SBS CyberSecurity - In the Wild 178

 

In The Wild - CyberSecurity Newsletter Welcome to the 178th issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. [BLOG] How to Mature Your Disaster Recovery Testing Plan SBS Educational Resources A challenge many organizations face is understanding if and how they would recover from a disaster or malware event that takes down the production IT infrastructure or datacenter. In today’s workplace, nearly every organization is heavily reliant on IT and may not be able to conduct business without it. This was a challenge I faced while managing the IT infrastructure at a midsized community bank. Here are some guidelines to help plan, prepare, and test for the unforeseen disaster and keep your business afloat. Read Here »     COVID-19 ‘Breach Bubble’ Waiting to Pop? Krebs on Security The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse. Read Here »   Be Prepared: Why You Need an Incident Response Policy TechRepublic Companies that don't take the time to develop a security incident response plan pay a high price when the inevitable breach happens. According to IBM, organizations with incident response teams and plans spend about $1.2 million less on data breaches than companies without preparations in place. However, in IBM's recent report "The 2020 Cyber Resilient Organization Study," the company found that about 51% of companies have only an informal response plan that is often applied inconsistently. Read Here »   Remote Workers Becoming More Security Conscious Although Bad Habits Persist InfoSecurity Magazine Remote workers have become significantly more cybersecurity conscious since the COVID-19 lockdown began, according to a new study from Trend Micro. It found that nearly three-quarters (72%) of remote workers are more aware of their organization’s cybersecurity policies, and 85% now take instructions from their IT team seriously. Additionally, 81% agreed that workplace cybersecurity is partly their responsibility, whilst 64% acknowledged that it is a security risk to use non-work applications on a corporate device. Read Here »     Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »   University of California SF Pays $1.14M Ransom to Salvage Research ZDNet The University of California at San Francisco (UCSF) has admitted to paying a partial ransom demand of $1.14 million to recover files locked down by a ransomware infection. The university was struck on June 1, where malware was found in the UCSF School of Medicine's IT systems. Administrators quickly attempted to isolate the infection and ringfence a number of systems that prevented the ransomware from traveling to the core UCSF network and causing further damage. Read Here »   How Have I Been Pwned Became the Keeper of the Internet's Biggest Data Breaches TechCrunch When Troy Hunt launched Have I Been Pwned in late 2013, he wanted it to answer a simple question: Have you fallen victim to a data breach? Seven years later, the data-breach notification service processes thousands of requests each day from users who check to see if their data was compromised — or pwned with a hard ‘p’ — by the hundreds of data breaches in its database, including some of the largest breaches in history. As it’s grown, now sitting just below the 10 billion breached-records mark, the answer to Hunt’s original question is more clear. Read Here »   NSA Releases Guidance on Security IPsec VPNs Bleeping Computer The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks. Besides providing organizations with recommendations on how to secure IPsec tunnels, NSA's VPN guidance also highlights the importance of using strong cryptography to protect sensitive info contained within traffic while traversing untrusted networks when connecting to remote servers. Read Here »   The Super Simple Strategy For Greater Focus Medium A lot of people fall under the false notion that they can multitask in order to get more done. This might be true of activities that are cognitively not demanding, like watching TV while unloading the dishwasher. This type of activity is shallow work. However, if your goal is to focus on deep work, like doing your taxes, then it’s much harder to multitask. What’s nearly impossible, according to James Clear, is to concentrate on two tasks at once. Multitasking is inefficient for deep focus and concentration. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:       Krebs on Security: Ransomware Gangs Don’t Need PR Help       Krebs on Security: E-Verify’s “SSN Lock” is Nothing of the Sort       Bleeping Computer: Companies start reporting ransomware attacks as data breaches       Bleeping Computer: ThiefQuest ransomware is a file-stealing Mac wiper in disguise       The Hacker News: Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network       The Hacker News: Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws       ZDNet: Inside a ransomware attack - From the first breach to the ransom demand       Breaking Defense: Cyber Strike By Foreign Force Caused Iran Explosion, Say Israeli Experts       Digital Music News: Anonymous Hackers Warn TikTok Users — ‘Delete This Chinese Spyware Now’       Washington Examiner: Florida becomes first state to enact DNA privacy law, blocking insurers from genetic data