In this, the final post in my series on considerations for managing your security with cloud services, we will be looking at Infrastructure as a Service (IaaS). If you haven’t yet read the previous blog entries about SaaS and PaaS, it’s worth going back to read these first, as much of the thinking associated with these services is also true for IaaS.
The nights are drawing in and the world outside has been painted with autumnal colours once again. The year is ending and, as such, it is a time for reflection before the inevitable glance towards the white light of the future breaking upon the horizon. Flowery prose aside, we've just had our latest Quarterly Business Update (QBU). We’ve had a pretty good year. We’ve grown, innovated, added to our services and taken on more clients than ever.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Well what an amazing choice this week, it has been hard to choose. But this first one, one that appear just before I started writing this blog entry has to make it as the top story. It is so bizarre and a real first!
Wood Ranch Medical has announced it will be permanently closing its doors as a direct result of a ransomware attack. The devastating attack occurred at Wood Ranch Medical in Simi Valley, CA, which recently announced that the practice will permanently close on December 17, 2019. It is another example of how cyber attacks and specifically Ransomware can bring a business to its knees.
The ransomware attack encrypted the computer systems at Brookside ENT and Hearing Center in Battle Creek which housed patient records, appointment schedules, and payment information rendering the data inaccessible. A ransomware attack can prove costly to resolve. That cost was not deemed worth it by one Michigan practice, which has now permanently closed its doors.
So what is Ransomware? Ransomware is a type of malicious program/application that gains access to your files or systems and blocks user access to those files or systems. Then, all files, or even entire devices, are held hostage using encryption until the victim pays a ransom in exchange for a decryption key. The key allows the user to access the files or systems encrypted by the program.
The principle of least privilege (POLP), an important concept of computer security, is the practice of limiting access rights for users, accounts and computing processes to only those needed to do the job at hand. Privilege refers to the authorization to bypass certain security restraints. When applied to people, minimal privilege, means enforcing the minimal level of user rights that still allow the user to perform their job function.
A computer worm is a type of malicious software that self-replicates, infecting other computers while remaining active on infected systems. Worms can often go unnoticed until their uncontrolled replication process consumes system resources, halting or slowing the infected computer. Along with computing resources, networks can become congested by traffic associated with worm propagation.
Cybersecurity incidents and data breaches have become a normal part of the news cycle. It feels like every day you hear about a big corporation or organization suffering an attack that has put customer or user data in jeopardy. Sometimes this is because a security strategy was lacking; sometimes, the criminal’s attack was simply too powerful. Regardless of how or why a cyberattack begins, the fallout can be devastating for all those involved.
Defence in depth is an approach to IA. It derives its inspiration from the military strategy with the same name. In this article, we explained what defence in depth involves and why it is useful for your organization.
