Are we being too complacent in our feeling of “nothing will happen to us” with regard to Cybersecurity?
2 stories tie this theme together:
Phishing awareness training wears off after a few months
Apparently retraining is required after 6 months.
Ransomware and Observations from Recent IR investigations
Businesses are still getting ransomware, not how it used to be with thousands of automated attacks and attempts. Today the ransomware attacks are targeted and focused on a specific company or person.
Does it seem like we are having paradoxes? I.e. We are getting attacked and yet we do not do anything, or it gets done after the fact. It might be too late after the attack. It depends on our perceptions, and apparently we do not think it is important enough before we get attacked (successfully)
We are always looking at the latest shiny object, instead of fixing the basics – i.e. the patching of computers on a regular basis.
On patch Tuesday there are new patches from Microsoft and others coming (2nd Tuesday of month) we discussed it just last week: https://oversitesentry.com/time-to-evaluate-microsoft-patch-tuesday/
Contact us to discuss your risk management profile.