It’s officially the last week of 2020. Another year is in the books, and everyone on Planet Earth is looking forward to a 2021 that will hopefully be better than 2020.
That said, we were incredibly fortunate at Fractional CISO to have a positive year. We managed to grow our business and hire three new employees. We opened a scholarship, started producing videos, and published more content to this blog than ever before.
We thought it would be a fun end-of-year exercise to take a look back at our hits and misses for the year.
6. Scariest Breach: Garmin Ransomware
Okay, Garmin Ransomware doesn’t exactly rank on the list of scariest breaches with the flurry of big attacks we’ve seen towards the end of this year – the SolarWinds attack represents nation-state attackers making attacks that threaten national security – but the Garmin Ransomware attack is the scariest breach we covered here and cybercriminals in it for the money are much more likely to be the ones attacking any given American business.
Ransomware is an especially dangerous attack for small and medium-sized businesses. It will completely stop operations and they may not have the cash to stay in business after paying off the ransomers.
Should you pay off a ransomware attack? Maybe, but you should definitely have a plan for one if it happens.
5. Most Regrets: Zoom Bombs
I know I can’t prove it to you, but I promise I was working on a post about Zoom’s security shortcomings before Zoom bombing blew up (pun intended) this year. I wasn’t at all surprised when I saw the headlines rolling in, and really wished I would have gotten an article out in-front of the event.
Anyways, I predicted that Zoom would improve its security. Has it?
- It ran a 90-day rapid-response security improvement plan that:
- Implemented modest new security features like encryption and user reporting
- Create process to lead security-conscious software development
- Began in-depth review to find and address other security flaws with a team of CISOs and regular penetration testing
- It released multi-factor authentication and end-to-end encryption for all users
- It released tools to easily freeze meetings and kick problematic/invasive attendees
Zoom faced an incredible amount of public and market pressure to improve its security features and it has acted swiftly. Zoom might fit the bill for your business needs – just be sure to use all the security features at your disposal. Most of them are optional and need to be turned on.
4. Favorite Infographic: Enjoyment from Hot Dogs
I wrote the third in my series of posts about being a Virtual CISO for other cybersecurity professionals who are interested in becoming Virtual CISOs themselves.
It’s important to have some sort of plan to market your services, and at first I focused heavily on LinkedIn. While I still focus on LinkedIn, there is such a thing as too much LinkedIn. The same can be said for hot dogs.
My favorite part about LinkedIn is how easy it makes staying in front of your network. You don’t need to post every day to reap the biggest benefit: reminding your professional contacts that you exist and could solve their problem.
3. Most Educational: SOC 2 Compliance
Credit for this one goes to RJ Russell, one of the aforementioned new hires who I brought onto the team to serve as another vCISO.
SOC 2 compliance is confusing to many business leaders at first. Most compliance standards are prescriptive – they tell you what you need to do, and you do it. SOC 2 is different: you determine what security-conscious practices are appropriate for your business and execute on those.
This is why it’s incredibly helpful to have someone like a CISO in a leadership role to help manage the compliance process – it requires a holistic approach to security.
2. Hottest on Social: Elon Musk
There is no universal formula as to what makes a social media post go viral and get attention. There are best practices and best guesses, but nothing is a guarantee.
Well, except this: Elon Musk gets clicks.
Elon had a close call this year when Russian hackers offered an employee a $1 million bribe to plant malware in Tesla’s computers. The fact that hackers had to resort to recruiting an insider speaks volumes about Tesla’s security. If they could have gotten in without risking an in-person visit, they almost certainly would have done so.
1. Most Popular: Signal vs. Whatsapp vs. Telegram
Competition is heating up in the encrypted messaging market. The three big players are Signal, Whatsapp, and Telegram. This post, written by Fractional CISO Cybersecurity Analyst, Chinmayee Paunikar, compares the features, security, and privacy elements of each of the three applications.
This is by far the most popular post on our website, drawing in the most traffic every single day. Hopefully it helps readers decide which app they should be using! Encrypted messaging apps should play an important role in communications at all businesses. They are especially useful for sending secrets.
Happy New Year!
Whether you’ve been reading our humble blog for years or minutes, thank you for stopping by!
