top of page
Search

Lightning Strikes and Malicious Hacking



Can lightning strike twice? Although rare, your chances of getting struck by lightning twice in your lifetime is 1 in 9 million. Getting hacked more than once is unfortunately far too common. Your organization's chances of multiple breaches are far worse with 7.5 million out of 9 million suffering that fate. In fact, the IBM Cost of a Data Breach Report from 2022 shows that 83% of organizations have had more than one data breach. That unfortunate fate is not only highly probable, but also costly. The average cost of a data breach is $4.35 million.


You probably remember the trick to estimate how far you are from a lightning strike. Count the number of seconds from when you see the lightning flash until you hear the resultant boom – roughly 5 seconds per mile. In cybersecurity, we count the seconds too.

Watch for the storm, seek shelter, and be prepared for the worst.


Watch for the Storm


The CISA Cross-Sector Cybersecurity Performance Goals (CPG) together with our assessment services program, Q|FRAME™ can assist you with measuring your cybersecurity strength, allowing you to visualize your program with a metric-informed longitudinal cybersecurity record. We do this through developing customizable assessments, which should be both a source of what to audit and validate, along with a repository of the audit results. Q|FRAME™ helps organizations seeking assistance in prioritizing investment toward a limited number of high-impact security outcomes. Through this visualization of your cybersecurity program, you can work to prioritize your CPG’s and prepare for the threats that will be coming.


Seek Shelter from the Storm


CISA.gov released a Cybersecurity Advisory on March 2, 2023, and provides three action steps to mitigate cyber threats from ransomware:

1. Prioritize remediating known exploited vulnerabilities

2. Train users to recognize and report phishing attempts

3. Enable and enforce multifactor authentication


Known exploited vulnerabilities need to be remediated. Are you part of a threat intel group that shares known vulnerabilities? CISA has a Known Exploited Vulnerabilities Catalog you should subscribe to as one step to being informed. CyberForce|Q provides daily briefing to our participants sharing vulnerabilities experienced by our collective participants. When you join our 24x7x365 Security Operations Center you will be informed daily. Reach out on how to join our SOC.


Train users to recognize and report phishing attempts. Do you provide security awareness training? There are many formal programs you can implement and the cost per user is actually less than you expect. We can provide demos for various solutions, if you would like to implement a program you can buy. SANS Ouch! allows you to build your own. Either option will should be considered for implementing a formal program.


Enable and enforce multifactor authentication. Everyone has heard of and uses MFA to sign into almost all online services – banks, social media, shopping, and hopefully your work account. Compromised passwords are one of the most common ways that bad guys can get at your data, your identity, and into your systems. Using multifactor authentication is one of the easiest ways to make it a lot harder for them. Reach out to us if you have any questions on how to implement MFA.


24x7 SOC CyberForce|Q offers Collective Security Operations Centers protecting your organization 24x7x365 with eyes on glass as your first line of defense. Acting as an extension of your team, aligned with your cybersecurity program to Protect, Detect, Respond and Repair for optimal safety for your organization. Through the collective model you are not alone in fighting the ransomware group. Most organizations focus on network and endpoint security however, they are not as effective as having your systems monitored 24x7x365.


Be Prepared for the Worst


Incident Response Plans help you survive the ever-increasing threat of cyberattacks. Your organization needs to be in a position to detect and defend incidents quickly. We shared one here.


Further, do you provide tabletop training exercises for your team? It is reported that you can reduce the cost of the breach by $2.66 million if you regularly test your plan. Do you have an incident response plan?


CyberForce|Q’s PIVOT and Red Team testing provides a look in time at your exposure. Additionally, we recommend a penetration test which can provide a great analysis of your hidden risks and exposure. We provided a resource page on penetration testing to help you navigate your options. Our pen testers usually find at least one critical vulnerability. It’s better to know your vulnerabilities and make an action plan to remediate them, than have a hacker find it first.


The Montana National Guard’s Defensive Cyber Operations unit recently assisted an entity in helping identify and mitigate a cyber incident. CyberForce|Q couldn’t agree more with the comment by the Defense Cyber Operations Mission Command Supervisor:

“An ounce of prevention is worth a pound of cure,” said Lt. Col. Antonio Lecce, G-6 Mission Command Supervisor, “Although the DCOE can help following an attack, we would rather do a cyber resilience review before an attack occurs to deter any cyber incidents.” It can be a real eye opener for organizations to realize the scope of vulnerabilities that can be exploited if good cyber security practices are not implemented,” Lecce said.

We hope by sharing these steps to mitigation you can learn from an unfortunate incident that happened to someone else.


 

We're Here to Assist You


CyberForce|Q has provided information security services for over 27 years. We architect and implement quantifiable cybersecurity programs for organizations of all sizes – with proven results. CyberForce|Q provides a wide range of services to a diverse group of organizations including educational organizations, government entities, healthcare entities, manufacturing enterprises, and both public and private organizations.

We can assist you in being prepared.




40 views0 comments
bottom of page