Cyber Defense eMagazine December 2019
Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group with Pierluigi Paganini, Yan Ross as International and US Editors-in-Chief and many more hard working amazing contributors!
Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group with Pierluigi Paganini, Yan Ross as International and US Editors-in-Chief and many more hard working amazing contributors!
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
30<br />
• Conduct cybersecurity training throughout the year and make it relevant. The once a year<br />
cybersecurity mandatory training to check the box simply still does not work. This needs to be<br />
done through the year with relevant, current training. Granted, your task is not to entertain the<br />
staff during these, however, you still need to attract and retain their attention. This will assist with<br />
them internalizing the message and applying it, as some level, to their work, when the need<br />
presents itself. The alternative is to play the same VHS tape from the 1990s and having your staff<br />
in an infinite loop of mass password resets, patching vulnerabilities, scanning for issues, and<br />
headaches.<br />
• Patch cycle. While this may not directly impact the ransomware attack, it is still prudent and an<br />
industry-standard to address this with regularity, in addition to the critical and time-sensitive<br />
patches requiring immediate attention.<br />
Lessons Learned?<br />
PerCSoft paid the ransom, as noted previously. This may have been their only option given the germane<br />
circumstances. The organization may not have backups of their client’s data. The organization having to<br />
pay the ransomware fee to operate is bad enough. This however should ask you, in a researcher role, to<br />
wonder why they had to pay the attackers only to operate. There generally are so many issues with this<br />
avenue, it is hardly recommended.<br />
Resources<br />
Kobialka, D. (<strong>2019</strong>, August 29). Ransomware attack hits backup provider, US dental offices. Retrieved<br />
from https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/dental-offices-hit/<br />
Krebs, B. (<strong>2019</strong>, August 29). Ransomware bites dental data backup firm. Retrieved from<br />
https://krebsonsecurity.com/<strong>2019</strong>/08/ransomware-bites-dental-data-backup-firm/<br />
Kumar, M. (<strong>2019</strong>, May 1). Hackers found exploiting oracle WebLogic RCE flaw to spread ransomware.<br />
Retrieved from https://thehackernews.com/<strong>2019</strong>/05/ransomware-oracle-weblogic.html<br />
Percsoft Dental Technology Consulting. (<strong>2019</strong>). Facebook posts. Retrieved from<br />
https://www.facebook.om/pg/percsoft/posts<br />
Wei, W. (<strong>2019</strong>, August 30). Ransomware hits dental data backup service offering ransomware protection.<br />
Retrieved from https://thehackernews.com/<strong>2019</strong>/08/dds-safe-dental-ransomware-attack.html