Avatar feed
Responses: 7
PO1 H Gene Lawrence
8
8
0
About time.
(8)
Comment
(0)
A1C Medrick "Rick" DeVaney
A1C Medrick "Rick" DeVaney
9 mo
WAY Past Time.
But Uncle Sam Isn't Well Known For
Solving Much Of Anything Quickly....
(2)
Reply
(0)
Avatar small
Cpl Vic Burk
6
6
0
Lt Col Charlie Brown Unfortunately when one gets put out of business, another opens up. I'm glad they got these sites shut down but ransomware is here to stay.
(6)
Comment
(0)
Maj Kevin "Mac" McLaughlin
Maj Kevin "Mac" McLaughlin
9 mo
Phishing is definitely a big vector and I appreciate what some companies do to train their people to avoid these attacks. However, it only takes one person to do it and more recently I've seen more sophisticated initial vector attacks such as sim-swapping, poor multi-factor authentication solutions (or none at all) susceptible to vishing, and zero days. Also, insurance can't save an organization completely from the resulting identity theft, reputation loss, proprietary/intellectual data loss, etc. It might be good for a school and other similar orgs, but even they have things that when lost, hurts. I will also say that my experience with insurance companies is not consistent. Some are incredibly stingy on what they allow cybersecurity companies to help remediate. Some of the lawyers come into the fold and have little to no understanding about what's being recommended and ultimately prevent the orgs from hardening their environments effectively.
(2)
Reply
(0)
Cpl Vic Burk
Cpl Vic Burk
9 mo
Maj Kevin "Mac" McLaughlin - The district also implicated a two factor verification recently so even if they find out your password you still can't get in. A text message is sent to the user of the sign in via cell phone. Without it you can't get in. Good luck guessing a six digit code plus selecting the right icons on two separate screens. After three tries you get locked out until an administrator releases it.
(1)
Reply
(0)
Maj Kevin "Mac" McLaughlin
Maj Kevin "Mac" McLaughlin
9 mo
So, While SMS text MFA is a good start, this methodology is actually vulnerable to several types of attacks. These are actually better:

Mobile Authenticator Apps: These use a pull for the verification number using an encrypted format and are less susceptible to man in the middle attacks (unlike SMS texts)

Hardware Tokens: Requires a special hardware token (very small, plugged into your system). Removes virtually all the vulnerabilities associated with SMS texting

Biometric Authentication: Most secure but hard and expensive to implement.
(1)
Reply
(0)
Cpl Vic Burk
Cpl Vic Burk
9 mo
Maj Kevin "Mac" McLaughlin - They need to use biometrics for voting! That would stop all the dead people from voting.
(1)
Reply
(0)
Avatar small
MSgt Dale Johnson
6
6
0
Good luck getting that money back.
(6)
Comment
(0)
A1C Medrick "Rick" DeVaney
A1C Medrick "Rick" DeVaney
9 mo
I've Got A 50 Which Says: "NOT A Buck Of It Will Be Returned To Anyone".
IF Uncle Sam FINDS Any, He'll Keep It, And Say "It's Part Of The Fines"
The Victims Won't Get Sh*t".
(2)
Reply
(0)
Avatar small

Join nearly 2 million former and current members of the US military, just like you.

close