News is out that even more U.S. companies have been added to the list of telecommunications firms hacked by Salt Typhoon according to the Wall Street Journal. If that link doesn’t work, here’s another link that covers the salient points.
Chris Hauk, Consumer Privacy Champion at Pixel Privacy had this to say:
“Possible targets of these Chinese attackers need to immediately follow the steps outlined by the FBI and NSA to help harden their systems against attack. Actually, any organization would be advised to follow the steps. Patching and upgrading apps and devices, limiting the types of connections and privileged accounts, and only using strong encryption, are just some of the steps organizations can take to harden their systems against attack.”
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 followed up with this:
“The Chinese have been hacking into US organizations for decades and taking every secret and bit of intellectual property they wanted to get their hands on. This is just the latest iteration. The US Dept. of Treasury recently sanctioned a Chinese publicly traded company for being involved in these latest attacks. The way you keep Chinese attackers out is the same as it has been for decades: aggressively mitigate social engineering and patch your software and firmware. Social engineering and phishing are involved in 70% – 90% of successful attacks, and vulnerabilities in software and firmware are involved in 33% of successful attacks. These two root hacking causes account for 90% – 99% of the risk in most organizations. It’s not enough to do training once a year or once a quarter. It needs to be at least once a month along with monthly to weekly simulated phishing exercises. We have the data to show that organizations that do effective security awareness training are far less likely to be successfully compromised.”
It’s good that people are discovering how big this hack is. But it’s bad that it is this big. We all need to do everything possible to ensure that nothing like this ever happens again.
Related
This entry was posted on January 6, 2025 at 2:28 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Salt Typhoon breached more US companies
News is out that even more U.S. companies have been added to the list of telecommunications firms hacked by Salt Typhoon according to the Wall Street Journal. If that link doesn’t work, here’s another link that covers the salient points.
Chris Hauk, Consumer Privacy Champion at Pixel Privacy had this to say:
“Possible targets of these Chinese attackers need to immediately follow the steps outlined by the FBI and NSA to help harden their systems against attack. Actually, any organization would be advised to follow the steps. Patching and upgrading apps and devices, limiting the types of connections and privileged accounts, and only using strong encryption, are just some of the steps organizations can take to harden their systems against attack.”
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 followed up with this:
“The Chinese have been hacking into US organizations for decades and taking every secret and bit of intellectual property they wanted to get their hands on. This is just the latest iteration. The US Dept. of Treasury recently sanctioned a Chinese publicly traded company for being involved in these latest attacks. The way you keep Chinese attackers out is the same as it has been for decades: aggressively mitigate social engineering and patch your software and firmware. Social engineering and phishing are involved in 70% – 90% of successful attacks, and vulnerabilities in software and firmware are involved in 33% of successful attacks. These two root hacking causes account for 90% – 99% of the risk in most organizations. It’s not enough to do training once a year or once a quarter. It needs to be at least once a month along with monthly to weekly simulated phishing exercises. We have the data to show that organizations that do effective security awareness training are far less likely to be successfully compromised.”
It’s good that people are discovering how big this hack is. But it’s bad that it is this big. We all need to do everything possible to ensure that nothing like this ever happens again.
Share this:
Like this:
Related
This entry was posted on January 6, 2025 at 2:28 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.