Cyber security is an instrumental part of business operations. Good cyber security practices can help boost customer satisfaction, reputation, and so much more. Equally, poor cyber security practices can cost businesses time, money, and reputation. Whether you are new to cyber security or an expert, this monthly webinar series has it all!

Each month our VP of Business Strategy, Bruce Ward, sits down to chat with customers for about 30-minutes. This discussion focuses on the latest cyber security events and suggested next steps (preventative or reactive). The October installment of This Month in Cyber Security, Bruce focused on privacy and ransomware. But before we dive deep into those topics, we need to talk background.

Cyber Security Awareness Month

October is Cyber Security Awareness Month, which means it only makes sense to review what we have learned this year. One model we love to follow here at Peters is the National Institute of Standards and Technology (NIST) Cyber Security Framework (below). The reason we love this model so much is that it applies to organizations of all sizes and industry, and it puts emphasis on detection methods.

NIST Cyber Security Framework

 

Prevention and reaction are the two main pillars of cyber security. However, within those two pillars are three smaller focus areas. If you are interested in learning about the scope of solutions in each smaller pillar, you can check out our Taste of Technology recap.

Privacy

There are three major stories that happened this month in the world of cyber security.

  1. The food delivery service, DoorDash, was breached. This lead to a leak of customer phone numbers, addresses, and emails. If you have ever used the DoorDash service, you may be at risk of a breach. The reason why this breach is different than what we have seen in the past is that now, cyber criminals may have access to your address and phone number. Learn more about the breach here.
  2. Dunkin Donuts was also breached, but unlike the previous story, the actual breach occurred in 2016. In 2016, the Dunkin Donuts reloadable cards (used to make purchases at Dunkin Donuts stores) were hacked and duplicated. The reason this story has resurfaced is that at the time of the breach, it is believed Dunkin Donuts did not do enough to notify their customers. You can read more about the story here.
  3. Equifax is in the news again as the fallout from their 2017 breach continues to unfold. However, in this story, a settlement has been reached for impacted citizens. Now the stockholders are asking for a settlement. On what grounds? Since Equifax is a credit reporting agency, the revelation of the breach took a massive toll on its stock value. For an interesting read, check out the full story here!

Ransomware

We have talked a lot about ransomware recently, but that is because it is one of the most prevalent attacks we see right now. This month we saw hospitals, schools, and large corporations across the country, victimized by ransomware. With the risk of ransomware becoming increasingly common, the FBI released their second-ever PSA on the topic of ransomware, stating:

Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminant ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.

Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector.

If you’re interested in reading more about the “need to knows” from this PSA, check out this helpful article.

Here are some more helpful resources about the stories Bruce discussed:

For more information on ransomware, check out our recap of The Ransomware Curse.

Interested to hear everything that Bruce had to say? Check out the full webinar recording below.

Read along with the slide deck!

Peters & Associates engineers are dedicated to securing your network, with 24/7 monitoring and support, our Managed Services and Managed Security Services will never leave you guessing.  Want to put your network or employees to the test? Ask us about our free Phishing Test, Vulnerability Scan, and Security Review for Office 365. Call us at 630.832.0075 or send an email to info@peters.com to get started!