PROCIRCULAR BLOG

Educating your business on the importance of cybersecurity

How to Prioritize Cybersecurity Before a Recession

Posted by Tierney Robinson on Jul 28, 2022 3:08:13 PM

Cybersecurity is one of the main factors to incorporate into your organization’s recession planning. One notorious online cybercriminal group, the Cobalt Cybercrime Gang, has been operating since 2013, completing over 100 heists totaling over EUR 10 billion in losses to the European financial industry. In a time when attackers are highly motivated and financial and reputational losses can have significant effects, it is crucial to have a clear picture and action plan regarding your cybersecurity posture.

With new threats emerging daily, it is essential to identify and address technical and operational risks proactively. Ensuring reliable and uninterrupted function of your operations during an incident means preparing for, protecting against, responding to, and recovering from a cyberattack.

A recession can occur unexpectedly with little to no warning and leave companies vulnerable to opportunistic and persistent threat actors. The two-fold impact of an economic downturn would be that companies reduce spending, often cybersecurity spending, and highly skilled individuals across the globe become desperate for income, possibly turning to “black hat” or malicious hacking. Successful cyberattacks lead to significant financial and reputational losses. Businesses need a mature cybersecurity program that is resilient to today’s complex and often uncertain threat environment.

Read More

Topics: Cybersecurity, vulerability assessment, Penetration Testing, Incident Response, vCISO, Recession

Legality of Ransom Payments

Posted by Aaron R. Warner on Feb 1, 2022 3:44:30 PM

As clients begin to recognize and prepare against the threat of ransomware attacks, one tricky question keeps coming up. Is paying a ransom “illegal yet?”. No company is champing at the bit to make unplanned payments, especially not to potential terrorists on the OFAC list, but the legality of the matter depends on a few factors. *Please note that ProCircular does not provide legal advice, rather, we disseminate guidance from the top legal authorities.

As a cybersecurity professional and business owner, I keep a close eye on the everchanging recommendations surrounding ransomware attacks and incident management. I found the following document to be one of the more up-to-date (at least by government standards) and straightforward pieces available on the topic. Here's the short version:

“In the context of hostage-taking, for example, DOJ clarified in 2015 that it “has never used the material support statute to prosecute a hostage’s family or friends for paying a ransom for the safe return of their loved one.”67

Basically, there is a low likelihood of prosecution for making ransom payments, even when it is paid to a known threat actor on the OFAC denied persons list. I would only expect to see legal action taken if a very large company went through with the payment while it was expressly illegal. Even then, the punishment would be intended to make an example rather than punish the victim.

Read More

Topics: Incident Response, Ransomware

How To Prepare A Cyber Security Incident Response Plan & Incident Response Team For A Cyber Attack

Posted by Joey Marinello on Jan 13, 2022 11:22:24 AM

New cyberattacks are discovered every single day. Organizations should not be considering if they will be attacked, but rather when they will be attacked and what proactive measures must be taken to ensure the company will survive.

Read More

Topics: Incident Response

Investigating and Responding to Ryuk Cyberattack in 2020

Posted by Aaron Heikkila on Nov 18, 2020 10:30:00 AM

Incident Response is a series of investigative and remedial steps that a company takes in the event of a breach or other security incident. These restoration efforts can include backtracking through log data, isolating affected machines, and even negotiating with cyberterrorists!

Read More

Topics: Cybersecurity, Data Breach, Incident Response, security incident handling, security incident response

What is an Incident Responder?

Posted by Lindy Trout on Oct 8, 2020 9:37:01 AM

The best approach to security is a proactive one, but nobody is perfect. What happens when a determined attacker finds their way into your network? How do you know where they have been, what they have seen, when they got in, and how they gained access? How do you prioritize remediation and confirm that the bad guys are out of your network? Incident responders, like ProCircular's Aaron Heikkila, are at the ready to swoop down and stop the attackers in their tracks!

Read More

Topics: Cybersecurity, Information Security, Data Security, Incident Response, security incident handling, security incident response

    ProCircular is a Full-Service Information Security Firm

    We are passionate about helping businesses navigate the complex world of information security, and our blog is another great source of inforamtion. We can assist you no matter where you are in your security maturity journey:

    • Breached or hit with ransomware?
    • Don't know where to start? 
    • Looking to confirm your security with a third party?

    Secure your future with ProCircular.

    Recent Posts

    Subscribe to Email Updates