Now on Patreon and Rumble — Exchange server attack

Added another rumble video and created a Patreon account so that you can support my work here better.

Latest Rumble video – is an opposite video due to the holiday.

https://rumble.com/vnm4w5-oct11-opposite-day-video-explain-to-me-why-i-should-cyberscurity.html

 

The purpose of this website is to help people with their cybersecurity  – either give information to solve issues, or highlight security problems so that you can focus on fixing these problems.

 

One problem has been the Chinese influence and attacks on our networks.

Do you know what you don’t know?

 

How can you mitigate risks?

Attack traffic statistic image:

Newer image from Norton website

So there are attacks coming from everywhere – But what are they?

Microsoft Exchange server attack can make your email server a tool of the hackers not just a communications machine for your company, as this article mentions there are some lessons for defenders that we need to get out of this attack.   Dark Reading article.from March 13, 2021.   What started as a possible espionage attack ended up affecting most exchange servers and now every administrator had to check if they were compromised.

 

 

 

 

We have to review the possible attacks on your systems – those are the “known attacks”

Then we have to prepare for “unknown” attacks.

What do we do for unknown unknown attacks – i.e. we can’t possible know about this attack.

One way to categorize this methodology is using risk management from NIST 800-171 old post (National Institute of Standards and Technology) :

This figure is what is in the government documentation NIST gov in an older document which I have discussed before, in a newer document 800-37rev2  it looks like this:

So what do we do in the case of the “unknown unknown”?   “versus the known unknown”?

The only thing you can do is to develop controls and create Disaster recovery and backup processes.

 

It really depends on your level of risk tolerance – whether it is important and how many resources you have to spend.

One of the unknowns is how much a nation-state attacker might go after your industry because the nation-state has a larger attack infrastructure and potential for mayhem.

Time is one of those things you cannot change – Time is inexorable, relentless or other words that mean cannot be changed and will go on day=to-day.

 

You have to prepare for the possible problem days with incidence response and developing  Security Policies which will help everyone understand the issues that stand before the company. Otherwise there will come a day when you will not have time to work on it.

 

Buying my book is one way to get started on your Cybersecurity defense!!!

I hope that you do not have to get hacked to get more serious about Cybersecurity!!  The idea is to be more serious before getting hacked and do just enough defensive moves to prevent the attack. And failing that be prepared as to what to do when it does happen.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.