Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In Part 1 of this blog series, we highlighted the benefits of CrowdStrike’s investigative approach and the CrowdStrike Falcon® Real Time Response capabilities for avoiding a significant incident in the first place, and minimizing the damage should an attacker gain entry into your environment. We also explored a range of governance and process-oriented steps that are often left out of technology-centric discussions on incident response preparedness.

Cybersecurity is a trending topic among boards and executives. Yet, many organizations need more technical capabilities to prepare and respond effectively to cyber incidents and regulatory requirements. Let’s explore what cybersecurity professional services really are and how they can help take an organization’s security to the next level.

Organizations seeking cyber insurance coverage are typically required by their insurer to provide evidence of a panoply of controls around information security, disaster recovery, and related risk and technology requirements and best practices.

For most websites and apps, employing security-related HTTP headers has become standard practice. Websites use headers as part of HTTP requests and replies to convey information about a page or data sent via the HTTP protocol. They might include a Content-Encoding header to indicate that the content is a compressed zip file or a Location header to specify a redirect URL.

In the last week, The U.S. House of Representatives ordered its staff and lawmakers to delete TikTok from any government-issued mobile device due to security concerns with the popular video-sharing app. But, it’s not just the government taking action for a potential security vulnerability. A handful of college campuses announced that they are banning access to TikTok from campus WiFi in accordance with their respective governors’ executive orders.

There are currently over 24 billion exposed credentials circulating the dark web, according to a 2022 report by Photon Research Team. In fact, the markets selling compromised credentials are even offering cybercriminals subscription services for purchasing these usernames and passwords. No wonder there has been a 65% increase in exposed credentials on the dark web since the last time this report was conducted in 2020.

No single organization can master all trades, which is why their success hinges heavily on their vendors. And if vendors are crucial for your business operations, it’s necessary to manage them as if your success depended on it–because it does. Yet, until recently (2016), only a third of companies knew how many vendors accessed their systems each week.

On Thursday, December 22, 2022, LastPass updated their security incident notice to include additional details around the data breach they began investigating in November 2022. According to their notice, the threat actor used information obtained in an earlier, August 2022, data breach to target an employee and obtain credentials and keys used to decrypt storage volumes within their cloud-based storage service.

As 2022 comes to an end, I’m prouder than ever of the steps that every team member at Arctic Wolf has taken to protect and delight our customers as we steadily advance toward our mission of ending cyber risk.