Respected security researcher Dan Wallach from Rice University has published a short (18 page) guide to securing small organizations against three kinds of cyberattack: Untargeted, remote (spammers, phishers, ransomware griefers, etc.); Targeted, remote (spear phishers); and Targeted, in person (immigration agents, police, criminal trespass).
It’s an essential guide for an increasingly overmatched nonprofit and small business sector who have to contend with adversaries who can avail themselves of sophisticated attack tools, even when they, themselves are not particularly sophisticated.
If there’s one thing we learned from the leaks of the DNC emails during the 2016 presidential campaign it’s this: cyber-security matters. Whether or not you believe that the release of private campaign emails cost Clinton the election, they certainly influenced the process to the extent that any political campaign, any small non-profit, and any advocacy group has to now consider the possible impacts of cyber-attacks against their organizations. These could involve espionage (i.e., internal secrets being leaked) or sabotage (i.e., internal data being corrupted or destroyed). And your adversaries might be criminal hackers or foreign nation-state governments.
If you were a large multinational corporation, you’d have a dedicated team of security specialists to manage your organization. Unfortunately, you’re not and you can’t afford such a team. To help you, this document summarizes low-cost tactics you can take to reduce your vulnerabilities using simple techniques like two-factor authentication, so a stolen password isn’t enough for an attacker to log into your account. This document also recommends particular software and hardware configurations that move your organization “into the cloud” where providers like Google or Microsoft have security professionals who do much of the hard work on your behalf.
HOWTO: Protect your small organization against electronic adversaries [Dan Wallach/Rice University]
The global epidemic of Wannacry ransomware infections was the result of petty criminals fusing an old ransomware strain with a leaked NSA cyberweapon that was released by The Shadow Brokers, and the result was tens of millions of dollars’ worth of economic harm.
An anonymous security researcher has shown Motherboard evidence that they warned Equifax in December 2016, six months before its catastrophic breach, disclosing numerous elementary deficiencies in Equifax security that left all of its data vulnerable to being stolen.
An audit of Inmarsat’s AmosConnect 8 (originally sold by Stratos Global, now an Inmarsat division) reveals that the ship-to-satellite internet product has a deliberate hidden backdoor — and an accidental SQL code-injection vulnerability — that allows anyone in the world to take over all, interrupt, and/or spy on the internet access on many of the […]
‘Six Sigma’ is a set of methods first developed for internal use at Motorola to ensure quality results in manufactured products. By performing detailed analysis of every step of their company’s operation, managers can use the process to determine what could use some improvement.
Grabbing color samples from a screen is easy enough — all you need is a screenshot and digital color meter. But colors out in the world don’t always translate perfectly in photos. That’s why we are now offering the Nix Mini Color Sensor in the Boing Boing Store. The Nix is a handheld spheroid that […]