cyber321 Archives - Page 2 of 3 - Cybersecurity for Regulated Firms and Their Service Providers

Cyber 321: 14th July 2021

By Sam Glynn|2021-07-14T07:17:25+00:00July 14th, 2021|Categories: cybersecurity|Tags: cyber321, ranwsomware, sdlc, supply chain, tprm|

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action. This week, my focus is on firms that sell software or services to other organisations. You need to realise what the cybercriminals already know and what your prospects (and their regulators) are becoming increasingly concerned about: You are the perfect stepping stone into your clients’ computer systems and you could be the weakest link in your their cybersecurity defences. It was demonstrated in the WannaCry attack of 2017, the SolarWinds attack of 2020, and this month’s Kaseya attack that has impacted up to 1500 businesses. This week’s action: Recognise that your suppliers are a risk to you, and you are a risk to your clients.

Cyber 321: 2^nd July 2021

By Sam Glynn|2021-07-02T07:07:36+00:00July 2nd, 2021|Categories: cybersecurity|Tags: clop, cyber321, dell, EU, MFA, negotiating, phishing, ransomware|

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how multi-factor authentication is not foolproof, how ransomware negotiation is a growing cottage industry, how the EU and the US are hoping to share more information about cyber-attacks, how one gang laundered $500 million before being captured, and how 30 million Dell devices need an update. This week’s action: Verify links, app access and browser plugins

Cyber 321: 25th June 2021

By Sam Glynn|2021-06-25T05:46:30+00:00June 25th, 2021|Categories: cybersecurity|Tags: cyber321, Gardai, insurance, multi-factor authentication, password, unknown number, unsolicated calls, water treatment|

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why we’re all getting an increasing number of unsolicited calls these days, what we know about the HSE attackers, and why you may need to check the T&C’s of your insurance policies. This week’s action: If you don’t recognise the number, don’t answer the call.

Cyber 321: 18th June 2021

By Sam Glynn|2021-06-18T09:59:19+00:00June 18th, 2021|Categories: cybersecurity|Tags: CIS, cyber321, FBI, framework, ireland, Money Mules, NIST, ransomware|

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how a framework like NIST CSF or CIS Controls can turbo-charge your security efforts, how our teenagers are ending up with convictions for money laundering and supporting terrorism, and how the FBI fooled 800 criminals into telling them all about their drug deals and other criminal activities. This week’s action: Tell your family to protect their bank accounts.

Cyber 321: 11^th June 2021

By Sam Glynn|2021-06-11T09:13:22+00:00June 11th, 2021|Categories: cybersecurity|Tags: cost of an attack, cyber321, hiscox, ireland, professional services firms, staff training, statistics, white house|

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action. This week is dominated by the various findings of the Hiscox Cyber Readiness Report. For 50% of firms, could the cost of cybersecurity risk really be less than €3.5k per annum? In other news, the 5 key things the White House recommends you do to defend against ransomware, and the one thing they did not mention. And finally, why professional services firms are targeted by cyber criminals. This week’s action: Check my maths, and check your numbers.

Cyber 321: 4th June 2021

By Sam Glynn|2021-06-04T06:21:54+00:00June 4th, 2021|Categories: cybersecurity|Tags: android, cyber insurance, cyber321, data retention, hse, ransomware|

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including a major fire at one of Europe’s largest cloud providers, a decision by AXA in France to no longer cover ransomware payments, the ongoing cost and impact of the HSE attack, and a spyware attack on Android phones that is currently circulating in Ireland. This week’s action: Get rid of data you no longer need.

Cyber 321: 21st May 2021

By Sam Glynn|2021-07-31T07:26:46+00:00May 21st, 2021|Categories: cybersecurity|Tags: cyber321, extortion, hse, human defence, ransomware, staff training|

Cyber 3-2-1: In the aftermath of a cyber attack on Ireland’s healthcare system, it will be no surprise that this week’s Cyber 3-2-1 discusses the many aspects of this crime. Most importantly, the fact that this not the human’s fault. This week’s action: Review and restrict access to data.

Cyber 321: 14th May 2021

By Sam Glynn|2021-05-14T09:39:26+00:00May 14th, 2021|Categories: cybersecurity|Tags: business continuity, cyber321, gdpr, oil, operational resilience, plan b, police, special category data, victim|

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including how one cyber attack on one firm had significant knock-on effects across the US East Coast, how another attack on another firm became Finland’s biggest criminal case in history, and what it feels like to be a victim of a cyber crime. This week’s action: Plan B Planning

Cyber 321: 7th May 2021

By Sam Glynn|2021-05-07T07:18:49+00:00May 7th, 2021|Categories: cybersecurity|Tags: byod, cloud security, cyber321, itgovernance, phishing, ransomware, securethevillage, sophos, voicemail, zscaler|

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including BYOD may become Bring Your Own Disaster, fast vs slow when it comes to cloud adoption, and how paying the ransom is not a guarantee that you will get your data back. This week’s action: Ignore those voicemail email notifications.

Cyber 321: 30th APRIL 2021

By Sam Glynn|2021-04-30T07:51:06+00:00April 30th, 2021|Categories: cybersecurity|Tags: cyber321, law firms, mindset, pragmatic security controls, professional services firms, ransomware, rdp, remote access, risk management|

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why professional services firms are now ransomware’s #1 target, another survey confirming that remote working is here to stay, and why good is better than perfect when designing security controls. This week’s action: Remote Desktop Protocol (RDP): Search for it in your firm, and remove or protect it.