Key Notes from the Security Team: Q3 2024

This quarter, we highlight:

Awareness 

According to the Verizon 2024 Data Breach Investigations Report, 68% of breaches studied involved a human element. Security awareness is a critical part of any organization's security strategy. Having knowledge of security threats and how to spot them continues to become more important for everyone as time goes on. 

Recent Security Incidents 

When a large security incident is reported in the news, we have internal discussions on the Eberly Systems team about the details of the attack. We talk through how the attack was carried out, how the company was affected and the damage of the attack. This allows our team to learn about situations we could face in the future and how to prevent them. 

Security Presentations 

Bringing awareness to clients with our security presentations is one way we have been improving the security of our clients. At these conferences, we inform clients of up-to-date statistics on cyber attacks and the risks they face in the modern cyber security landscape. We also inform clients on how they can improve their security posture with a 10-step plan. 

An additional side of these security presentations are the more nuanced side of cyber attacks: the economics of the black market. This gives clients a different perspective on why their company could be at risk and what damage they could expect if ever attacked. 

Client Communication 

Having strong communication with clients not only builds trust, but also helps clients understand their current risks and how we can remedy some of their attack vectors. In a recent example, we met with the managers of a client company to introduce the importance of security and explain a few steps we would be taking to improve their security posture. Over the following months we implemented key changes around password management and security awareness training. To explain the importance of having these security measures at the client company, we created a presentation showcasing the specifics on how implementation would affect daily work for employees. 

Stopping Cyber Events Before they Happen 

Our team saw a few situations in the past quarter where our tools and processes prevented what could have become a significant cyber event. 

During our onboarding of a particular company, a device was found to be infected with malware. Management was informed, and following the proper procedures, the device was safely removed from their environment. Following an investigation, the source of the malware was discovered and the vector used to infect the device. 

In another incident, our security tools identified a business email compromise and locked the account before the attacker could do anything malicious. 

Takeaway 

As always, it is critical that everyone in an organization have a strong awareness of the potential risks of the technology around them. It's important to build a team culture around not being afraid to ask for clarification when in doubt, or for IT to review something before proceeding.