I created these steps, collected from various sources and personal experience, to provide you with guidance on what you should be doing to prevent, detect and respond to ransomware and other malicious software attacks. Hope you find it useful. If you would like more information I suggest you take our course on managing cyber exposures at the Global Risk Academy…Continue
Added by Douglas Nagan on July 20, 2017 at 9:27pm — No Comments
I realize that many of you are enjoying the summer (at least in the northern hemisphere) and relaxing as you contemplate a vacation, this invariably will include your cyber security watchfulness. Unfortunately the cyber predators realize this and have learned to ramp up their activity during your relaxation. The graph below demonstrates how the pattern shifted from 2015 to 2016. It is too early to tell if this will reoccur this year but initial data seems to suggest that the ramp up is…Continue
Added by Douglas Nagan on July 10, 2017 at 2:25pm — No Comments
As the latest major hack, code named Petya, gets dissected the picture is getting clearer. Especially when combined with the information in the latest Verizon DBIR report. Link here.
What this means is that if you updated your Microsoft operating system in a timely manner you are safe, as it appears that Petya is exploiting a vulnerability in Windows that was patched months ago and the virus was transmitted via a malicious…Continue
Added by Douglas Nagan on June 30, 2017 at 7:30pm — No Comments
Computer systems from Russia to the United States were struck on Tuesday in an international cyberattack that bore similarities to a recent assault that crippled tens of thousands of machines worldwide.
Symantec has said the new attack was using the same hacking tool created by the National Security Agency that was used in the WannaCry attacks. The vulnerability was patched by Microsoft last April, but as the WannaCry attacks demonstrated, hundreds of thousands of organizations around…Continue
Added by Douglas Nagan on June 27, 2017 at 8:33pm — No Comments
SANS has recently published its annual security awareness report (click on the link for a copy). Key is the concept of ‘security awareness’, which when combined with their Security Awareness Maturity Model provides a pathway to improved cyber security by managing the organizations cyber security culture.
Sound familiar? It should as that has been my message for years and is integral to my approach and courses. All…Continue
Added by Douglas Nagan on June 5, 2017 at 6:00pm — No Comments
Symantec recently released its latest Internet Security Threat Report (ISTR). If you are not familiar with this report it provides a global snapshot of the state of internet threats. It examines Targeted Attacks; Email: Malware, spam & phishing; Web attacks, toolkits, & exploiting vulnerabilities online; Cyber Crime and the underground economy; Ransomware: extorting businesses & consumers; New frontiers: Internet of Things, mobile, & cloud threats.
If you want to get…Continue
Added by Douglas Nagan on May 29, 2017 at 7:30pm — No Comments
On Friday, as most of you know, there was a massive global cyber attack that took the form of ransomware. The cost of which is still be calculated.
When you read the articles and analysis several things stand out, which I have been advising you about for some time. The attacks exploited non technical issues. Specifically the all too human behavior that clicks on emails or links that are not secure and not doing updates to key software in a timely manner. All the security technology is…Continue
Added by Douglas Nagan on May 13, 2017 at 3:00pm — No Comments
We have provided this simple self-assessment and score card free of charge in hopes that it will cause you to consider the impact that your organizations corporate cyber security culture has on your efforts to address your cyber threats and exposures.
Today the pace of change in malicious cyber events is accelerating. In the past the risks were mainly in someone gaining access to valuable information such as proprietary company information, financial records, customer credit card…Continue
Added by Douglas Nagan on February 22, 2017 at 2:00pm — No Comments
It can be all to easy to get caught in the trap of cyber wack-a-mole, where as soon as you need with one cyber threat several more appear. The link that follows will take you to a short (2 minute) video that outlines the the situation most of us find ourselves in.
Take a look. I appreciate your feedback.
Added by Douglas Nagan on October 29, 2016 at 3:16pm — No Comments
Much effort is being expended, rightly so, in addressing cyber risks. However, it is a frustrating exercise since new risks and threat vectors are arising daily, even hourly. If you would like to stop playing cyber wack-a-mole and get on the offensive watch this video. It only takes 5 minutes and will explain why understanding and managing your cyber exposures provides a way to take the offensive.
Hope you enjoy and gain something from it.…Continue
Added by Douglas Nagan on October 13, 2016 at 8:11pm — No Comments
There is a weakness in cyber risk to focus on the technical issues. They are necessary but not sufficient if you want to understand and manage all your cyber exposures, which I define as the vulnerabilities that arise as a result of activity using computers and the Internet. There is a great range of these vulnerabilities that are not being addressed.
An example would be the exposures…Continue
Added by Douglas Nagan on June 11, 2015 at 6:30pm — No Comments