Grizzly Steppe – what every organization needs to do

On December 29th, the FBI together with CERT finally released a Joint Analysis Report on the cyber-attacks on the US Democratic Party during the US presidential election.Every organization, whether they are based in the US or not, would do well to read this report and to ensure that their organization takes account of its recommendations.Once released into the wild – the tools and techniques and processes (TTPs) used by state actors are quickly taken up and become widely used by other adversaries.

Go to the profile of Mike Small
Jan 01, 2017
2
0
Upvote 2 Comment

On December 29th, the FBI together with CERT finally released a Joint Analysis Report on the cyber-attacks on the US Democratic Party during the US presidential election.Every organization, whether they are based in the US or not, would do well to read this report and to ensure that their organization takes account of its recommendations.Once released into the wild – the tools and techniques and processes (TTPs) used by state actors are quickly taken up and become widely used by other adversaries.

There are several well-known areas of vulnerability that are consistently used by cyber-attackers.These are easy to fix but are still commonly found in many organizations’ IT systems. Organizations should take immediate steps to detect and remove these from their IT systems:

The report describes a set of recommended mitigations and best practices. Organizations should review these recommendations and takes steps to implement them without delay.

Go to the profile of Mike Small

Mike Small

Fellow Analyst, KuppingerCole

For 15 years Mike worked for CA where he developed CA’s identity and access management strategy for distributed systems. This strategy led to the developments and acquisitions that contributed to CA’s current IAM product line. He is a frequent speaker at IT security events around EMEA and contributor to the security press. Mike began his career with International Computers and Tabulators (which later became International Computers Limited), where he was the architect for a number of leading edge information technology development projects ranging from system software to artificial intelligence. Mike is a Chartered Engineer, a Chartered Information Technology Professional, a Fellow of the British Computer Society a Member of the Institution of Engineering and Technology. He has a first class honours degree in engineering from Brunel University. Specialties: Cloud Computing - security and governance Information security management

No comments yet.