• qharrington7

Cybersecurity--I thought we have a policy for that!

Anyone within ear shot of Maryland, Washington D.C., and Virginia has heard of the ransomware attack on the City of Baltimore by a group who refer to themselves on Twitter as Robbinhood. This attack has already cost the city millions of dollars and subjected those who rely on the city for services to countless hours of hardship.

The hackers who attacked Baltimore did not need to develop a previously unknown zero-day exploit, invent new tradecraft, or pull off a master stroke of social engineering. The Baltimore attack exploited a well-known vulnerability for which a patch has been available for years. Baltimore is not alone—similar attacks have occurred in other major cities as well as in large government organizations and private sector enterprises. In fact, most cyber attacks exploit known vulnerabilities that have been left unpatched.

Prevention is always the best approach. But when a cyber incident occurs, several critical questions should be asked—and answered--in order to understand why it happened and what could/should have been done to prevent it.

  1. What personnel and security polices are in place to prevent (or deter) these types of incidents from occurring?

  2. How well are those policies enforced and supported?

  3. Was this a known issue that the Cyber/IT professionals brought to the attention of leadership prior to the incident occurring?

  4. If so, what was the leadership’s rationale for not patching the systems?

  5. What are the complicating factors that possibly prevented the systems from being patched?

  6. When was the last time the city had an impartial third party come do an assessment of all critical systems?

  7. What actions did the city take based on those recommendations?

The answers to these questions help to lay the foundation for understanding and improving an organization’s Cyber/IT security posture. In today’s world, almost every aspect of our lives is intertwined with some piece of technology, which in turn must be constantly defended from those that would seek to exploit and misuse the information gained by nefarious means. Organizations must invest the time, and money, to develop, implement, and follow a strong security policy.

38 views0 comments

Recent Posts

See All

What to keep...what to leave behind?

We see the light at the end of a long tunnel. At least we hope we do. More people are getting vaccinated every day. More business are opening up. And it was great to see real people sitting in the sta

As little as needed...

“Do as little as necessary, not as much as possible?” That’s a quote from Henrik Kraaijihof, a renowned trainer and coach of elite athletes. Train enough to stimulate the desired response but not so

Great Moments

Great moments, or the sum of all the little things? In business we like to make plans. Strategic plans are the most fun. They show the big things that we must do to reach our goals. And we like to thi