IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

Vulnerable SDK components lead to supply chain risks in IoT and OT environments as posted on Microsoft

 Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets in sensitive industries.

Token tactics: How to prevent, detect, and respond to cloud token theft (from Microsoft)

 As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

NIST Releases IR 8286D: Using Business Impact Analysis to Inform Risk Prioritization and Response

 Business impact analyses (BIAs) have been traditionally used for business continuity and disaster recovery (BC/DR) planning to understand the potential impacts of outages that compromise IT infrastructure. However, BIA analyses can be easily expanded to consider outages related to cyber risks and issues attributable to confidentiality and integrity.


Subscribe to RSS - Jay Ferron's blog