Log in
Register
Cyber Forum
More options
Toggle width
Share this page
Share this page
Share
Share
Cyber Forum
Log in
Register
More options
Toggle width
Share this page
Share this page
Share
Share
Menu
Install the app
Install
Home
CyberWeekly Podcast
Breaking News! Podcast
Cyber Risk Rating
Forums
New posts
Forum list
Trending
Leaderboards
News Feeds
Resources
Latest reviews
Sophos X-Ops Intelix
Threat Reports
Members
Current visitors
My.CompTIA
Help Documents
Preference Center
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="MJ Shoer" data-source="post: 2508" data-attributes="member: 3"><p><h3><span style="color: rgb(184, 49, 47)">Severity: High</span> <span style="color: rgb(0, 168, 133)">TLP: Green</span> Holiday White House Letter Emphasizes the Importance of Heightened Security Awareness</h3><p><strong>Tags</strong></p><ol> <li data-xf-list-type="ol"><strong>Untagged</strong></li> </ol><p><strong>Holiday White House Letter Emphasizes the Importance of Heightened Security Awareness</strong></p><p><strong></strong></p><p><strong>Summary:</strong></p><p>The holidays are an opportunity to spend time with our loved ones and enjoy some well-earned rest. Unfortunately, malicious cyber actors are not taking a holiday – and they can ruin ours if we’re not prepared and protected. Historically we have seen breaches around national holidays because criminals know that security operations centers are often short-staffed, delaying the discovery of intrusions.</p><p></p><p>Beyond the holidays, though, we’ve experienced numerous recent events that highlight the strategic risks we all face because of the fragility of digital infrastructure and the ever- present threat of those who would use it for malicious purposes.</p><p></p><p><strong>Analyst Comments:</strong></p><p>This is a lovely letter from the Whitehouse. Given the recently disclosed vulnerabilities, IT teams will unfortunately and more than likely be busy over the Holidays. Hopefully, companies and leadership are working and able to provide security staff much-needed time away from computer screens while ensuring enterprise security throughout the upcoming weeks. This can be challenging; IT shortages have been reported worldwide, while threats have risen. Employees working overtime are more likely to become complacent due to fatigue and stress. Unfortunately, staffing challenges like these will continue to be a problem for companies when a heightened sense of security and urgency may be required. We want to take the opportunity to thank employees who fill these roles, who are usually required to step up and maintain the security and functionality of critical infrastructure during the holiday season.</p><p></p><p><strong>Mitigation:</strong></p><p>In many cases criminals plan and actually begin an intrusion before the holiday itself – they infiltrate a network and lie in wait for the optimal time to launch an attack. It is therefore essential that you convene your leadership team now to make your organization a harder target</p><p>for criminals.</p><p></p><p>Here are some best practices that can be implemented immediately.</p><ul> <li data-xf-list-type="ul">Updated Patching. Criminals count on victims failing to patch their systems and usually take advantage of long-known and fixable vulnerabilities. Patching should be up-to-date, against all known vulnerabilities.</li> <li data-xf-list-type="ul">Change Passwords and Mandate Multi-Factor Authentication (MFA).</li> <li data-xf-list-type="ul">Manage Schedules. Review staffing plans for your IT and security teams to ensure you have sufficient holiday coverage.</li> <li data-xf-list-type="ul">Employee Awareness. Conduct spear phishing and other exercises to raise employee awareness of common attacks. Reinforce the imperative to report computers or phones exhibiting any unusual behavior.</li> <li data-xf-list-type="ul">Exercise Makes an Organization Healthy. Exercise your incident response plan now, so that if the worst happens you can respond quickly to minimize the impact.</li> <li data-xf-list-type="ul">Backup your Data. Confirm that you are backing up key data. Ask your IT staff to test the backup system, and verify that these backups are offline and COMPLETELY out of the reach of criminals.</li> </ul></blockquote><p></p>
[QUOTE="MJ Shoer, post: 2508, member: 3"] [HEADING=2][COLOR=rgb(184, 49, 47)]Severity: High[/COLOR] [COLOR=rgb(0, 168, 133)]TLP: Green[/COLOR] Holiday White House Letter Emphasizes the Importance of Heightened Security Awareness[/HEADING] [B]Tags[/B] [LIST=1] [*][B]Untagged[/B] [/LIST] [B]Holiday White House Letter Emphasizes the Importance of Heightened Security Awareness Summary:[/B] The holidays are an opportunity to spend time with our loved ones and enjoy some well-earned rest. Unfortunately, malicious cyber actors are not taking a holiday – and they can ruin ours if we’re not prepared and protected. Historically we have seen breaches around national holidays because criminals know that security operations centers are often short-staffed, delaying the discovery of intrusions. Beyond the holidays, though, we’ve experienced numerous recent events that highlight the strategic risks we all face because of the fragility of digital infrastructure and the ever- present threat of those who would use it for malicious purposes. [B]Analyst Comments:[/B] This is a lovely letter from the Whitehouse. Given the recently disclosed vulnerabilities, IT teams will unfortunately and more than likely be busy over the Holidays. Hopefully, companies and leadership are working and able to provide security staff much-needed time away from computer screens while ensuring enterprise security throughout the upcoming weeks. This can be challenging; IT shortages have been reported worldwide, while threats have risen. Employees working overtime are more likely to become complacent due to fatigue and stress. Unfortunately, staffing challenges like these will continue to be a problem for companies when a heightened sense of security and urgency may be required. We want to take the opportunity to thank employees who fill these roles, who are usually required to step up and maintain the security and functionality of critical infrastructure during the holiday season. [B]Mitigation:[/B] In many cases criminals plan and actually begin an intrusion before the holiday itself – they infiltrate a network and lie in wait for the optimal time to launch an attack. It is therefore essential that you convene your leadership team now to make your organization a harder target for criminals. Here are some best practices that can be implemented immediately. [LIST] [*]Updated Patching. Criminals count on victims failing to patch their systems and usually take advantage of long-known and fixable vulnerabilities. Patching should be up-to-date, against all known vulnerabilities. [*]Change Passwords and Mandate Multi-Factor Authentication (MFA). [*]Manage Schedules. Review staffing plans for your IT and security teams to ensure you have sufficient holiday coverage. [*]Employee Awareness. Conduct spear phishing and other exercises to raise employee awareness of common attacks. Reinforce the imperative to report computers or phones exhibiting any unusual behavior. [*]Exercise Makes an Organization Healthy. Exercise your incident response plan now, so that if the worst happens you can respond quickly to minimize the impact. [*]Backup your Data. Confirm that you are backing up key data. Ask your IT staff to test the backup system, and verify that these backups are offline and COMPLETELY out of the reach of criminals. [/LIST] [/QUOTE]
Name
Verification
Post reply
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
Top
Bottom
Home
Forums
Threat Reports
My.CompTIA
Menu