newsletter banner cyberhoot

CyberHoot Newsletter – January 2023

FBI’s Vetted Cybersecurity Organization “Infragard” Breached Learn how a cybersecurity organization that partnered with the Federal Bureau of Investigation (FBI) to protect critical US infrastructure got hacked. “Aikido” Vulnerability Turns EDR …

LastPass 2022 Breach Update

LastPass Breach Update – August 22 – December 22

In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.

Wiper-malware Can Devastate Systems

“Aikido” Vulnerability Turns EDR into Wiper Malware

Security Researcher from SafeBreach has revealed critical race conditions in EDR software that can lead to a compromise of the devices running the security software. Exploit code has been seen in the wild that delivers Wiper malware to destroy the infected hosts data and operating system. Immediate patching and reboot is required.

New Rules Proposed by SEC

New Cybersecurity Rules Proposed by SEC

The U.S. Securities and Exchange Commission (SEC) is proposing new disclosure requirements by company boards regarding cybersecurity risk management, strategy, governance policies, procedures, and incidents.  This would be an amendment …

newsletter banner cyberhoot

CyberHoot Newsletter – October 2022

Top 10 Reasons to Conduct Awareness Training and Testing Businesses all over the world experience increasingly sophisticated attacks with escalating damages and impact.  Awareness training and phish testing are two …

10 Reasons for Awareness Training

CyberHoot: 10 Reasons to Adopt Awareness Training

Cybersecurity awareness training helps combat human error, one of the most common exploitable parts of any cybersecurity program. Use these facts to convince management at your company its finally time to train your staff on cybersecurity.

2FA or MFA Protects Online Accounts

Cybersecurity Awareness Month – Multi-Factor (aka Two-Factor) Authentication

How much do companies pay when breached? It depends upon the data that was stolen. In some cases, such as healthcare, the costs of managing a breach are increasing YOY. Recent IBM data showed Healthcare records costing 3x what other records cost in a breach. Isn’t it time you started preparing for and sought to prevent breaches.

Healthcare Breach Costs

Cybersecurity Awareness Month – Breach Costs in Healthcare

How much do companies pay when breached? It depends upon the data that was stolen. In some cases, such as healthcare, the costs of managing a breach are increasing YOY. Recent IBM data showed Healthcare records costing 3x what other records cost in a breach. Isn’t it time you started preparing for and sought to prevent breaches.

Consumer Trust

Cybersecurity Awareness Month – Consumer Trust

Life isn’t fair. Companies that are victims of a cyberattack are most often blamed (64%) by consumers for inadequate controls and protective mechanisms for their cybersecurity program. Perception is reality and so the time to prepare and harden your company to these attacks is now. Don’t wait until a breach happens, sign up for CyberHoot today.

Stolen Data Value

Cybersecurity Awareness Month – Stolen Data Value

Banking information, healthcare records, credential databases are all extremely valuable to hackers seeking to profit from the sale of this data on the Dark web. Know what data you have and how it is both saleable and to be protected. Begin building your cybersecurity program today to protect against breaches with CyberHoot.

Privacy Regulations World-Wide

Cybersecurity Awareness Month – Privacy Regulations

Privacy regulations have been passed in 70% of the world’s countries and 100% of the Americas. Is your website privacy policy up-to-date with these regulations? If not, you’re going to need to spend some energy complying. CyberHoot’s vCISO services can help. Visit us today.

Credential Value

Cybersecurity Awareness Month – Credential Value

The dark web contains marketplaces where illegal items are traded including credentials into our online accounts. For as little as $2.00/account hackers can by employee credentials to breach your company’s email systems, VPN, or online SaaS applications to cause havoc and steal your money, data, or both. Learn how to protect yourself using CyberHoot.

Healthcare and Ransomware

Cybersecurity Awareness Month – Healthcare & Ransomware

Healthcare providers are huge targets for ransomware because modern ransomware publishes patient data online if you don’t pay the ransom. Gone are the days where you could simply restore your critical data from backup and ignore the ransom. For healthcare providers, a ransomware breach is the worst possible outcome. Pay the ransom, report the attack, pay the HIPAA fine for lack of cybersecurity protections. Get busy today creating a strong defense-in-depth cybersecurity program to protect your patient records.

Data Breaches

Cybersecurity Awareness Month – Breaches

Ransomware costs continue to increase year over year for SMBs. News headlines talk about multi-million dollar Ransomware breach costs, but those apply primarily to enterprises. For the average SMB, the costs are in the hundreds of thousands of dollars. $139,000 to be exact or 65% more than last year ($84,000).
Preparations have never been more important or simple for SMBs to train up their employees to fight the scourge of cyberattacks.

Average cost of Ransomware to a Small Business

Cybersecurity Awareness Month – Ransomware Costs

Ransomware costs continue to increase year over year for SMBs. News headlines talk about multi-million dollar Ransomware breach costs, but those apply primarily to enterprises. For the average SMB, the costs are in the hundreds of thousands of dollars. $139,000 to be exact or 65% more than last year ($84,000).
Preparations have never been more important or simple for SMBs to train up their employees to fight the scourge of cyberattacks.

3rd Party Risk Management and Data Destruction

Morgan Stanley Data Breach – Lessons to be Learned

The Morgan Stanley data breach of 2022 where surplus equipment was sent to a 3rd party for data destruction but ended up on eBay is a lesson’s learned treasure trove. From Data Retention and Destruction process failures to contract failures to 3rd party risk management failures, there are plenty of improvement opportunities for SMBs and MSPs to learn from here. This article highlights how you can improve your cybersecurity program from the failures of this breach.