News &

Ask Jack: Can An Image Deliver Malware?

Is it possible to deliver malware through an image? Jack provides the answer.

Ask Jack: What Is The Real Risk For Small- And Medium-Sized Businesses After A Cyber Attack?

Jack McCalmon, Esq. details the mindset small- and medium-sized employers should have when addressing cyber breach risk, and the end results of a breach.

Ask Jack: If I Purchase Macs, Do I Really Lower My Cyber Exposure?

An employer asks Jack McCalmon, Esq. if macOS will lower cyber exposures.

Emotet Malware Makes A Comeback: What is It And What Prevention Steps Can Employers Take?

Cybersecurity experts notice a significant increase in cybercriminals are using this malware to attack networks. What can you do to help prevent it?

Risk Assessments Necessary To Address Cyber Vulnerabilities

In order to best protect your network from a cyberattack, it is important to understand the "why" and "how" behind cybercrime.

A primary goal of a cybercriminal is financial gain, but it is not the only motivation. Nation-state attackers seek to disrupt foreign infrastructure or economic activity, while a hacktivist's attack objective is to disrupt the activities of an organization they believe is in opposition to their agenda.

Cybercriminals also breach networks to use them as crypto mining resources or to steal an organization's intellectual property.

Although motivations may differ, most attacks follow the same process. Attackers research their targets and use open-source intelligence tools (OSINT) to gather information about the organization. By weaponizing phishing emails or websites that employees often utilize, or taking advantage of a known software vulnerability, hackers can infiltrate a network and install malware that avoids detection and gains control of the system.

The foundation of an effective defense against cyberattack is to foster a workplace culture of cybersecurity. This commitment to supporting cybersecurity measures should involve employees at all levels, from top executives to front-line workers. Employees are an important line of defense, and should be trained on secure password practices and how to recognize and report suspicious email or network activity.

Be sure to conduct regular reviews of your cybersecurity risk, approaching it with the mind of an attacker. Run OSINT on your organization to gain an understanding of how attackers might target you. Also, keep up to date on identified software vulnerabilities, installing patches when needed. Stu Sjouwerman "What your organization looks like in the eyes of a cyber attacker" (Jan. 26, 2022).


The above source sheds light on what cybercriminals are looking for, and can help you identify who is your biggest threat and by what means you are the most vulnerable.

Your risk assessment should also identify the sensitive data you collect, as well as address every potential point of entry into your system, including phishing attacks, software vulnerabilities, third-party vendors, or malicious employees. Be sure to involve all upper management in your risk assessment process, not just IT staff, because they can provide awareness of risks and how they impact operations.

Utilize the results of your assessment to develop a response plan, and coordinate that plan across your organization. Be sure to test and evaluate your implemented procedures.

Conduct a regular review of your risk assessment to make certain it addresses current threats and vulnerabilities.

Finally, your opinion is important to us. Please complete the opinion survey: