Read the recent #CyberAvengers recent article, Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity, on Brink-The Edge of Risk.
This article discusses the recent federal legislation, Promoting Good Cyber Hygiene Act of 2017, which promotes the following best practices items that are further discussed in the article
- Security updates and patch management
- Workforce phishing training
- Multifactor authentication
- Backup redundancy and management
- Not using outdated and unsupported software
- Use of the cloud
- Intrusion detection and prevention systems
- Using a managed services provider (MSP) or managed security service provider (MSSP)
- Cyber insurance
_____________________________
The #CyberAvengers (Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma, Christophe Veltsos) are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.
Shawn,
The scope of the problem is vast (See, e.g. The Magnificence of the Disaster https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1072229 ) and is increasing. The fact that every USB flash drive has its own micro-controller is, in and of itself, an unacceptable risk if used as intended. Flashing your own malware into firmware and distributing the product near a target is the most likely path of entry for the Stuxnet tool.
Today I’ve noted that the FCC is considering some mechanism to crack down on SPIT. Fat chance.
I also note, with great trepidation, the distribution of BCBS health insurance ID cards with USB flash drives incorporated into each one. Talk about the next infection vector for malware- just what the doctor ordered.
Just a few thoughts.
Rick
George R. O’Connor The O’Connor Law Firm, Missouri 417 Associated Road Suite 305 Brea, California 92821 816-505-1600 (909) 274-7994 fax
Admitted in all Missouri Courts & Kansas Federal Court Practice
The Missouri Bar Disciplinary Counsel requires all Missouri lawyers to notify all recipients of e-mail that (1) e-mail communication is not a secure method of communication; (2) any e-mail that is sent to you or by you may be copied and held by various computers it passes through as it goes from me to you or vice versa; (3) persons not participating in our communication may intercept our communications by improperly accessing your computer or my computer or even some computer unconnected to either of us which the e-mail passed through. I am communicating to you via e-mail because you have consented to receive communications via this medium. If you change your mind and want future communications to be sent in a different fashion, please let me know.
>
Thanks for your comment, George! Yes, the risk is everywhere and we are still in the Pre-Cambrian Era of Data and Devices — we can’t even imagine, at this point, where it will all evolve to and ultimately end!