2017 was an action-packed year in the world of cyber security (and cyber crime). This year gave us Wannacry and NotPetya, two of the largest cyberattacks the world has ever seen, and one of the largest and most widespread data breaches of all time: the Equifax breach. As if that wasn’t enough, state-sponsored cyber meddling dominated headlines all year, episodes of our favorite TV shows were hacked and held for ransom, and our household IoT devices were recruited into botnets big enough to shut down huge swaths of the Internet. It was a whirlwind year for our industry.
We’ve listed some of our most read and most shared blog posts from 2017 below.
Be sure to check them out and subscribe to Focal Point of View for what will surely be an eventful 2018!
1. The 11%: A Look at the Women Closing the Cyber Security Gender Gap
According to the latest workforce study from (ISC)2, only 11% of the global cyber security workforce is made up of women. And while we find this statistic rather disconcerting, we set out to highlight the impact of the extraordinary women working in this industry. This blog series, which will expand in 2018, features in-depth interviews with cyber security thought leaders discussing their careers, motivations, challenges, and advice for other women in the field.
2. The Essential Guide to Cyber Workforce Development
Through the end of November, there were more than 1,200 recorded breaches, far surpassing the total for all of 2016. Couple this with experts’ predictions of a 1.5 million worker shortage in cyber security by 2020, and you have a rather bleak picture. As the cyber skills gap widens and it becomes harder to fill positions on your security team, the focus must shift to building the skills you need rather than finding them. Our virtual whitepaper walks through how to create a workforce development program that fills the gaps on your team, gives employees the training they need to succeed, and puts them on a rewarding and valuable career path.
3. Four Free Cyber Security Awareness Email Templates to Use at Your Company
Security awareness has never been more important. Every employee in your organization needs to be familiar with the ways attackers are attempting to take advantage of them. We put together a handful of security awareness email templates that organizations can send to their employees to educate them on how to recognize the most common threats. The email templates cover ransomware, phishing, whaling, and password tips. Use these templates in 2018 as cyber security awareness refreshers for all employees.
4. Phishing Case Studies: How Attackers are Taking Their Time, and Taking Your Money
Of all the attack methods that lead to data breaches, basic phishing and spear-phishing remain the most popular and most effective. We see hundreds of phishing attempts each year, and in this post, we detailed a few of the more elaborate, creative phishing attacks we saw in 2017. The best way to prepare for an attack is to understand the methods used in this new era of well-conceived and well-orchestrated phishing attacks.
5. Focal Point Releases Malware Analysis of Android X-Agent Implant
2017 was a banner year for state-sponsored cyber attacks, so it comes as no surprise that our technical analysis of the X-Agent malware was one of our most viewed blog posts of the year. This report, written by Focal Point’s malware analysis team, disputed a then widely held belief that a malware attack on a piece of Ukranian military software could be positively attributed to the Russian hacking group FancyBear. Focal Point obtained a sample of the malware in question and determined that the certainty surrounding claims of Russian involvement and the ability of the malware to triangulate precise locational data were not substantiated by the evidence. Our full technical report can be downloaded from the blog post.
6. Why Aren’t Passwords Dead Yet?
With new forms of authentication on the rise and password fatigue at an all-time high, what role does the traditional password play in 2017 and beyond? In this blog post, our experts weigh in on the newest generation of user authentication – like biometrics, contextual authentication, and more – as well as some best (and worst) practices for managing passwords securely and effectively. The bottom line is that passwords are still very much alive and well, but additional security features like multi-factor authentication need to start becoming the standard.
7. The 11 Things Your Company Should be Doing to Protect Against Attacks like NotPetya
It’s been just over 6 months since the historic NotPetya malware sent shockwaves across Europe. This was the devastating “wiperware” (not ransomware) that wiped computers clean, with no means to restore any data. In the wake of this attack, we developed a detailed list of 11 things companies should be doing, both technical and operational, to prepare for a potential wiperware attack. Global cyberattacks aside, the information presented in this blog post is good security hygiene for any organization.
Want 2018's top posts in your inbox?
Subscribe to Focal Point's Risk Rundown below - a once-a-month newsletter with our best blog posts, templates, webinars, white papers, and news you may have missed. Thousands of your colleagues and competitors have signed up! You can unsubscribe at any time.