Cyber Hunter Blog

Being a part of several incident responses across the country provides unique insights to how businesses operate from an information security perspective.  Bottom Line:  the commercial space is very reactionary.  ‘If a problem is not right in front of me, then why do I want to focus on it?  Complete waste of time.’

This is how several business owners and executive teams with influence operate, in the here and the now.

 Companies don’t want to invest (people, process, or technology) where the return on investment doesn’t make sense.  Well, after seeing several companies be crippled by ransomware attacks or other malware waiting for the ‘what if’ scenario is over, companies are vulnerable and need to be prepared for ‘when’ the incident happens.

 Let’s unpack this with a real world example……We were working with a health care provider where a medical professional had ‘admin’ credentials and accidentally clicked on a bad website.  This locked down a hospital area via encryption where they worked and caused the question how pervasive is this attack?  After ActiveCanopy deployed our endpoint agent (56 anti-virus feeds in one threat intelligence feed) through the network, we found 100’s of pieces of malware on the system (in that area combined with the other areas of the organization).  The health care provider’s single Anti-Virus (AV) solution did not detect any of this activity………….scary stuff.

 Solution:

1. Executive Culture buy-in, CEO/CFO/COO need to be informed on the importance of cyber security protection.
2. Create an Incident Response plan to be sure that it follows some guidelines (NIST is our favorite) with a rehearsal to ensure corporate understanding.
3. Anti-virus solutions and logging (if this is even performed) will NOT protect the organization.  Subscribe to an endpoint protection solution.

Please don’t wait for your organization to be owned, protect it.