December Risk Roundup: Flashy, performative security measures are worthless without the basics
In general, cyber hygiene and cybersecurity can be difficult. The practices required can be time-consuming, rarely generate a profit, and face pushback from users and management alike. This leads to investment and attention in flashy security tools like artificial intelligence (AI) and machine learning (ML). However, those fancy tools are still going to fail if basics like risk-based control selection and best practices like multi-factor authentication (MFA) are not in place.
1. TSA says yes to cannolis, no to cannoli filling
Performative security is often the easiest thing to do, especially if it generates metrics that justify security budgets. But just doing busy work in security, whether it’s physical or digital, is objectively absurd. There is no difference between delicious cheese filling in a bag (a no-no for flying) and delicious cheese filling in a pastry (okay to fly). Also, leave the gun, take the cannoli.
2. GoDaddy confirms data breach affecting 1.2 million customers
More confirmed details are needed on this breach, but it appears now that basic cyber hygiene measures like MFA and proper password management were not in place. Although not as flashy as an audit report or security whitepaper describing novel data security measures, basics must always be in place for an effective security program.
3. Who secures low-code/no-code platforms?
No-code app development takes a problem started by cloud computing and exacerbates it to an almost untenable extreme. If anybody can code with no skills required, that’s a win for productivity, but even seasoned developers make security blunders. Just like insecure cloud environments can be spun up by just about anybody, insecure apps being shipped by non-developers with zero thought for security is unlikely to end well.
4. Hackers breach Exchange email servers (again)
Email is one of the easiest ways to manipulate people and organizations, and an email that comes from a legitimate coworker is the perfect way for an attacker to trick someone. The exploitation of Exchange and Excel vulnerabilities highlights the need to be vigilant about patch management and baseline security configurations like disabling/restricting MS Office macros.
5. Ikea investigations e-mail cyber attack
Déjà vu — an unpatched Exchange vulnerability leads to an email compromise leads to a security incident. Fancy tools deployed to monitor network activity, AI-based email security tools, and the like can be easily fooled if a legitimate account is compromised. Once again, the basics of patch management might have benefited the organization — and we all suffer when those cinnamon buns and Swedish meatballs are at stake.
If you enjoyed this post, be sure to check our blog; the Risk Roundup runs Wednesdays in addition to more enlightening content we post related to the ever-evolving landscape of digital risk. Follow us on Twitter (@SolveCyberRisk), LinkedIn (Coalition Inc), and Youtube. If you have any suggestions for content that we should be adding to our reading list, let us know!
Related blog posts
Palo Alto Networks: Patch Available for PAN-OS Zero-day
A patch is now available for a command injection zero-day vulnerability impacting Palo Alto Networks PAN-OS. Learn what actions you need to take.
LockBit Ransomware Used in Exploitation of ConnectWise ScreenConnect
Coalition Incident Response has discovered a link between the LockBit ransomware gang and the ConnectWise ScreenConnect vulnerabilities.
MFA Bypass Attacks: Weak MFA Implementation Welcomes Intrusion
Threat actors are increasingly targeting multi-factor authentication (MFA). Learn the most effective types of MFA and how to avoid MFA bypass attacks.
