Insights

"The words “threat intelligence” sound high-level, like an issue that might only concern the Department of Homeland Security or the security teams at Google or Amazon. In truth, anyone who connects to the internet or saves data in the cloud or on a hard drive should give threat intelligence some thought. Small businesses, in particular, need to understand the concept to make sure that, in their efforts to prevent cyberattacks, they adequately protect their assets without bankrupting themselves through overkill." - Patricia Staino   The 6 steps of the threat intelligence lifecycle The threat intelligence process is well-defined and complex. As you’ll see as you read through the steps, collecting and leveraging threat intelligence is a challenging endeavor and probably out of reach for most small business owners. If your data and systems do require this level of threat protection, it’s probably best to contract with outside security providers rather…

Patricia Staino of Motley Fool interviews founder, Patrick Kelley, regarding the 8 vital practices for network security! “In this remote-work world, it’s like wearing a mask,” says Patrick Kelley, CTO, Critical Path Security. “It’s a bit more trouble, but it will keep you safe. There is no downside to multi-factor authentication, and it is the top recommendation I have for SMBs.” 8 vital best practices for network security your small business needs: Hacker-proof passwords Virtual private network Spam filters and anti-virus software Multi-factor authentication Mobile device management Updated software Ongoing employee training Backup and a recovery plan “Employee education is not a best practice — it’s a must practice,” says Kelley. “The problem with employee education is that it’s easy to forget. It’s hard to make time for it when you have deadlines, and it’s an ongoing process that must be revisited again and again.” Key reminders should include: Review of your cybersecurity…

Through a coordinated effort between Critical Path Security, Microsoft, and the COVID-19 CTI League, we have released a full threat intelligence feed containing Indicators of Compromise (IOCs) used to lock down dozens of hospitals with Ryuk ransomware. The healthcare facilities can use these IOCs to alert of an attack which will provide an opportunity to defend themselves. Brian Krebs reports, On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.” Read More These feeds will be continually updated and available for free. https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/blob/master/cps-collected-iocs.intel If you need…

Photo courtesy of CSO Online When your organization is experiencing a cyberattack or breach, protecting privileged information and intellectual property is crucial.  As Incident Responders, we can state clearly that in the aftermath of a data breach, events can move very quickly. You'll be asked a litany of questions such as, "how.., who.., why.., etc..". It's best to be prepared. However, appropriate steps should be taken to ensure that confidential and strategic plans are secured and held with great discretion.  As we too often see, shortcuts taken for the sake of getting back to "normal" can lead to greater problems later, particularly in the event of litigation.  Here are our top tips for protecting sensitive data in the context of a data breach: Don't keep your incident response plan on the servers! If the servers are infected with ransomware, it might be impossible to access the plan. Print the plan…