Time to protect – BEC Series #3

Posted on by

A few weeks ago, we published the Business Email Compromise (BEC) Checklist. The question arose – what if you’re new to security, or your security program isn’t very mature?

Since the checklist is based on the NIST model, there’s a lot of information here to help your security program mature, as well as to help you mature as a security practitioner. MSI’s engineers have discussed a few ways to leverage the checklist as a growth mechanism.

Part 1 and Part 2 covered the first checkpoint in the list – Identify.

Continue reading

OSINT Yourself

Posted on by

If you’re unfamiliar with the term “OSINT” (open-source intelligence) it boils down to finding information that’s publicly and freely available about you, your company or anything else. How can this help you? OSINT covers a very broad array of sources and uses, and one way it can be used is to help verify your external network surfaces, and if user emails have been found in datadumps from compromised sites.

Continue reading

Healthcare information access concerns

Posted on by

“Healthcare…the only industry where employees are the predominant threat actors in breaches.” Straight out of Verizon’s 2017 Data Breach Investigations Report, p.22. No, no, no, you can’t lock out all your employees completely from the hospital network; The nurse needs to get to my medical profile to know what and how much of a drug dose to give me.

The healthcare industry has to balance between securing large amounts of private and sensitive data, yet allow quick access to it for doctors and nurses, emergency and healthcare personnel. 68% of threat actors within healthcare are from internal, and 64% of all incidents and breaches are financially motivated. And 80% of breaches are due to abuse of privileges, physical theft or loss and miscellaneous errors 1.

* The above image captured from Verizon’s 2017 Data Breach Investigations Report, p.22

Internal threat actors could be:

Continue reading

How do you “identify”…BEC #2

Posted on by

A few weeks ago, we published the Business Email Compromise (BEC) Checklist. The question arose – what if you’re new to security, or your security program isn’t very mature?

Since the checklist is based on the NIST model, there’s a lot of information here to help your security program mature, as well as to help you mature as a security practitioner. MSI’s engineers have discussed a few ways to leverage the checklist as a growth mechanism.

Continue reading

Bitcoin “Proof of Work”: 51% of Accountants Agree!

Posted on by

Bitcoin “Proof of Work”: 51% of Accountants Agree!

Source: Fox Photos/Getty Images

Those are the “accountants”, all working independently to validate bitcoin transactions.

I’ve read the original white-paper that is often cited as the foundation of the cryptocurrency, and particularly the “bitcoin“, phenomenon.

See: https://bitcoin.org/en/bitcoin-paper

The author is the mysterious “Satoshi Nakomoto“, who may be Japanese, or may be a collection of people, or may be (my take) some blockchain instance from the future that has developed self-awareness and has traveled back through time, using the identity of Satoshi to create itself.

Continue reading

How do you Identify? Business Email Compromise #1

Posted on by

Business Email Compromise

business email compromise

Recently, we posted the Business Email Compromise (BEC) checklist. We’ve gotten a lot of great feedback on the checklist…as well as a few questions. What if you’re new to security? What if your organization’s security program is newer, and still maturing? How can you leverage this list?

Since the checklist is based on the NIST model, there’s a lot of information here to help your security program mature, as well as to help you mature as a security practitioner. MSI’s engineers have discussed a few ways to leverage the checklist as a growth mechanism.

Continue reading

Inventory Control a Must for Effective System Security Maintenance & Config Control

Posted on by

Some security controls can’t reach maximum effectiveness unless other, related controls are also in place. This is the case with system security maintenance and configuration control. If you don’t tie these controls to well maintained and updated inventories of all network assets you are bound to see vulnerabilities cropping up on your systems.

Continue reading

The Magic of Hash

Posted on by

Hi, all –

Time for a bedtime story? A little light reading? Something to listen to on the treadmill?

Come listen to our CEO, Brent Huston, riff on blockchain, trust models, and ancillary bits.

The audio is HERE. And the accompanying slides are HERE.

Until next time, stay safe out there…take care of earth, it’s the only planet with chocolate!

If you would like to know more about MicroSolved or its services please send an e-mail to info@microsolved.com or visit microsolved.com.

Positive Train Control: Skating away on the thin ice of a new day?

Posted on by

Positive Train Control: Skating away on the thin ice of a new day?

From the movie “The Polar Express

That line: “Skating away on the thin ice of a new day” is from a Jethro Tull song by the same name. (Yes – I am that old 😉 ).

It came to me as I was reflecting on the reading I’ve been doing on the topic of Positive Train Control (PTC).

PTC is an idea rather than any specific technology or architecture.  Continue reading