOps teams use more than ten different categories of security tools, which create an overwhelming volume of security alerts. XDR enables an enterprise to go beyond typical detective controls by providing a holistic and yet simpler view of threats across the entire technology landscape. XDR delivers real-time information needed to deliver threats to business operations for better, faster outcomes. The primary advantages of Extended Detection and Response (XDR) are: 1 . Improved protection, detection, and response capabilities 2. Improved productivity of operational security personnel 3. Lower total cost of ownership for effective detection and response of security threats
IT Manager / CyberSecurity / Software Dev / IT Engineering Manager: Science, Engineering and Manufacturing
3 年"71 – Technology is under attack, I don’t think people stand a chance sadly". I find this curious Alexandre BLANC Cyber Security, true, and curious. Why do people go into business? The answer from business owners points to not being able to work under a boss, Or they get pissed off with rejection and lack of experience, Or they see how they could earn immensely more income; (dawn rose coloured glasses) and make haste to set up a business. Allegedly, technology makes business so much easier. I would ask the question: why do thieves choose a life of crime? Is it also that technology makes crime so much easier? I would suggest that "ease", "easy" and "easier" are the downfall of both arenas. It is strange to me to imagine the visual of both people and criminals running towards to technology. Especially when we are allegedly, making technology so much more intelligent than we are; that we have to immerse into being human to save our careers and jobs :}
NMF Founder and CEO, University Teaching, Int'l Development, SDGs; Focusing: Climate Action, Gender Equality, Environment, Good Health, Quality Education, and Well-being for PWD & MH; ex UN (FAO and WFP), and ex CARE USA
3 年Alexandre BLANC Cyber Security, all the best from Naifa Maruf Foundation
Retiree bei Deutsche Rentenversicherung
3 年And the work goes on! With special thanks!