New Hire / New Hardware
A common challenge for an effective security awareness program is continuously reaching out to employees/staff in a fun and engaging manner. Training people once a year may keep auditors happy but will not change behavior. As such, you always want to be thinking of different ways you can reach out to people. The new hire process is a great place to start. While "new hire" training is the first thing that comes to mind, there are other options to consider.
Revoking security access isn't always enough
A California man has been arrested for interfering with computers at the California Independent System Operator (Cal-ISO) agency, which controls the state's power transmission lines and runs its energy trading markets. Even though Lonnie C. Denison's security access had been suspended at the request of his employer because of an employee dispute, he allegedly gained physical access to the facility with his card key. Once inside, Denison allegedly broke the glass protecting an emergency power cut-off station and pushed the button, causing much of the data center to shut down. Cal-ISO was unable to access the energy trading market, but the power transmission grid was unaffected.
SamSam Ransomware
The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.
