Start the Patch Cycle
There was a report released regarding a number of Canadian mining and casino companies that were hit with what appears to be a single extortion-style campaign. Casinos and mining seem like an odd combination though everything that I’ve read leads me to believe that these may have been industries with consistently bad security practices combined with information someone might find damaging to the company’s reputation. This should be a bit of a wakeup call for some that, clearly, Canadian companies are not immune to attack, particularly if their security practices are weak.
Attackers are coming for SMB’s
Another report released this week (U.S. centric) documents how malware incidents at business with <1000 users are up on average 165% in Q1 2017. Experts have long been warning of the fact that companies of that size are ripe targets. Not sure if this is a trend yet but it is an interesting statistic and there are a lot of signs pointing to the fact that criminals are turning their focus to this market.
Mistakes Also Lead to Breaches
An interesting article came out late last week focused on the subject of user error and its impact on security. Errors such as misconfiguration of firewalls (something Gartner predicts will be the cause of 99% of firewall breaches through 2020), companies inadvertently posting confidential information in public locations, and databases incorrectly exposed to the internet are a few examples. Look to the 20 Critical Controls framework for controls that help reduce this risk.
Brush-up on Your Security Concepts
Lastly, here’s a good quick read with key terms and concepts that everyone needs to be aware of. If you, or someone in your organization, need a primer (or reminder) of the key terms and concepts in Info Sec today, this is a good quick read.