QPC Security - Breakfast Bytes

How to avoid cybersecurity insurance fraud. If this happens to you, your claim will be denied and you will likely be uninsurable in the future including by other insurance providers.
You have to be working with an extremely operationally mature ITSP with ISOs on staff or you probably will not be able to navigate this complexity.
Great article showing a claims denial and then accompanying lawsuit for a perceived insurance fraud indicent.
https://www.insurancejournal.com/news/national/2022/07/12/675516.htm
 

Joining Felicia is Rui Lopes, Senior Technical Evangelist at WatchGuard Technologies. Rui was with Panda Security prior to the WatchGuard acquisition and has spent many years merging the technical with customer enablement at a level rarely seen. His efforts at WatchGuard are projects, partner support, and overall customer enablement of using the endpoint protection technology effectively.
When I listened to an interview with Fortinet's CISO regarding converged NOC/SOC, I had to reach to Rui to formalize several conversations we have had over the last 1+ years because we both have seen the need for this strategy for a very long time. 
At QPC, we have been doing converged NOC/SOC since around 2009.
Listen in to hear our breakdown about why this is such a critical strategy in today's threat landscape.
_________________________________________________________________

NDAA 2021 legislation is forcing a gaps closure in SPF, DKIM, and DMARC.
This stuff is really complicated. Get some seriously competent help. I don't think most ITSPs (IT service providers) have enough experience in managing this especially in light of the inclusions of marketing automation platforms on root domains.
You cannot be driving a hole with a 20 lb sledgehammer through your email ingress filtration policies in order to accommodate for incompetently configured sender framework on behalf of your senders.
It's time to push back on their incompetence. Get your VISO involved and get policies in place such as ones that IT will not be requested to put holes in security in order to accommodate senders with bad email systems. Instead, letters will go to bad senders to tell them to get their house in order.
You need to get your own house in order in order to make sure that your emails are deliverable. Cybersecurity insurance providers are assessing this information as part of your risk profile.
Salesforce Email Service Used for Phishing Campaign | eSecurityPlanet
For more information on this topic: Email Deliverability- The Titanic Problem Headed Your Way

Excellent and invigorating discussion on the gaps in EDR/EPP and what to do about them with Maxime Lamothe-Brassard, founder of LimaCharlie.io and Refraction Point.
LimaCharlie
avoiding tool proliferation
avoiding the jedi mind trick of EPP
identify gaps in a lot of EDR/EPPs
challenges with outsourced SOC
supply chain risk in toolset vendors
paradigms around security tools and training

Why the breach happened and what people could have done to prevent it.
What Kaseya could have done differently.
How to manage supply chain risk when your software vendor is not.
Smart vendors use the experts in their customer base.
People really need to have a major paradigm shift and look seriously at an RMM as being nearly the same as a nuclear launch code.
Kaseya VSA Limited Disclosure | DIVD CSIRT
 

Improper use of cloud and the problems caused by improper pre-planning and risk assessment of improper use of cloud.
Kim Nielsen, founder and President of Computer Technologies, Inc. cti-mi.com joins Felicia to discuss dangers and risk of improper use of cloud hosted technologies.
Business risk vs security risk, must have an exit plan. Dangers of subscriptions.
 
Huge databases don't belong in the cloud because it is not more secure.
https://www.infosecurity-magazine.com/news/over-60-million-americans

I have been thinking for months about the latest challenges faced by organizations with regards to the increased cybersecurity risks, what is at stake, how unprepared they are, and how the cyber insurance companies are responding to the changing landscape.
As I have had conversations with business decisions makers, they often think that they have little to risk. Many businesses feel that they are not under much if any regulatory framework that requires them to take action. It seems that each week I see another cybersecurity insurance risk assessment questionnaire that nearly every organization will fail. Compliance frameworks are incomplete and horrifically confusing.
There is no compliance framework that will get you the fundamentals. There is no security control framework that tells you how to have effective network layer security. The gap between guidance and successful execution is wide.
It occurs to me that the only real defense for small and medium businesses are organizations like QPC which have virtual information security officers and full remediation services on offer backed by ongoing management. There are plenty of penetration testers or those that will sell you MDR services. Execution of fundamentals is where it is at. There is little value in pursuing the frameworks until you have addressed the fundamentals. After you have the fundamentals in place, then review your status against frameworks and you will probably find that many items have already been addressed.
Regardless, I'm always on the hunt for helping the SMB organization leader. It occurs to me that no matter what data you think you have a risk or don't at risk, there is one thing you don't have which is at risk. Listen to the show to find out the real reason you cannot afford to have a cybersecurity incident.
Updated on 8/8/2021I saw this great article today on this topic and decided to include it.
The Disturbing Facts About Small Businesses That Get Hacked
I will warn that their documented risk mitigations measures are H.S.
 
And check out this excellent article on more reasons why you cannot afford to be hacked.
10 Terrifying Cybersecurity Stats | Cybersecurity | CompTIA

Topics:
facial recognition
Systems with Windows Defender compromised
11 recent security vulnerabilities highlight the necessity of viable network layer security strategy
https://www.msn.com/en-us/news/us/fbi-ice-find-state-driver-s-license-photos-are-a-gold-mine-for-facial-recognition-searches/ar-AADZk0d?li=BBnb7Kw
https://www.newstarget.com/2019-07-29-americans-already-in-fbi-facial-recognition-database.html
https://www.forbes.com/sites/daveywinder/2019/07/31/windows-10-warning-250m-account-takeover-trojan-disables-windows-defender/#325add6f6fef
Why network layer security and microsegmentation is critical
Also why to use a good quality security appliance
https://armis.com/urgent11/#foobox-4/0/bG6VDK_0RzU
URGENT11 - Takeover of a Xerox Printer
Originally aired: 8/2/2019

Real world examples of small business security compliance problems
Originally aired 5/1/2020

Evaluate your purchases to see if they have UPnP and understand why you should not buy devices that use UPnP technology
Update on the Capital one data breach
Adverse business impact and higher fees associated with subscription based software licensing versus perpetual
Originally aired: 7/3/2020

How easy is it to not get hacked?
Originally aired 9/4/2020

Location services issues and how it relates to personal physical security
Originally aired 1/3/2020

Email security and cyber risk insurance
Originally aired 10/11/2019

The dark side of smart cities
A clothing line designed to distract the panopticon
Geofencing warrants
Horror stories of hospital IN-security
Originally aired 9/6/2019

Why many IT business decision makers make mistakes
Over 25 years, bar none, the business decision makers that have regular meetings with us are vastly better decision makers. This directly leads to them saving money by not wasting money.
Why bidding out IT jobs often fails

Sim jacking
More AWS data breaches affect hundreds of thousands of people
Hacking using smart light bulbs
IoT bricker
MFA options
https://simjacker.com/
https://www.sciencedaily.com/releases/2019/10/191023075139.htm
Originally aired 11/1/2019

Vehicles and privacy issues
Originally aired 2/1/2020

Wireless security, wireless TCO, 3-2-1 backup strategy, MFA and IP access control strategies
Originally aired 3/6/2020

I read an article authored by two IT people where the article provided what I felt was a bunch of misinformation about what to do in the event of a cyberattack.
I'm not disclosing here who the authors were or providing a link. Instead I thought the best approach was to provide direct actionable intel on what to do in the event of a cyberattack that counteracts the misinformation in the article.

What did you do about the PrintNightmare vulnerability? I describe what we did at QPC Security and for our clients. I also discuss how business owners and executive management can use IT steering committees to make sure that information technology decisions are being made properly and their risks are being mitigated. I often see poor, uninformed decisions being made that lead to massive adverse business financial impact that were completely avoidable by simply using a decision process that is not flawed.
Listen in to learn more about using good decision-making practices that will protect you from financial ruin.
We regularly save clients hundreds of thousands of dollars by simply having ongoing meetings and preventing missteps.
Gone are the days that executive management can delegate and abdicate. You must be involved, and you must get external advice.
 
Only large enterprise can afford to have industry connection subscriptions such as IANS. This resource is completely inaccessible to SMB. The cost of the annual subscription to something like that is typically in excess of $40,000 per year, but you would then have to employ an extremely skilled internal information security officer to even be able to make use of any of the value of the subscription. This is why those resources are financial unobtanium for SMB. It is critical that SMB have relationships with managed security services providers who have a certified virtual information security officer to manage your account.
Think You Could Have Prevented The Impact Of The PrintNightmare Attack? – Think Again | QPC Security