Up Times · February 2022

Up Times

by Bryley · April 2024

Five Aces

Depending on the humor of your opponents, this might be a problematic hand.

We all mess up, it’s what you do next that counts, Robert Vaughan’s character Albert Stroller says (approximately) in the BBC’s Hustle.

Bryley advocates 15-character-minimum passwords, but no matter how strong your employees’ passwords are, or even how careful they’ve been with them, if the credentials are stolen, the apps and services your organization relies on won’t be able to tell who’s doing the accessing – your employee or a criminal who’s input the login info. Credentials are notoriously easy to come by (24 billion credential pairs [user name and password] are for sale on the dark web).

Once an employee’s credential pair is fraudulently used in your network your choices are limited to damage control. But maybe for your organization it’s not that bad yet. Things are getting tougher for businesses: we continue to see the same kinds of attacks we saw in the ’80s (ransomware is that old), and we also see new attacks that are ferreting out and exploiting insecure code and better at fooling us.

That’s the way it is. It’s how we respond to this challenge that’s on us. Today you have an opportunity to take action to help prevent this kind of account takeover from happening; Multifactor Authentication, see below, is a powerful defense against the threat of compromised credentials.

To put it another way, as Miles Davis taught Herbie Hancock, depending on the way you react to the situation before you, you can turn poison into medicine.

Titanic, Ballard exhibit, Mystic, Conn

Doublecheck Those Figures

The threat posed by overconfidence

–Jeetu Patel, Cisco

Economist Daniel Kahneman’s life’s work (he died last month at 90) was to point out how irrationally we behave, including telling the Guardian that if he had a magic wand, he’d most like to correct our overconfidence.

The Titanic’s sinking may have been due to overconfidence. Investors’ ideas on moves they should make in the stock market wind up costing them 4%. And now we have the Cisco 2024 Cybersecurity Readiness Index Report. This is a double-blind survey of over 8,000 business and cybersecurity leaders. The findings show the greatest cybersecurity weakness is a disconnect between overconfidence that their business will be able to avoid a disrupting attack and their analyzed readiness for avoiding disruption. To be exact: 73% of business leaders anticipate an attack in the next two years, but a surprising 3% were shown to be prepared for such an attack … [6 min. read] Continue Reading >

Safe deposit boxes in a bank vault

MFA Still Tops

In SonicWall’s 2024 Threat Report the Number One Attack-Deterrent Is MFA

Complex, Locked Vaults and Double Keys

How would you feel about giving your valuable documents to a bank that only had a single lock on the bank’s outside doors? One lock might put off a less-determined intruder, but I’d expect it would be pretty easy for a burglar to figure a way past just one lock. So how would you expect a bank to responsibly treat your valuables? Not only would those outer doors have locks, there should also be a built-in cement and steel vault secured to the building’s structure to withstand destructive weather, fire and thieves, the vault’s lock should be complex to resist cracking, within the vault should be locked steel boxes that usually require two keys (one that you hold and one that the bank holds and authorizes its use after you prove your identity).

What is the relative value of what people keep so securely at a bank compared with the data an organization is trusted to protect? [6 min. read] Continue Reading >

Bryley-curated stories from around the internet:

four-leaf clover… either the best or worst thing ever to happen to humanity, so there’s huge value in getting it right — Those were the words about AI from Stephen Hawking at the October 19, 2016 opening of the Leverhulme Centre for the Future of Intelligence at Cambridge.

In cybersecurity we are seeing the best and worst impulses warring through AI – improvements in spoofing/deep-fakery to fool us to do something we’ll regret and tools like XDR (Extended Detection and Response) that learn from a business and its team members what are normal and suspicious actions.

Dr Hawking was to die just a couple years after this brief speech. And his last phrase seems to me to echo Bob Dylan’s 1965 attempt to condense what he was trying to say in his lyrics, good luck. I hope you make it … [7 min. read] cam.ac.uk

Robot and flyswatterAntivirus and Endpoint Detection and Response (EDR) — EDR tools collect activity data … they can conduct automated responses based on rules created by the security team. Depending on the rules defined and the threats discovered, EDR products can take [actions to] mitigate an ongoing security attack or notify security teams if the attack … requires human intervention. EDR software can also help catch insider threats using behavioral analysis of processes and actions on endpoints.

Antivirus software is designed to scan for known malware and stop or quarantine suspicious files from executing. Here’s a look at how both approaches can work together to help stop criminal activity on a network … [7 min. read] techtarget.com

Waiting on the world of AINice work if you can get it — These discoveries made early AI pioneers feel as if they were unlocking the fundamental mysteries of the mind, and for a while it seemed as if true machine intelligence might be just around the corner. Unfortunately, this heady early enthusiasm for this work was soon to hit a brick wall.

The origins of AI were full of hope, but few of those pioneers of the late ’50s – like Stephen Kleene, Warren McCulloch and Walter Pitts (the latter two at MIT) – would live to see the promise fulfilled. It wasn’t until we started giving the internet our thoughts that there was enough of a dataset to create useful algorithms to power today’s AI … [7 min. read] whyisthisinteresting.substack.com

Setting up a routerChanging home router default settingsThe FBI has been fighting a Chinese-state-sponsored attack of US home and home-office routers. Among the recommendations from the US government to router manufacturers is to harden the set-up defaults.

Many people buy and set-up their routers at home or at their home offices and just use the built-in default settings like username: admin and password: admin. Naturally the nation-state actors know the defaults, too. And so here’s how to change the router defaults along with some equally valuable advice about how to update a device’s firmware for better security … [5 min read] makeuseof.com

Smiling gatorData show criminal activity is shifting — Yes, the old methods persist, but one prevalent attack method is coming to light now. Per Bryley partner Huntress’ CEO Chris Bisnett criminals are, tricking folks into installing stuff by saying ‘hey there’s a problem with your computer, we need to install this thing so that we can fix it.’

Sixty-five percent of wrongful actions observed by Huntress in Q3 2023 involved the criminal use of legitimate remote management software. This misuse of legitimate software calls for defensive approaches that include AI that gets trained on what constitutes appropriate network behavior … [5 min. watch] youtube.com

Note: The section directly above is Bryley’s curated list of external stories. Bryley does not take credit for the content of these stories, nor does it endorse or imply an affiliation with the authors or publications in which they appear.

Monthly Help for Your Business’ Continuity

Up Times by Bryley arrives monthly in your email box. It’s a New England-based resource, in continuous publication since 2000.

Subscribe free, below. Unsubscribe any time via the link at the bottom of each newsletter.

And be assured: in more than twenty years, Bryley’s subscriber list has not been shared with any third-party and will not be in the future. Bryley’s Privacy Policy can be found here.

Sign up for Up Times to have tech news and tips delivered monthly via email