Fortress SRM, Author at Fortress SRM

Security & Threat Updates – July 2025

Fortress SRM — Tue, 15 Jul 2025 15:41:38 +0000

Attention Fortress SRM Patching Customers,

Please see below updates on recent threat intelligence news, Microsoft’s July Patch Tuesday and other notable 3rd Party critical vulnerabilities.

Recent in Threat Intelligence News:

Microsoft Vulnerabilities:

Microsoft disclosed a total of 137 vulnerabilities this month affecting its current operating system, including 14 critical vulnerabilities and one zero-day vulnerability. June 2025 Patch Tuesday addresses vulnerabilities across multiple categories:

53 Elevation of Privilege vulnerabilities
41 Remote Code Execution vulnerabilities
18 Information Disclosure vulnerabilities
8 Security Feature Bypass vulnerabilities
6 Denial of Service vulnerabilities
4 Spoofing vulnerabilities

The most critical Common Vulnerabilities and Exposures (CVEs) are highlighted below:

Windows Zero-Days:

CVE-2025-49719 – Microsoft SQL Server Information Disclosure Vulnerability
Microsoft SQL server vulnerability could allow a remote, unauthenticated attacker to access data from uninitialized memory through improper input validation.
Vulnerability is publicly disclosed and is not actively being exploited in the wild.

Other Critical CVE’s worth mentioning:

CVE-2025-49697 / 49695 / 49696 / 49702 – Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49704 – Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-49717 – Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2025-49703 / 49698 – Microsoft Word Remote Code Execution Vulnerability
CVE-2025-36350 – AMD Transient Scheduler Attack in Store Queue
CVE-2025-36357 – AMD Transient Scheduler Attack in L1 Data Queue
CVE-2025-47981 – SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-48822 – Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability
CVE-2025-47980 – Windows Imaging Component Information Disclosure Vulnerability
CVE-2025-49735 – Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

3rd Party Critical CVE’s worth mentioning:

Adobe Products (not handled by FSRM):

Adobe released 13 bulletins covering a total of 60 CVE’s. Of these, 39 of the flaws are rated as critical. The flaws could lead to arbitrary code execution, arbitrary file system read, memory leak, application Denial-of-Service, security feature bypass, and privilege escalation within varying Adobe products, listed below.

Cisco (not handled by FSRM):

CVE-2025-20309 – Cisco Unified Communications Manager Static SSH Credentials Vulnerability (Critical)
CVE-2025-20281 / 20282 – Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities (Critical)

Thunderbird:

Security Vulnerabilities fixed in Thunderbird 140 — Mozilla

Fortinet (not handled by FSRM):

CVE-2024-27779 – Insufficient Session Expiration Vulnerability in FortiSandbox & FortiIsolator
CVE-2024-52965 – PKI via API Authentication Granted with an Invalid Certificate in FortiOS & FortiProxy
CVE-2025-24477 – Heap-based Buffer Overflow Vulnerability in FortiOS cw_stad daemon
CVE-2025-55599 – Improperly Implemented Security Check for Standard vulnerability in FortiOS and FortiProxy
CVE-2025-24474 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in FortiManager and FortiAnalyzer

Google Chrome:

Google released a security update to fix exploitable zero-day vulnerability – CVE-2025-6554
Updated version – 138.0.7204.100/.101 for Windows, Mac and 138.0.7204.100 for Linux.
No Android Security patches were released for July 2025.
Chrome release: July 8th, 2025

Ivanti (not handled by FSRM):

Ivanti has released updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Endpoint Manager Mobile (EPMM), and Ivanti Endpoint Manager (EPM) which address 6 medium severity vulnerabilities, and 5 high severity vulnerabilities.
July 2025 Security Update | Ivanti

SAP (not handled by FSRM):

In July 2025, SAP Security Patch Day saw the release of 27 new Security Notes and 4 updates to previously released Security Notes.

About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering

Software vulnerabilities are a leading cause of cyberattacks, with nearly one-third of breaches stemming from unpatched, known flaws.

Maintaining secure and up-to-date operating systems and applications is a complex, time-consuming task that often strains internal IT resources. Fortress SRM’s Vigilant Managed Cyber Hygiene with 24/7/365 U.S.-based Monitoring Service simplifies patch management by delivering automated, high-efficacy updates (97%+ success rate) for Microsoft and over 100 third-party applications. This includes critical security patches, OS upgrades, and key configuration updates—across all devices, on or off the network.

Our real-time reporting console offers full visibility into patch status and activity, helping organizations maintain a strong, proactive security posture.

Ready to strengthen your cyber hygiene?

Contact us at Contact Us | Fortress Security Risk Management (fortresssrm.com) to learn how Fortress SRM can help support and enhance your organization’s cybersecurity strategy.

The post Security & Threat Updates – July 2025 appeared first on Fortress SRM.

Cybersecurity Lessons from Sun Tzu’s “The Art of War”

Fortress SRM — Sat, 01 Oct 2022 21:31:00 +0000

According to legend (or fact, depending on who you believe), Sun Tzu was a Chinese general, writer and strategist that lived in the 5^th or 6^th century B.C. He is credited as the author of The Art of War, a book on military strategy that has also been adapted for use in the business world.

Many of the lessons in the book focus on alternatives to battle, such as using strategy, confusion and deceit, and most important to cybersecurity, thinking like the enemy, to understand and ultimately defeat an opponent.

Here are several lessons from The Art of War and how they apply to cybersecurity.

“The greatest victory is that which requires no battle.”

If you suffer a cyber-attack, you are engaged in battle. You will be fighting an unseen foe that has either stolen your intellectual property, trade secrets, sensitive customer data, or financial and banking information, or has locked you out of your IT systems and ransomed your data. Your choices: fight and regain control of your systems and data or surrender and pay a ransom.

The Lesson: Being prepared against cyber-attacks is better than having to fight the battle because whether you fight or surrender, it is going to be expensive.

“In the midst of chaos, there is also opportunity.”

A cyber-attack produces chaos and shows the weak spots in your security, but in the heat of battle, there is no time for introspection. A better strategy is to simulate chaos with a “virtual cyber-attack.” These are called table top exercises, and they provide the opportunity to learn about security vulnerabilities and to make needed improvements. During these table top exercises, security problems can be identified and changes implemented, without the chaos of battle.

The Lesson: Simulating a cyber-attack can expose security weaknesses so that changes can be implemented.

“Attack is the secret of defense; defense is the planning of an attack.”

“Don’t think like a castle, think like an invader.” In order to defeat a cybercriminal, you need to think like one. Every castle can be breached, just like every security system can be breached. Instead of focusing on what keeps you safe, focus on finding the weaknesses in your protection by thinking like a cybercriminal. They are relentless and will find any exploitable crack in your castle wall to gain entry. Be proactive: digital forensics with vulnerability scans and penetration testing can help you find it before they do.

The Lesson: Thinking like the enemy allows you to see your cybersecurity through their eyes in order to find your weakness and fix it.

“If ignorant both of your enemy and yourself, you are certain to be in peril.”

This takes the last lesson to the extreme. Not understanding what security you have in place, what’s its strengths and weaknesses are, and not understanding how your enemy can (and will) attack you guarantees that eventually, you will suffer a security breach.

The Lesson: It’s important to be aware of not just your enemy, but yourself as well. Your defenses help determine if your enemy will attack, and if they do, what offense they will use against you.

“Plan for what is difficult while it is easy, do what is great while it is small.”

With cybersecurity, the best plan is always action, not reaction. Your company should have an incident response plan in place, have developed and documented security policies, be constantly monitoring technology assets for suspicious activity, and respond to threats as they occur. Acting before a cyber-attack happens is more effective, less expensive, and easier to recover from than waiting until a breach happens to put a plan together.

The Lesson: An ounce of prevention is better than a pound of cure.

“The opportunity to secure ourselves against defeat lies in our own hands.”

This lesson from The Art of War sums it up perfectly – it is up to each company, each organization, and each individual to protect themselves against cybercriminals because they are the enemy in the war on cybersecurity. If you’d like to have a confidential conversation with one of our cybersecurity experts to improve your security posture, simply complete the form below – we’re here to help!

Are you confident in your current cyber risk strategy and execution?

Fortress helps mitigate cyber risk by helping organizations optimize the performance of their people, processes, and technology. Offering a robust co-managed solution to enhance an internal IT team’s capability, capacity, and focus, Fortress features a full suite of managed security services plus specialized services like M&A cyber due diligence, insider threat detection, Cybersecurity-as-a-Service, and proactive digital forensics. Fortress supports companies with both domestic and international operations.

The post Cybersecurity Lessons from Sun Tzu’s “The Art of War” appeared first on Fortress SRM.

Ransomware: To Pay or Not to Pay? That Is the Question

Fortress SRM — Wed, 09 Jun 2021 19:54:04 +0000

It’s a big question for businesses hit by a ransomware attack: should we pay the ransom or not?

Ransomware is malware that encrypts files on a device, making them inaccessible and rendering the systems that use them inoperable. Cybercriminals demand a ransom in exchange for decrypting the files.

One of the most well-known ransomware attacks happened in May 2017, when Wannacry affected more than 300,000 computers across 150 countries. It targeted computers running the Microsoft Windows operating system and caused damages estimated to be in the hundreds of millions of dollars. Other widely publicized ransomware attacks have used Ryuk, which mainly targets large businesses and government agencies, Maze, which threatens to publish ransomed data on the internet if the victim fails to pay, and NetWalker, which targets remote workers, as well as government agencies and healthcare organizations.

What are the leading causes of ransomware infections? Phishing attacks are the most common, followed by lack of employee cybersecurity training; lack of, or outdated, security tools like antivirus or firewalls; malicious websites or malvertising; and end user error (Datto, 2018). Not surprisingly, 80% of this list is caused by human behavior. It is crucial that every organization stay vigilant with their security tools, but more importantly, train employees on how to avoid cybersecurity traps and be secure online.

Ransomware can have a disastrous effect on a business and leave it without the data and systems needed to maintain its operations. In recent years, ransomware criminals have added extortion to their demands, threatening to expose sensitive or proprietary data if a victim doesn’t pay the ransom, and publicly naming the company as having been hacked.

The dilemma for ransomware victims is weighing the cost of paying the ransom and the financial loss that comes along with it versus managing the lost productivity, extra IT costs, legal fees, network damage and potential reputational loss that not paying the ransom could create.

What is the average ransomware demanded? In 2020, the average of known ransoms was $178,000 (Coveware, 2020) and includes ransomware attacks on large companies which does push the average up. The average known ransom for smaller businesses is $5,900 (Datto, 2019). The largest published ransom demand of 2020 (there may be higher ransoms of which we are unaware) was made of a French construction firm and was 10 million euros, or $11.8 million (Cloudwards, 2020).

The costs to recover from a ransomware attack are significantly higher than the ransoms demanded. The average recovery cost was $1.45 million for companies that paid their attacker’s ransom, while those that didn’t pay spent only $730,000 to recover from the attack (Sophos, 2020). Only about 25% of ransomware victims made payments to their attackers (Sophos, 2020).

As you can see, ransomware attacks are expensive and they can be devastating. In May 2019, the city of Baltimore’s computer system was infected, and estimates put the recovery cost at over $18 million, although the cybercriminals only demanded $76,000 worth of Bitcoin. In 2018, the city of Atlanta spent over $17 million to recover from an attack that demanded $52,000 in Bitcoin.

Paying or not paying the ransom is a decision that each business must make for itself, but the Federal Bureau of Investigation (FBI) does not support paying a ransom because doing so doesn’t guarantee that the ransomed data will be decrypted or that your systems or data will no longer be compromised, and it encourages cybercriminals to target more victims. The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) also do not recommend paying ransoms.

If your organization is hit with a ransomware attack, CISA recommends immediately: 1) determining which systems were impacted and isolate them, 2) if impacted devices cannot be disconnected from the network, power them down to stop the spread of the infection, 3) triage impacted systems for restoration and recovery. Next, engage internal and external stakeholders to mitigate, respond to, and recover from the incident.

In order to prevent a ransomware attack from happening to your organization and putting you in the uncomfortable position of having to decide to pay or not to pay a ransom, MCPc strongly suggests these activities to help keep you from ever having to make that decision:

Ensure that all user software is updated, and security patches are installed as soon as they are released (this includes operating systems and application software)
Frequently backup your data, and make sure there is a gap between it and the Internet, as it too can be ransomed
Keep your security tools like firewalls, antivirus, antispyware, and remote monitoring up to date with the latest versions
Periodically review and update your incident response (IR) plan, and test it against real-world threats
Stay current with cybersecurity news and learn lessons from other ransomware events

Fortress Security Risk Management is a global data protection company that helps organizations protect themselves against ransomware attacks and provide incident response services to minimize the business disruption a cyber-attack can create. Our goal is to help every client achieve the highest degree of security and the least amount of risk their organization can afford, or what we call, SecurityCertainty^SM.

The post Ransomware: To Pay or Not to Pay? That Is the Question appeared first on Fortress SRM.

Managed Patching: What Is It and Do You Need It?

Fortress SRM — Wed, 09 Jun 2021 19:03:01 +0000

Let’s be honest: applying software patches to computers, mobile devices, and servers is a hassle. Patching is something you know you should do but probably don’t because it requires a lot of work. It’s the cybersecurity equivalent of brushing your teeth before bed or writing thank you notes. But unlike these two tongue-in-cheek examples, neglecting to update patches can allow hackers access to your business and its data, and that is not funny. Not even a little bit.

First of all, what is managed patching?

Managed patching is automating the process of delivering software patches to all devices in your technology environment and monitoring which devices have been patched and which haven’t.

Let’s back up a bit – what is a software patch?

A patch is software code that can be applied to installed software to correct an issue with the program. Almost all software programs require patches after the program has been released, and for many programs, multiple patches are released, sometimes for years after the initial release.

There are several different types of patches: hotfixes, security patches, service packs, and unofficial patches. A hotfix is an update that fixes a bug or security issue and is urgently developed and released to limit the effect of the issue. Security patches fix vulnerabilities that hackers could use to gain access to your device and data. A service pack is a collection of updates, fixes, or software enhancements delivered as a single installable update. Unofficial patches are made by a third-party rather than the software publisher.

Why is there a need for managed patching?

A study by Bitdefender found that 64% of all unpatched vulnerabilities in the first six months of 2020 involved known bugs from 2018 and earlier – meaning that organizations were at risk from software and system weaknesses that could have easily been fixed – at least two years earlier!

There are three main reasons for a need for managed patching: security, resources, and functionality.

The most important reason for managed patching is security. Software vulnerabilities are a common access point for cybercriminals, and once they compromise a device, they have access to your network, technology systems, and your data. Security patches protect your network and infrastructure and reduce the number of access points to your systems. Automating the process helps ensure that all devices are updated and eliminates the element of human error.

Next, few IT departments have the tools to know where every device they own is, let alone know which devices have which patches. The time and resources it would take to update every device with every available patch would quickly overwhelm even the most efficient IT team. Managed patching automates the process and keeps a detailed record of patching activities for auditing and regulatory purposes to meet the security compliance requirements of HIPAA, PCI-DSS, SOX, and NIST, to name just a few.

Finally, managed patching ensures that the operating systems and application software that your business relies on functions correctly and contains all the new updates and enhancements the software publisher releases. These updates help keep your business competitive, so you don’t lose ground to competitors just because you’re using outdated software tools.

But is managed patching really necessary?

Patching software is involved and complicated, which is why recommended patches go uninstalled.

Plus, network administrators often find it difficult (if not impossible) to ensure all devices and systems are adequately patched. Software patches are your first line of defense against cyber-attacks as they fix known weaknesses that could provide hackers unauthorized access to your devices (and network)

Managed patching can help ensure that every device on your network is up to date with security patches and the latest software enhancements. Managed patching tools deploy patches quickly and efficiently and maintain records of which systems and devices have been updated, and which are still vulnerable.

So, yes, managed patching is necessary.

Fortress SRM is a global data protection company that helps organizations dramatically minimize their risk of disruption from unforeseen events like cyber-attacks and data breaches by providing industry-leading managed patching services. Our goal is to help every client improve their business resiliency and secure their future with the highest degree of security and the least amount of risk.

The post Managed Patching: What Is It and Do You Need It? appeared first on Fortress SRM.

Endpoint Detection & Response Beats Antivirus. But Is It Enough?

Fortress SRM — Wed, 09 Jun 2021 18:51:59 +0000

Cybercrime used to be a problem only for large businesses, but those days are past. Small- and medium-sized businesses are attractive targets for cybercriminals, with SMBs accounting for 28% of data breaches (Verizon, 2020), possibly because 23% of SMBs don’t use any type of endpoint security tools. What’s more frightening is 32% of SMBs that do use endpoint protection, use free, consumer-grade software. (BullGuard, 2020)

2020 provided a “perfect storm” of circumstances which has increased the frequency and severity of cyber-attacks on businesses of all sizes: a slowing global economy, growing awareness of unprotected data and suspect cybersecurity practices, and the rise of the remote workforce.

One technology used to mitigate cybercrime is Endpoint Detection and Response. But is it enough?

What is EDR?

Endpoint Detection and Response (EDR) is a tool that is installed on an organization’s endpoints (laptops, desktops, tablets, smartphones, IoT devices) that continuously monitors behavioral data to detect and respond to security threats. EDR uses analytics to identify patterns and detect suspicious behavior, prevent malicious activity, and provide remediation to affected endpoints. Endpoint Detection and Response also collects and stores behavioral data for future analysis and reporting.

Why is EDR Important?

EDR provides a more complete awareness of the endpoints in your technology environment than traditional security tools such as antivirus. Endpoint Detection and Response detects and protects against advanced forms of malware, credential and login theft, phishing attempts, and other advanced persistent threats. Whereas antivirus tools protect against known malware signatures, EDR is designed to recognize unknown types of malware based on their behavior, and then make decisions to prevent malicious actions.

Limitations of Antivirus

Antivirus software is a security tool that relies on an always-growing database of malware signatures to provide protection, but this approach has several serious limitations:

New or emerging threats: Antivirus cannot detect or prevent threats that do not match an existing signature or zero-day attacks. Even a small change to well-known malware can go undetected. Endpoint Detection and Response can detect new or unknown threats as well as insider threats, whether malicious or accidental.
Inadequate insight: Antivirus is focused on prevention, and not on detection and investigation. EDR can detect unauthorized activity on your endpoints and within your network. EDR is also invaluable in forensic investigations and can show an attacker’s path of compromise, or “kill chain.”
Credential theft: Compromised logins cannot be detected by antivirus tools. Endpoint Detection and Response relies on behavioral analysis and can detect when a hacker logs in from a different location or at suspicious times of the day.
It’s not failsafe: Antivirus effectiveness has declined as cybercriminals have found new ways to compromise devices and systems, but many organizations still feel a false sense of security with the inadequate protection that antivirus provides.

Benefits of EDR

Data Collection: EDR continuously collects and analyzes data on all endpoints, which helps identify threats in real-time, and facilitates investigations and incident response.
Detects all endpoint threats: Because EDR uses behavioral analytics instead of relying on known threat signatures, it can better identifypotential threats.
Real-time response: Endpoint Detection and Response provides real-time response to potential security threats and isolates endpoints for immediate recovery, to clean and block suspicious files, and to take forensic snapshots for later analysis.
Understand how safe you are: EDR helps create a clearer picture of the security status of an organization by identifying areas that may be vulnerable to attack and which endpoints are secure and uncompromised. Lack of visibility into security compromises is a large reason why many organizations struggle to understand the scope and impact of a cyber-attack.
Regulatory compliance: Endpoint Detection and Response also allows a business to report on its security compliance status for SOX, HIPAA, GDPR, etc.
Compatibility with other security tools: EDR works in concert with other security tools such as SIEM, firewalls, etc., to provide layered cybersecurity.

Considerations of EDR

Endpoint Detection and Response is not a one-and-done security tool; it is most effective when combined with other security strategies and managed by security experts.

EDR creates more data: More data means more analysis; and that requires trained security specialists, additional storage, time, and money.
Threats will still exist: No security tool provides 100% protection, not even EDR.
Will EDR cover everything?: EDR can be installed on servers and endpoints alike, but make sure it will work with all of your IoT devices or older operating systems.

Endpoints Are Crucial – Make Sure They are Protected

Endpoints are a large attack vector, and with work-from-home and remote workforces increasing, Endpoint Detection and Response is crucial to limiting the security risk of an organization’s endpoints. It is a cybersecurity must-have for any company facing security threats – which is every company!

Fortress Security Risk Management is a global data protection company that helps organizations dramatically minimize their risk of disruption from unforeseen events like cyber-attacks and data breaches by providing industry-best EDR services, as well as other cybersecurity services from our 24/7 Security Operations Center (SOC). Our goal is to help every client secure their future with the highest degree of security and the least amount of risk.

The post Endpoint Detection & Response Beats Antivirus. But Is It Enough? appeared first on Fortress SRM.

What Football Can Teach Us About Cybersecurity

Fortress SRM — Wed, 09 Jun 2021 18:10:10 +0000

Cybersecurity and football have many things in common, and football can teach us a lot about how to approach cybersecurity.

Football is a very adversarial sport. One side is trying to score, and the other side is trying to prevent that from happening. Cybersecurity is the same; hackers are always on the offensive, trying to get into your technology system and “score” data, access, or information, while information security teams are always playing defense to keep that from happening.

Football can teach several lessons about cybersecurity that we are calling “The Five Ps.”

Planning

Football is a sport that is based on planning. Instead of it being a free-flowing, fluid game like soccer or basketball, it is a series of orchestrated plays that are chosen based on game circumstances.

As anyone who has ever tried to pick which team will win on any given weekend can attest, the best team doesn’t always win. Experts believe that most of a team’s success is a result of the planning and strategizing that goes into every game, because when the game is being played, the winning team is usually the one that better executes its game plan.

For example, Team A knows that Team B has a young and inexperienced defensive secondary, so Team A’s game plan includes lots of long, downfield plays to exploit the defense’s weakness. In cybersecurity, Company A is continually updating its cybersecurity plan based on the tactic’s cybercriminals are using to gain access to companies, because unlike football, you never know which opponent you will be facing on any given day.

Practice

“Practice makes perfect.” Sure, it’s an unimaginative phrase, but it’s also time-tested and true.

Practicing plays over and over creates a pattern in the brain and the body where the actions and motions become instinctual. This “muscle memory” means that the play can be repeated over and over with the same results.

Practice is also crucial to good cybersecurity. Breaches and security incursions should be practiced with regularity and moderated by someone that understands security and can “grade” the participants after the exercise to improve their readiness skills. Regular practice with staged security issues also keeps security and IT team members sharp because they never know which type of incident will be practiced.

Practice is all about doing better today than yesterday, because much like football players, cybersecurity always need to improve because the cybercriminal competition is always improving.

It is also important to remember that practicing cybersecurity does not take-away from everyday work, it is a crucial part of the job, it is as important as new technology installations and integrations. Practicing security threats and simulating cyber-attacks should be part of every IT team’s responsibility.

Precision

Precision means putting focus on the right things. Practice is important, but it’s just as important to practice effectively. Reinforcing bad habits or practicing the wrong things doesn’t accomplish anything except waste time and effort. A football team that practices running plays all week long and then decides on a pass-first game plan will have wasted their entire week of practice and will most certainly be ineffective on game day.

For a cybersecurity team, practicing the wrong things wastes time and increases costs. Two critical aspects of cyber training are to:

Align the right training for the right roles – in football, kickers spend their time practicing field goals and kickoffs and don’t participate in blocking drills. Your security team’s training should work the same; your Help Desk Analyst isn’t going to be your Cyber Forensics expert on game day. Both play a vital role in getting your organization back up and running and both should be prepared for their own individual role that day. One will help the company get back up and running, while the other determines the cause.
Manage training effectively – this means that some team members might use self-guided online training modules, some might attend a seminar, and others might take classes to attain certifications.

Players

Coaches coach and players play. In football, it’s important for coaches to understand their players and where they fit on the team based on the unique skills they possess.

A player that was a tight end in college might be better suited to be a wide receiver role in the NFL, based on his size and speed. A lineman might not play is his rookie year until he adds weight and muscle and learns the position from a more experienced teammate.

In cybersecurity, leaders must assess and evaluate their teams, understand the skill and knowledge they have (and which they lack), and provide training appropriate for the role that will improve proficiency to the skill level required for the role. It’s also important for team members to understand where they fit on the team by understanding their roles and how they contribute to the security of the organization.

It’s important to note that players aren’t always people. Cybersecurity relies on people, process, and technology, and all three must work together. It’s crucial that your processes and technology also be appropriate for your security needs and that their fit into your team and your security game plan.

Performance

Athletes and coaches understand that cross-training improves overall fitness and prevents injuries, while at the same time expanding their abilities. A lineman that only lifts weights might improve upper body strength but might have little stamina. A coach can vary the player’s training to provide more balanced conditioning, so adding running to the lineman’s workout routine can add stamina and improve overall cardiovascular performance.

Cross-training in cybersecurity makes team members perform better. Security team members that have a broader understanding of the organization’s security playbook increase the teams’ agility and ability to respond to a security incident. In some cases, it allows team members to step in and perform in other roles, adding flexibility to the team.

Focusing on continuous assessment and training can create a cybersecurity team that is trained in modern security methodologies and tools. Plus, the business can draft new talent with skills missing from the team or to augment existing strengths.

Cybersecurity preparation is a vital function for every organization. Proper Planning, effective Practices that focus on Precision, training your Players, and continually improving your Performance can help your players and organization be ready for game day.

Fortress Security Risk Management is a global data protection company that helps organizations dramatically minimize their risk of disruption from unforeseen events like cyber-attacks and data breaches by providing industry-best cybersecurity services. Our goal is to help every client secure their future with the highest degree of security and the least amount of risk.

The post What Football Can Teach Us About Cybersecurity appeared first on Fortress SRM.

Cybersecurity Hall of Shame

Fortress SRM — Sat, 22 May 2021 17:17:27 +0000

Learning from others’ mistakes is certainly less painful than making the mistakes yourself. We hope you’re never on this list: “The 5 Biggest Cybersecurity Mistakes Organizations Make.”

The post Cybersecurity Hall of Shame appeared first on Fortress SRM.

The IT and Business Nightmare: Patch Management

Fortress SRM — Wed, 03 Mar 2021 18:08:08 +0000

Software patches protect your network and infrastructure but they are an IT and business resource nightmare.

The post The IT and Business Nightmare: Patch Management appeared first on Fortress SRM.

Cyber Resiliency is Business Resiliency

Fortress SRM — Mon, 01 Mar 2021 19:02:00 +0000

Cyber resiliency is an organization’s ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cybersecurity resources. This standard definition of cyber resilience was created by the National Institute of Standards and Technology and we believe it is spot-on.

Cyber resiliency is also business resiliency. A business that is cyber resilient can defend itself against cyber-attacks, limit the negative impact a security incident can have, and ensure business continuity and uninterrupted operation during and after the attack. Being cyber resilient also helps organizations withstand and recover from other business interruptions, such as natural disasters, hardware failures, data loss, and power outages.

There is a distinct difference between cybersecurity and cyber resiliency. Cybersecurity is preventing a cyber-attack using tools such as endpoint detection and response (EDR), firewalls, malware detection software, and improving security behaviors with employee anti-phishing email training and timely security patch updates.

Being cyber resilient is letting go of the belief that an organization can create an impenetrable barrier between it and cyber criminals. Instead, cyber resiliency assumes that attacks will happen, and operations will be disrupted so safety precautions must be implemented to respond to, and recover from, cyber-attacks.

A cyber and business resiliency mindset seeks to identify the parts of a business that can be disrupted, and once identified, is focused on limiting the impact of a disruption. As an example, if a power outage occurs, are there data backups in place for critical and non-critical business systems? How soon can systems be restored? Are there multiple backups in different locations in the event of a natural disaster?

Not until measures are put in place to minimize the impact of disruptions can a business consider itself resilient.

There are three main elements of cyber resiliency: Cybersecurity Protection, Continuation of Normal Business, and Adaptability.

Cybersecurity Protection is putting security measures and tools in place to prevent unauthorized access to your systems and network. It includes using EDR, firewalls, VPNs, and staff training to defend against cyber-attacks.
Continuation of Normal Business is the point at which an organization is operating normally after a security incident or can continue operating during an incident. This includes the time it takes to restore all systems from backups.
Adaptability refers to how easily the organization can defend against ever evolving and changing cyber-attacks. The more adaptable an organization is, the more cyber resilient it is.

Achieving cyber resiliency is like seeing a city on a map – you know where it is, but the important question is, how do you get there?

We hope these 6 Steps to Cyber Resiliency can help your organization become more business resilient:

Plan
Create an incident response team and response plan, test your security, and practice, practice, practice what to do in the event of a security incident.
Protect
Put cybersecurity tools in place, such as EDR, SIEM, and firewalls to create a defense system that can withstand most cyber threats your organization may face.
Defend
With an active cybersecurity framework established, your security tools can defend your business against most security threats and disruptive events and allow you to keep operating during an incident.
Restore
Have a plan and safety measures in place to restore your critical and non-critical business systems from on-site, offsite, or cloud-based data backups.
Observe & Analyze
Implement software tools that report, log, and repel cyber treats in real-time. These tools rely on machine learning, artificial intelligence, and automated threat hunting and can learn and adapt to prevent future cyber threats.
Adapt
Always assess your threat-readiness and cybersecurity protection to maintain normal operations now, and in the future.

Cyber resiliency takes work but is essential for business survival in the information age. It’s also important to know that it’s OK to ask for help!

Fortress Security Risk Management is a global data protection company that helps organizations dramatically minimize their risk of disruption from unforeseen events like cyber-attacks and data breaches by providing industry-best cybersecurity services to prepare your organization to be cyber resilient. Our goal is to help every client secure their future with the highest degree of security and the least amount of risk.

The post Cyber Resiliency is Business Resiliency appeared first on Fortress SRM.

The Cyber Threat Universe

Fortress SRM — Thu, 14 Jan 2021 18:05:28 +0000

Cyberspace can be a dangerous place! Understanding the cyber threats that fill our universe can help you avoid them.

The post The Cyber Threat Universe appeared first on Fortress SRM.