Top o’ the mornin’ to ya!
It’s St Patrick’s Day tomorrow. While you’re thinking about leprechauns and their pots of gold, here are some other things to think about:
3 – Data that doesn’t exist can’t be stolen
2 – You can’t get the attackers out if you don’t know how they got in
1 – You can’t spot election interference & disinformation if there’s no-one looking out for it
3 – Data that doesn’t exist can’t be stolen
“Toronto Zoo’s final update on its January 2024 cyberattack arrived this week, revealing that visitor data going back to 2000 had been compromised.”
What’s the story?
Canada’s Toronto Zoo has disclosed that a ransomware attack in January 2024 compromised personal data of all visitors to the zoo from 2000 to April 2023. Exposed information includes names, addresses, phone numbers, and email addresses. Anyone who visited since January 2022 and paid by credit card also had the last four digits and expiration date of their cards stolen.
So what?
Why does a zoo need to retain the personal data of all visitors for over 20 years? If you don’t need the data, delete it. It’s the easiest way to reduce the impact of many security incidents.
Source: The Register
2 – You can’t get the attackers out if you don’t know how they got in
“It is fairly common for organizations to find themselves compromised a second time after the first security incident, [because] the intruders hadn’t been fully kicked off their systems in the first place.”
What’s the story?
This second article from The Register discusses the common mistakes that organisations make when dealing with a ransomware attack.
For example, many try to handle all aspects of the incident response in-house rather than bringing in expert external assistance. As a result, investigation tends to be rushed and subjective. This frequently leads to organisations reaching the wrong conclusions as to how the attackers gained access to the organisation in the first place, increasing the likelihood that the attackers will strike again in the future.
So what?
The contributors to this article may be biased because of the Incident Response companies that they work for, but that doesn’t mean they’re wrong.
Dealing with a ransomware attack is stressful – Your response will require a team of people, supported by external expertise.
Don’t wait until you need it before you go looking for external assistance – Arrange a retained service now, so you know they will be there when you need them.
Source: The Register (And shared with me by a client who wishes to remain anonymous.)
1 – You can’t spot election interference & disinformation if there’s no-one looking out for it
“It remains unclear whether the Trump administration will continue prioritizing election system security – a critical infrastructure sector – amid reports that the White House is dismantling election security efforts and removing officials involved in countering online misinformation campaigns”
What’s the story?
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has stopped funding the US’ Election Infrastructure Information Sharing and Analysis Center (EI-ISAC), which was set up to enable state, local and federal government “to share information and collaborate on best practices to mitigate and counter threats to election infrastructure.”
The cuts form part of significant layoffs within CISA, as the agency realigns its activities to reflect the priorities of the new US administration.
So what?
The cuts come as no surprise, given Russia (regarded by previous US administrations as a key player behind these disinformation campaigns) is no longer regarded by Trump as a cyber threat to US national security or critical infrastructure.
Source: Bank Info Security