CYBER SECURITY ASSESSMENTS

Addressing security vulnerabilities are now critical business requirements. Weaknesses can come from many sources: IT network misconfigurations, architectural flaws, physical access to devices and servers by unauthorized parties, malicious employees/contractor, and/or non-compliance with the company’s own security policies.

For these reasons, an integrated and inter-disciplinary approach to security risk management that aligns with your organization’s culture is essential.

GTAC provides Information Security Risk Assessments to meet your company’s needs and budget, ranging from a high-level evaluation of your information security environment relative to the SANS CIS Controls to a detailed, comprehensive risk analysis that includes penetration and application testing and an evaluation of information security governance, operations, technology, physical environment, and policies/standards. Contact us for more information.

**********************************************************************************************************************************************************

PREVENTION AND TIPS

Ransomware

Ransomware infections occur in different ways, such as through insecure and fraudulent websites, software downloads and malicious attachments. Anyone can be a target – individuals and companies of all sizes. Fortunately, there are ways for you to be prepared and reduce the likelihood of finding yourself in front of a locked laptop or encrypted file. You can significantly reduce the chances of infection by applying security steps and paying attention online.

The following EUROPOL guideline for regular users and mitigation steps for businesses will help you stay alert and ready. The guidelines also include steps to take if your device or system becomes infected.

NIST, the National Institute of Standards and Technology, has also published a more detailed fact sheet on how to stay prepared against ransomware attacks. You can find this material and more on ransomware at the NIST and CISA websites. These materials were produced by staff members in NIST’s Information Technology Laboratory and National Cybersecurity Center of Excellence.

Infected… what to do next?

  1. Always visit www.nomoreransom.org to check whether you have been infected with one of the ransomware variants for which there are decryption tools available free of charge.

  2. Don’t pay the ransom! You will be financing criminals and encouraging them to continue their illegal activities.

  3. Report it to your national police. The more information you provide, the more effectively law enforcement can disrupt the criminal enterprise.

******

National Security Agency Cybersecurity Technical Report (March 2022)

The National Security Agency (NSA) has released a new report that gives all organizations the most current advice on how to protect their IT network infrastructures from cyberattacks. NSA’s report ‘Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance‘ is available freely for all network admins and CIOs to bolster their networks from state-sponsored and criminal cyberattacks. 

******

‘;–have i been pwned? (HIBP)

HaveIBeenPwned (HIBP), is the free service for tracking credentials stolen and/or leaked through past data breaches. 

Check if your email or phone is in a data breach.

Check if your passwords have been leaked in previous breaches.

******

Hardening Signal (CERT-EU Team)

Signal is a well-known, secure, encrypted instant messaging service developed by the non-profit Signal Technology Foundation and Signal Messenger LLC. It uses standard cellular telephone numbers as identifiers and all communications between Signal users are secured with end-to- end encryption.Staff of public and private organisations, including senior management, may be using Signal sometimes to quickly coordinate and exchange information on work-related matters. Signal groups may also have been set up for business continuity reasons in case corporate instant messaging tools become unavailable. This March 3, 2022 document provides clear and pragmatic recommendations for hardening the configuration of Signal apps.

**********************************************************************************************************************************************************

CYBER INCIDENTS

The biggest data breaches, hacks of 2021 (ZDNet)
Here are some of the most notable security incidents, cyberattacks, and data breaches over 2021. 

Significant Cyber Incidents 2006 – 2021 (CSIS)
This timeline from the Center for Strategic and International Studies records significant cyber incidents since 2006, with a focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars. CSIS is one of the world’s preeminent, bipartisan and nonprofit international policy institutions. They focus on defense and security, regional study, and transnational challenges ranging from energy and trade to global development and economic integration.

Cybersecurity Incident & Vulnerability Response Playbooks (CISA)
The Cybersecurity and Infrastructure Security Agency (CISA) released the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. Produced in accordance with Executive Order 14028, “Improving the Nation’s Cybersecurity,” the playbooks provide federal civilian agencies with a standard set of procedures to respond to vulnerabilities and incidents impacting Federal Civilian Executive Branch networks.  “The playbooks we are releasing today are intended to improve and standardize the approaches used by federal agencies to identify, remediate, and recover from vulnerabilities and incidents affecting their systems,” said Matt Hartman, Deputy Executive Assistant Director for Cybersecurity. “This important step, set in motion by President Biden’s Cyber Executive Order, will enable more comprehensive analysis and mitigation of vulnerabilities and incidents across the civilian enterprise. We encourage our public and private sector partners to review the playbooks to take stock of their own vulnerability and incident response practices.” The Incident Response Playbook applies to incidents that involve confirmed malicious cyber activity and for which a major incident has been declared or not yet been reasonably ruled out.  The Vulnerability Response Playbook applies to any vulnerability that is observed to be used by adversaries to gain unauthorized entry into computing resources. This playbook builds on CISA’s Binding Operational Directive 22-01 and standardizes the high-level process that should be followed when responding to these vulnerabilities that pose significant risk across the federal government, private and public sectors. 
Building on lessons learned from previous incidents and incorporating industry best practices, CISA intends for these two playbooks to strengthen cybersecurity response practices and operational procedures not only for the federal government, but also for public and private sector entities. The playbooks contain checklists for incident response, incident response preparation, and vulnerability response that can be adapted to any organization to track necessary activities to completion. 

Recent CISA Cybersecurity Alerts

These 2021 alerts provide timely information about current security issues, vulnerabilities, and exploits.
These 2020 alerts provide timely information about current security issues, vulnerabilities, and exploits.
These 2019 alerts provide timely information about current security issues, vulnerabilities, and exploits.
These 2018 alerts provide timely information about current security issues, vulnerabilities, and exploits.