A selection of this week’s more interesting vulnerability disclosures and cyber security news. I don’t often play games, and until this issue below appeared on my feed due to the self inflicted data breach I was blissfully unaware. Apart from the horrific appearing customer service, the breach is deeply unfortunate. What can we learn from it? Perhaps when under a lot of stress make sure you configure (was it a thread configuration issue or bug?) anything customer facing correctly.

You’ve made the big decision to migrate to Microsoft Office 365. Its array of cloud collaboration makes this a great decision. Yet at the same time, Microsoft is also pitching Office 365 as a way to consolidate your security, compliance, and e-discovery platforms. It is promising advanced threat protection, data protection, and an online archive that’s all about privacy and meeting robust data-retention requirements. And it’s all included. How can you turn down that offer?

Who else had as much fun as we did at re:Invent 2018? I hope everyone is now home, rested, and going through everything they’ve learned while at the show – I know I learned a ton! The best part of being at a conference like re:Invent is hearing firsthand from practitioners how they are using technology to solve their business challenges.

For many organizations, the transition to paperless systems is fraught with operational challenges. The difficulty is not so much with the deployment and adoption of digital tools, but rather with converting piles of paper into usable data. The first step in this process is high-volume document scanning; turning the physical stuff digital. Next, it’s time to make sense of the image captures.

Businesses rely on technology more today than they ever have in the past. In fact, many business models are built entirely around a technology which, if disrupted, could spell ruin. A traditional business with a brick and mortar presence is probably better-placed to withstand an extensive online disruption or outage.

Any developer would probably agree Content Management Systems (CMS) make it easier for web development teams and marketing to work together. However CMS assets like blog.company.com are also web application based and could be targets of hacker attacks. Why’s that? Simply because they are based on commonly used technologies, communicate with end users, bring in organic or paid reader traffic and build brand awareness.

As ransomware attacks become more sophisticated, they pose an ever-increasing threat to data-driven systems. Much like an infectious disease, malware wreaks the most havoc once it spreads; so the best way for hackers to get the most bang for their buck is by targeting vulnerable businesses. When an encrypted file from one account syncs to the cloud and to other devices, productivity grinds to a halt.

Penetration testing is becoming increasingly popular as organizations are beginning to embrace the need for stronger cybersecurity. But there are still too many businesses that don’t fully understand the benefits of regular security testing. Pen testing is vital for any kind of organization with an IT system or website. A recent survey of penetration testers revealed that 88 percent of those questioned said they could infiltrate organizations and steal data within 12 hours.

We at Bulletproof provide a range of different cyber security services, including penetration tests, managed SIEM, and compliance consultancy. Though undoubtedly the most interesting (and cool) service we offer are our red team assessments.

An estimated 34 percent of companies have experienced data breaches in the last 12 months. With those odds, every organization should be prioritizing cyber security and cyber attack management. Take the time now to put together a data breach incident response plan utilizing these steps, so if your organization is affected, you’ll be able to respond as quickly and effectively as possible. Here are some key steps the plan you create should include.