ATG Hosts August Cybersecurity Meetup
In our second monthly Cybersecurity Meetup, ATG met with team members from CloudOak to talk about incident response planning and business continuity. Check out the full recording below.
What would you do if your business was breached by a cybercriminal?
Do you have a plan in place? Would you know what needs to be done to limit damage and protect your assets? Would you know what needs to be done quickly and what can wait until later?
It’s critical for you to have a plan in place if the worst should occur. This is all a part of incident response planning, which is exactly what we discussed in our latest Cybersecurity Meetup.
ATG President and CEO Luis Alvarez, Chief Security Officer Jeff Dicks, and Chief Technology Advisor Elliott Frutkin got together for a 30-minute panel discussion and Q&A period for attendees, along with special guests from CloudOak — CEO and Founder Petrus Human, and Partner Sales Manager Mike O’Brien:
What Did We Cover In Our August Cybersecurity Meetup?
Microsoft Issues New Alert About New Phishing Campaign
Did you know that 43% of phishing attempts try to impersonate Microsoft? It makes sense, given how popular their products are.
This month, Microsoft warned users about a particularly sneaky phishing campaign, which went to great lengths to bypass standard defenses. These spoofed emails use an Office 365 phishing page, Google cloud web app hosting, and a compromised SharePoint site in order to trick users into giving up their security credentials.
Phishing attacks like these continue to be a prevalent form of cybercrime. At the start of this year, Google had registered 2,145,013 phishing sites, a drastic increase from 1,690,000 the year before. Furthermore, the average phishing attack costs businesses $1.6 million. The problem with the rising tide of cybercrime incidents is that you get desensitized to the whole thing.
Unfortunately, the fact is that businesses aren’t learning to protect themselves, which is why the number of reported phishing attacks has gone up by 65% in the past few years, and by 47% in the first quarter of 2021 alone.
It’s important to remember that, given the rate at which these types of attacks occur, it’s likely that at some point one will slip past your defenses. Cybersecurity isn’t just a matter of defense — it’s about how you respond as well.
Incident Response Planning
An incident response plan provides the plans, procedures, and guidelines for the handling of data breach events at our office(s), or via any of our servers or mobile devices. The plan encompasses procedures on incident response engagement and how the incident response team will communicate with the rest of the organization, with other organizations, with law enforcement, and provides guidance on federal and local reporting notification processes.
This plan is necessary to clarify the roles and responsibilities of your employees so you can quickly mitigate risks, reduce the organization’s attack surface, contain and remediate an attack, and minimize overall potential losses.
In order to support our clients’ incident response planning efforts, we use CloudOak’s flagship SaaS solution, Plan4Continuity. This solution automates a range of business continuity tasks, helping businesses to quickly respond to any type of cybercrime, downtime or outage incident.
As Luis notes in the webinar, incident response planning is not a new thing. For years, he and the ATG team have been helping clients develop and follow plans to keep their business running in the wake of a security incident. However, those plans have always been stored and referenced in hardcopy.
What Plan4Continuity does is take your analog incident response plan and makes it digital. Each and every process can be stored digitally in this platform, ensuring you and your team have easy access to it. Every digital process included in your plan can be automated by the system, cutting down on the time it takes to execute the plan.
“Having a platform like Plan4Continuity lets us create these plans in a place that everyone can get to,” says Luis. “It’s in a hosted environment where everyone can get to it.”
Don’t Miss Our September Cybersecurity Meetup
Remember: effective cybersecurity is, in large part, about what you know. It’s very important for you to stay up to date on the latest developments in the cybercrime field, and the newest defenses developed to keep you safe.
That’s what our monthly Cybersecurity Meetups are all about — we hope to see you at the next one! If you have any questions about cybersecurity best practices, don’t hesitate to get in touch with the ATG team.