With 2016 coming to a close, The State of Security wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between eating holiday treats and celebrating the New Year.
In June, David Bisson wrote up an article around a keynote presentation delivered by Rob Joyce at USENIX Enigma 2016. In his presentation entitled “Disrupting Nation State Hackers,” Joyce breaks down a network intrusion by nation-state hackers into six key phases. He also provides tips on how defenders can prevent an attacker from transitioning from one phase to another. To read more about Rob’s fantastic presentation, click here.
Thanks to FERC’s Order 822, NERC CIPv6 was approved earlier this year. This blog by Tim Erlin gives an overview of those changes in CIPv6, discussing the seven newly approved standards. If you missed the announcement or want to learn more, you can read the blog again here.
Phishing attacks continue to evolve. As the security community continues to educate end-users around ways they can protect themselves, attackers are plotting the evolution of their campaigns. With that in mind, David Bisson has provided you with 6 common attacks and some solid advice on how to defend against falling victim hook, line, and sinker! Even if you think you’ve got phishing covered, it’s still worth sharing this blog with someone less familiar with those attacks.
In a world where we must assume our enterprises have already been breached, monitoring the perimeter is too little, too late. That’s where this blog from Keren Cummins, Director of Federal Sales at Tripwire, comes in. In this interesting article, Karen gives you 5 valuable tips on techniques you can use to monitor change within your business. To learn more about how you can detect suspicious change, click here.
It’s safe to say that the evolution of ransomware has been one of the biggest stories of 2016. With news almost every day on new strains, effected organizations, and huge ransom demands, it’s important the security community works together to defeat the lawbreakers. This blog from Matthew Pascucci dives deep in to how multiple layers of protection are needed to prevent ransomware from abusing organizations' networks. If you are interested in learning more about those layers and want some further reading, click here.
Cybersecurity is an important issue for all industries. But what is the state of affairs for Industrial Control Systems (ICS), and why should we care? 2016 saw a rise in attacks on critical infrastructure, and this insightful blog from Kathy Trahan, Senior Product Marketing Manager at Tripwire, discusses the security posture for ICS-based organizations, the need for OT and IT to unite, and how organizations can prepare themselves for attacks. Read the full post here.
Unfortunately, we will remember 2016 for the rise of Mirai-based botnets. This blog from Paul Ferrillo was written in February 2016, but it still covers some key elements that relate to the huge attack against Dyn in October. Paul uses his experience and expert knowledge to offer advice on how to prepare and defend yourself against a DDoS attack. If you’re looking to stay ahead of the attackers, I suggest you read this article.
With 26% of all websites using Wordpress, this blog by Mohit Rawat highlights some key plugins you can use to help protect your website from criminals looking to exploit your site's vulnerabilities. If you’re using Wordpress or know someone that is, have a read and share add any comments at the end to help educate all the other readers of this blog.
With more and more of us dependent on social media to communicate with others and grow our networks, it’s important to understand that not everyone our there is as friendly as you! David Bisson has researched common scams on Linkedin and offered some solid tips to ensure you don’t become the next victim of a fake job offering or a “whaling” ploy. To learn more about common LinkedIn scams, click here.
Finally, coming in at number 1 is a fantastic article from David Balaban. David is heavily involved in the fight against ransomware. In this post from January 24, he shares 22 key tips to help prevent users and businesses from getting infected with ransomware. Take a look at the list and make sure you’re doing everything you can to stay secure!
Conclusion
As most of you know, we publish a lot of content at The State of Security, so if you think we have missed any important stories, please let us know in the comments below!
