Understanding CIS Control 5

 

This week, we’re focusing on Critical Control 5: Controlled Use of Administrative Privileges. More specifically:

This entry was posted in CIS Controls on October 31, 2016 by Kimberly K

4 Mobile Security Tips to Keep Your Organization Safe

Week 4 of National Cyber Security Awareness Month focuses on our continuously connected lives in a rapidly developing digital world. Mobile security plays a big role in staying safe as more organizations than ever rely on cell phones, tablets, and laptops for business. Does your cybersecurity strategy keep mobile in mind? Here are four mobile security tips to help your organization stay secure in a connected and moving business environment.

This entry was posted in mobile device, national cyber security awareness month, mobile security on October 26, 2016 by Shannon McClain

Understanding CIS Control 4

 

To celebrate National Cyber Security Awareness Month, CIS is kicking off each week in October with a deep dive into one of the top 5 CIS Controls.

Understanding CIS Control 4

This week, we’re focusing on Critical Control 4: Continuous Vulnerability Assessment and Remediation. More specifically:

Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.” 

This entry was posted in CIS Controls on October 24, 2016 by Kimberly K

Evolving Tactics of Tech Support Scams

Written by: Emily Cranston, Senior Cyber Intelligence Analyst & Curt Beall, MS-ISAC Intel Unit Intern 

Tech support scams have been around for years: you answer the phone and the person on the other end claims to be working with a well-known tech company. They try to convince you that your computer is sending out error messages, attacking another computer, or infected with viruses. Malicious actors use this scam to cold-call victims, gain access to victims’ computers, install malware, steal information, or receive payment for fraudulent services. 

on October 18, 2016 by MS-ISAC

Understanding CIS Control 3

 

Understanding CIS Control 3

This week, we’re focusing on Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. More specifically: 

This entry was posted in CIS Controls on October 17, 2016 by Kimberly K

Understanding CIS Control 2

To celebrate National Cyber Security Awareness Month, CIS is kicking off week two with a deep dive into CIS Control 2.

This entry was posted in CIS Controls on October 10, 2016 by Kimberly K

Ransomware: In the Healthcare Sector

Ransomware

It is hard to ignore the recent increase in reporting of hospitals victimized by ransomware. Ransomware has become such an issue that the MS-ISAC, along with our partners at the National Health Information Sharing and Analysis Center (NH-ISAC) and Financial Services Information Sharing and Analysis Center (FS-ISAC), teamed up to host trainings around the country on how to defend against it.

This entry was posted in ransomware on October 10, 2016 by MS-ISAC

Insider Threats: In the Healthcare Sector

Insider Threat

Organizations are often too preoccupied with defending the integrity of their company and network from external threats to address the very real and dangerous risk that may lie within their own organization - insiders. The insider poses a threat because the legitimate access they have or had to proprietary systems discounts them from facing traditional cybersecurity defenses, such as intrusion detection devices or physical security.

This entry was posted in Insider Threat on October 10, 2016 by MS-ISAC

Business Email Compromise: In the Healthcare Sector

Business Email Compromise / Fraud Scams

Referred to as the “Billion Dollar Scam” by the Federal Bureau of Investigation (FBI), Business Email Compromise (BEC) scammers use a spoofed email or compromised account to trick employees into initiating a money transfer to an alternate (fraudulent) account. The scammers almost always pretend to be a person of power within the organization, such as the CEO or CFO.

This entry was posted in email compromise on October 10, 2016 by MS-ISAC

DDos Attacks: In the Healthcare Sector

DDoS Attacks

Distributed denial of service (DDoS) attacks are a popular tactic, technique, and procedure (TTP) used by hacktivists and cybercriminals to overwhelm a network to the point of inoperability. This can pose a serious problem for healthcare providers who need access to the network to provide proper patient care or need access to the Internet to send and receive emails, prescriptions, records, and information.

This entry was posted in DDos Attacks on October 10, 2016 by MS-ISAC

Data breaches: In the Healthcare Sector

Data breaches

It seems that every day another hospital is in the news as the victim of a data breach. The routine is familiar - individuals receive notification by (e)mail of the breach, paired reassuringly with two free years of credit and identity monitoring. (One might wonder - Is there even anyone left who isn’t being monitored?) According to the Ponemon Institute and Verizon Data Breach Investigations Report, the health industry experiences more data breaches than any other sector.[i] There may be some potential for bias in this claim, due to the well-defined, legally mandated reporting requirements of the Health Insurance Portability and Accountability Act (HIPPA), which makes it more likely healthcare breaches will be reported compared to breaches in other sectors. 

This entry was posted in data breach on October 10, 2016 by MS-ISAC

October: National Cyber Security Awareness Month

Every year since 2003 October has been recognized as National Cyber Security Awareness Month (NCSAM). This effort was brought to life through a collaboration between the U.S. Department of Homeland Security and the National Cyber Security Alliance. NCSAM was created to ensure that every individual stays safe and secure online.

This entry was posted in national cyber security awareness month on October 07, 2016 by Kimberly K

Understanding CIS Control 1

 

To celebrate National Cyber Security Awareness Month, CIS will kick-off each week in October with a deep dive into one of the top 5 CIS Controls.

This entry was posted in CIS Controls on October 03, 2016 by Kimberly K