Hacker group exploit Cisco Flaw and target Iran and Russia

The message “Don’t mess with our elections” followed by a U.S. flag appeared on Iranian and Russian screens after a hacker group exploited Cisco Smart Install Client on vulnerable machines. The hackers claim to have targeted only the computer infrastructure in Iran and Russia during the attack on Friday night.

Ports Fight Security Breaches & Possible Funding Reductions

The nation’s seaports, which handle freight traffic as well as cruise and ferry passengers, continue to face physical threats like terrorism or active shooters as well as ever-increasing concerns about cyber warfare. Amidst all this, they have been doing battle on Capitol Hill to retain current levels of port security funding from U.S. Customs and Border Protection (CBP).

The Many Faces of Cryptocurrency

While it may be a bit harsh to label it the currency of crime, Bitcoin and its dozens of cryptocash cousins certainly have an underworld appeal. Profit-motivated cybercriminals are drawn to its decentralised nature and the anonymity that it affords. Cryptocurrency also simplifies cashing out for the bad guys, and the potential for extortion through ransomware and attacks on unsecured exchanges grows exponentially as digital cash inches toward the mainstream.  It has become a multi-billion-dollar enterprise.

Getting buy-in from the Board – advice for CIOs

IT and security conversations are moving away from the confines of remote IT departments and are finding their way to the top of boardroom agendas. As they do so, CIOs need to carefully consider the way they communicate with other senior executives if critical IT initiatives are to receive that all important buy-in from the Board.  In this article, I will offer guidance to CIOs who are required to obtain Board-level approval before implementing strategic IT projects.

20 Critical Security Controls: Control 10 – Data Recovery Capabilities

Today, I will be going over Control 10 from version 7 of the CIS top 20 Critical Security Controls – Data Recovery Capabilities. I will go through the five requirements and offer my thoughts on what I’ve found.Key Takeaways for Control 10Backups can save your company. After getting hit with ransomware, some companies have had to pay millions in ransom. While a Fortune 500 company may be able to take that type of hit, the vast majority of us cannot.Don’t forget to test. The importance of testing data backups is just as critical as actually creating the backups. This doesn’t have to be a complex procedure; a simple test file on a non-critical server can be quickly tested in a matter of minutes. However, it’s not a bad idea to run through a full restore of a system every now and again, either.How often is a regular basis? This is a great question when it comes to how often you need to run a full, incremental, or differential backup. There is no official guidance on what this number would be from regulatory frameworks, so balance performance and storage costs to a level of risk that is acceptable for the business.Requirement Listing for Control 101. Ensure Regular Automated Back UpsDescription: Ensure that all system data is automatically backed up on regular basis.Notes: There are a lot of reasons why you want to perform backups. Availability is the key component that was the driver of this control historically. Now that ransomware is prevalent across any industry, this can be a driver to show additional ROI for backup solutions.2. Perform Complete System BackupsDescription: Ensure that each of the organization’s key systems are backed up as a complete system through processes such as imaging to enable the quick recovery of an entire system.Notes: The three main backup types are full, incremental, and differential. There are pros and cons to each type, primarily around the performance of obtaining and restoring backup data. A full backup will take longer to create; however, restoring a full backup is much quicker than restoring from incremental or differential backups. The best option is to have a mix of backup types, such as a full backup once a week with daily incremental backups.3. Test Data on Backup MediaDescription: Test data integrity on backup media on a regular basis by performing a data restoration process to ensure that the backup is properly working.Notes: There are two reasons why this is absolutely critical. The first is that you need to be sure that the backups are working before you actually need them. Nothing is worse than losing a critical file before finding out that the backups didn’t complete properly and you cannot restore it. The second comes in the face of ransomware. By testing backups, you can have confidence in restoring encrypted files. You will also have an idea about the internal costs associated with restoring these files and can make an informed decision that restoring files is cheaper than paying a ransom.4. Protect BackupsDescription: Ensure that backups are properly protected via physical security or encryption when they are stored as well as when they are moved across the network. This includes remote backups and cloud services.Notes: Sophisticated threat actors have historically gone after backup data. However, since IT organizations have been restoring data rather than paying a ransom, ransomware authors have also begun targeting backup files to prevent restoration.5. Ensure Backups Have At least One Non-Continuously Addressable DestinationDescription: Ensure that all backups have at least one backup destination that is not continuously addressable through operating system calls.Notes: This one is related to the previous requirement. Malware can be written to automatically target backups before they wreak havoc on your data. This means that the backup source should have a copy of the data stored offline. This can be written to a disk, tape, or even a USB drive for smaller organizations. Just don’t leave your USB drive plugged in and think you are safe.  See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber attack vectors by downloading this guide here.Read more about the 20 Critical Security Controls here:Control 20 – Penetration Tests and Red Team ExercisesControl 19 – Incident Response and ManagementControl 18 – Application Software SecurityControl 17 – Implement a Security Awareness and Training ProgramControl 16 – Account Monitoring and ControlControl 15 – Wireless Access ControlControl 14 – Controlled Access Based on the Need to KnowControl 13 – Data ProtectionControl 12 – Boundary DefenseControl 11 – Secure Configuration for Network Devices, such as Firewalls, Routers, and SwitchesControl 10 – Data Recovery Capabilities