Everyday is Cybersecurity Awareness Day

[MPMalloy]

Sometimes though, you can take security a little too far and screw yourself over:

https://www.foxnews.com/tech/cryptocurr ... eports-say

I read that on NPR. Very poor business planning. No idea about disaster recovery or chain/line of succession in of catastrophe.

Big-Time-FAIL. He knew he had the medical condition. It was all on him & now everybody else pays for his mistake.

I don't see insurance covering the loss. Maybe...I dunno. I was a personal lines guy.

[MPMalloy]

From Bloomberg: One of Russia’s Neighbors Has Security Lessons for the Rest of Us

Also:

[JasinSwift]

Agree with this topic.
Currently, we are living in the Cyber-age where Internet & computers have foremost impacts on our way of living and social life. The usage of information technology has posed great safety challenges and moral questions in front of us. Decided to use the services of software developers for protecting my bussnies now - https://clockwise.software/blog/category/business/ . Thanks for motivation

[flybynight]

The number of spear phishing emails at my place of work is at a staggering level. Never click on links unless positive knowledge of the sender. ( example family member telling you by phone they are sending a link,)
If you receive email thanking you for the $1400.00 order you didn't make. The electric company is shutting off your power, Or even your bank warning you of possible fraudulent activity. Don't click on the link. No legitimate business is using this method of contact anymore.
This also includes phone calls/txts. If you are not expecting a call from a business or don't recognize the number or locality of call origination. It's some type of fraudulent attempt to gain information from you or access to your phone and anything stored on it.

[JayceSlayn]

The number of spear phishing emails at my place of work is at a staggering level. Never click on links unless positive knowledge of the sender. ( example family member telling you by phone they are sending a link,)
If you receive email thanking you for the $1400.00 order you didn't make. The electric company is shutting off your power, Or even your bank warning you of possible fraudulent activity. Don't click on the link. No legitimate business is using this method of contact anymore.
This also includes phone calls/txts. If you are not expecting a call from a business or don't recognize the number or locality of call origination. It's some type of fraudulent attempt to gain information from you or access to your phone and anything stored on it.

A while back the "CEO" of my company sent me an email asking me to simply contact them back as soon as possible, but that they were in a meeting, so to respond to their email rather than calling them. I responded to the email (something like "OK - what do you need?"), but the follow-up response was definitely out of character (asking me to purchase a bunch of gift cards for the people they were in a meeting with ASAP). I then checked the sender's address and found that they'd spoofed the CEO's email account. No further responses to them, but I did forward the exchange to our actual CEO for reference. I assume that they gathered enough information from the public company site or LinkedIn to make a passable attempt.

Generally, when I get any kind of official correspondence to my personal account (e.g. water bill, bank statement notification, fraud alert, etc.) I will read it, but never use any of the links or contact numbers in the email to respond. I will go to the official site and log-in there or use the contact phone numbers from the website instead. It helps reduce the chance that a phisher will redirect you via email.

[JayceSlayn]

In other news today, MIT Technology Review posted a good article about spreading "Triton"/"Triss" malware, targeting industrial safety controllers: https://www.technologyreview.com/s/6130 ... n-malware/. If you somehow hadn't heard of the Stuxnet or Russia hacking Ukraine electrical grid stories, they cover those briefly as well, but there are even better full stories elsewhere.

I am far from a luddite when it comes to interconnected industrial technology - some people like the term Industrial Internet of Things (IIoT), but I don't like that whole concept as much as I don't like normal IoT. I've had a hand in proliferating the industrial interconnectedness of data/controllers/etc. and it is clearly an unstoppable change in business because of the efficiency it can bring. Nonetheless, I am resistant to its over-application, and I think security must always be taken as a high priority, particularly in instances where it doesn't appear to be of great concern.

A lot of devices that we might invite into our houses and workplaces may seem convenient and productive, but do their manufacturers and/or implementers take security into account? Things like WiFi routers, PLCs, Nest, Alexa, and even things as sophisticated as cell phones and laptops each bring a lot of extra attack surface with them. Not every business is going to be able to afford in-depth security auditing for every project, or able to follow best-practice guidelines perfectly every time. Unfortunately, you have to be perfect all the time, or wrong once, to make the difference against a sophisticated attacker. The attack surface across many industries is already very large, and we have a lot of catching up to do before I'd start to feel "safe" with it.

I've added a generic "State-actor cyber attack" to my list of possible scenarios to prepare for. The extent of which could range from inconvenient to catastrophic depending on the specifics, but preparing for the zompocalypse is a good goal, as always.