December 28, 2017

2017 Year in Review – WST

By any account, 2017 has been a crazy year. From new regulatory worries to Bitcoin, 2017 kept us moving. Here are a few of our highlights (or lowlights):

      • New IT Risk Examination program (InTREx) = No fun for Institutions.
      • Everyone wishes they had purchased some Bitcoin back in 2010.
      • Every new vulnerability now has a catchy name, from EternalBlue to BlueBorne, marketing now has to be involved in every vulnerability disclosure.
      • Ransomware became the automated threat we all were afraid it would become.

With a new year, it is customary to come up with New Year’s Resolutions. We all have things we wish we had gotten done in 2017, and things we want to do in 2018. As we move into yet another year, consider making one of your InfoSec Resolutions a promise to get back to basics. With all the threats, worries, and the latest vulnerability hotness, it is easy to forget that most breaches still happen due to an attacker finding a silly opening. From a phishing email click on an unpatched system to that one router you forgot to change the default password on, it is the small details that can snowball into a breach. On the flipside, it is the simple security concepts, done right, that can make the difference. Easier said than done, but security takes focus. And breach study after breach study shows that focusing on some of the basic “Blocking and Tackling”, Patching, Least Privilege, and Default/Weak Credentials, can make a world of difference.

So here’s to the coming year, and hoping we can make it a more secure one. What are some of your New Year’s resolutions? InfoSec or otherwise?

Past Weekly Security Tips – WST