SIDECHAIN INSIGHTS
Summer is in full swing and we hope everyone is enjoying their summer vacations and had a great 4th of July! July 25th marked System Administrator Day which offered the perfect moment to highlight the essential role that admins play in maintaining secure ecosystems. How did you celebrate your System Administrator?
QUICK TAKE
- July is observed as Ransomware Awareness Month and the July 4th holiday is a perfect example of doubling down and being extra vigilant. Experts advise caution during this time, partly due to reduced staffing levels which hackers might seek to exploit.
- July was a busy month for leading global cybersecurity events. There was the International Conference on Cyber Security (ICCS) in New York (July 14-16) which focused on spotlighting emerging threats and best practices while the EDGE25 Security Summit (July 10-12) tackled executive-level strategies for defending critical infrastructure. Mid-month on July 24th, the GovForward ATO & Cloud Security Summit in DC strategized on evolving the FedRAMP landscape. We’d love to hear from anyone who attended any or all of these conferences and compare notes!
QUIZ
This is our hardest quiz to date – can you pass it and win! The first five people to send their correct answers to us here, will receive Sidechain swag!
1. Which of the following best describes a “pass-the-hash” attack?
- An attacker installs a keylogger to capture plaintext passwords.
- A brute-force attack targeting user credentials stored in the cloud.
- An attacker uses captured hashed credentials to authenticate without decrypting them.
- An attempt to bypass multi-factor authentication via token injection.
2. What is the PRIMARY risk of allowing unrestricted outbound traffic from a corporate network?
- Slower internet speeds for employees
- Increased vulnerability to social engineering
- Inability to monitor employee browsing
- Exfiltration of sensitive data by malware or threat actors
3. Which of the following is NOT a recommended defense against ransomware?
- Regular backups and offline storage
- Least-privilege access control
- Disabling antivirus software to avoid false positives
- Endpoint detection and response (EDR) tools
4. A zero-day vulnerability is best defined as:
- A flaw in software that has a publicly available patch
- A known vulnerability that remains unpatched for over 30 days
- A vulnerability discovered and exploited before the vendor is aware of it
- An outdated certificate used in SSL/TLS encryption
5. In the context of email security, which protocol ensures integrity and authentication of sent messages?
- SPF
- DKIM
- DMARC
- TLS
Keep scrolling to see if you got it right!
INDUSTRY TRENDS & NEWS
- Does your organization use SharePoint? Many of us do and on July 19, a sweeping cyber espionage operation targeting Microsoft server software compromised about 100 organizations. The attacks were aimed at self-hosted SharePoint servers and although as yet unnamed, several government organizations in the US were victims. Read more here
- Can security culture be taught? According to Amazon’s CISCO Amy Herzog, it’s not just about having frameworks and executive structures, the right philosophy throughout the organization is key. Security culture has also been a focus in the aftermath of last year’s scathing Cyber Safety Review Board (CSRB) report on Microsoft, which stemmed from an investigation into a high-profile breach of the software giant at the hands of the Chinese nation-state threat group Storm-0558. The CSRB found “Microsoft’s security culture was inadequate and requires an overhaul,” according to the April 2024 report. Read about security culture and how its starts at the top at Amazon.
SIDECHAIN PROTECT
Have you been following our latest blog post series on the website? In this latest series we explore different perspectives from the Business Owner to the IT Manager, real life examples and what an SMB can do TODAY to protect themselves, without overwhelming your operations or your budget.
From Vendor to Vulnerability: How Third-Party Risk Could Impact Your Business – have you considered the vendors, platforms, and service providers you connect to?
Does your company have cyber insurance? Here’s a quick take on it!
DID YOU KNOW?
The answers to the quiz are:
- 3
- 4
- 3
- 3
- 2
Remember the first 5 correct responses will win Sidechain swag!
And now for some facts…
- Education Sector Vulnerability: The education and research industry faces the highest number of attacks (3,341 per week).
- Email as a Delivery Method: 92% of malware attacks are delivered via email.
- Ransomware: The manufacturing sector leads in ransomware attacks, comprising 29% of incidents.
- Time to Identify Breaches: The average time to identify a breach is 194 days.
