The Dispatch highlights cybersecurity news you can use. I share what I think is informative, relevant, interesting, and actionable. Look for //My take: for context and actionable information.
Red Teamer shares how to make their life harder.
TrustedSec published an excellent article of 4 things you should do to make an attackers life more difficult.
- Disable Macros
- Disable commonly used executable extensions
- Prevent local admins from accessing computer across a network
- Protecting LSASS
//My Take: This article is golden. These are practical and effective hardening tips that will not disrupt production. I second his recommendation to deploy LAPS, a free Microsoft tool, to secure local admin accounts. It’s a standard recommendation for my clients. Also don’t overlook the references to secure baselines. This is a big maturity step for many organizations but it is a strong investment of effort with excellent returns.
FireEye Transparency Kudos
//My Take: The takeaway here is their exceptional transparency in disclosure. Too often decision makers are fearful of disclosing a breach even when it will affect others. Breaches are no longer novel news, have a strong response and you start to rebuild trust on Day 1. As Dmitri said
I’ve always believed that what differentiates a devastating breach from a minor headache is the quality of response (not just IR itself but comms, etc).
PS: Don’t let your lawyers draft your press release. Sure they need to approve/edit/amend but don’t let them write it. Hiring Crisis Communications professionals are key to your IR comms.
HIPAA Proposed Rule Changes
//My Take: HHS lookening to shorten patient data access request timeframe from 30d to 15d. Prohibiting unreasonable identity verification measures. and more… Table of Contents (ToC) is clickable and the summary of provisions starts on p.7
Fun, Nifty, Cool
PointerPointer – A silly site that loads an image pointing at your your mouse location.