Source (News 1130)
Conversations about the Colonial Pipeline hack are endless, but also a chance for others to learn and protect their organizations.
Brennen Schmidt, a cybersecurity author and speaker says threats like this happen due to security barriers not being there in the first place. Given the remote work conditions, phishing scams are likely hitting emails of employees and customers.
Schmidt says a good first step is ‘password hygiene.’
“To start off smart and to start off simple … just trying to make sure that there are passwords that are rotated, that are robust, that are different for different applications, and so that if somebody was to get in, that it wouldn’t be compromised as easily.”
Obviously strong passwords are a must, but people need to be careful about not sharing your passwords and recovery question answers on social media.
In addition, multi-factor authentication can reduce your chances of getting cyber hacked.
Source (My tech decision)
Software supply chain
"Zero Trust" concept helps ensure that every system and every device has to be authenticated, validated and authorized to access an organization’s network. But, it is still implemented using a software.
Zero Trust only works if it is also applied to the software you use to manage too.
To help defend against these kind of attacks:
Improper sessions handling
Remote works and security professionals have to consider how to secure mobile devices and applications when working from home.
Even with multi-factor authentication, attackers could compromise devices or trick users into giving them the code.
To mitigate against these kinds of attacks:
Ransomware gets more sophisticated
Cybercriminals are getting smart with their attacks by using legitimate file sharing tools, and exfiltrating last steps of encryption to lock users out of files and systems.
To boost your ransomware protection:
Machine learning and AI
Current cybersecurity trends are making use of machine learning and artificial intelligence (AI) to detect threats. However, given how advanced cyber attackers are getting, these same systems can be used against networks to compromise them.