Why Ownership Questions Reveal Governance Gaps Sarah was preparing documentation for an upcoming compliance review…
Cyber Crime Committed on U.S. Military Contractor
According to a joint alert from the US government’s Cybersecurity and Infrastructure Security Agency (CISA), the NSA, and the FBI, a cyber-attack was committed against a U.S. Military Contractor by spies within their enterprise network. The intruders were able to steal sensitive data, which included contract-related information from shared drives. The spies in question were never apprehended and have no known affiliation, although Russia is suspected.
In the official report, the CISA outlines modes of detection, containment, remediation, and mitigation. In those outlines, they provide multiple statements that align with RegDOX®’s capabilities:
- “…recovery recommendations are largely general best practices and industry standards aimed at bolstering overall cybersecurity posture.”
- RegDOX® provides automatic backups to any and all sensitive data.
- “Monitor logs for connections from unusual VPSs and VPNs.” (Virtual Personal Server and Virtual Personal Network) and “Monitor for suspicious account use.”
- RegDOX® monitors all the activity within the application and within the application infrastructure, including logins in real time.
- “Use cybersecurity visibility and analytics tools“. and “useful for detecting lateral connections as they have insight into common and uncommon network connections for each host.”
- RegDOX® proactively block IP addresses with suspicious activity. And we have alerts set up in case out of the ordinary behaviors happen.
- “Implement stringent access controls to sensitive data and resources.”
- RegDOX® has a permission-based user set up where the client admin decides who has access to what materials. No further info can be accessed beyond the permission given.
- “Proper network segmentation significantly reduces the ability for ransomware and other threat actor lateral movement by controlling traffic flows between—and access to—various subnetworks.”
- RegDOX® is designed to have only one port open to the world, reducing the scope of the damage.
This list could continue to cover almost every point made toward best practices within this alert, as this is the key benchmark that RegDOX Solutions strives to excel. If you are not implementing best practices at every available effort, avoidable and detrimental attacks such as this one can occur. These types of issues can be significantly mitigated, in some cases to the point of termination, through RegDOX Solutions.
RegDOX® solves issues such as these by excelling at three simple aspects.
Minimize external handling: By keeping all sensitive information within the same secure data room without having to remove it from that compliant and secure structure, the mishandling or procurement of such information is effectively neutralized.
Monitor all activity: With all information being kept in one place, more in depth monitoring can take place, ensuring that there is no action that goes untracked and furthermore unnoticed.
Provide highly restricted access: Strict user permissions make certain that only administered users have access to specific documents.
These three measures all work in unison to establish a best practices cyber security and compliance option. Knowing for certain who did what and how within a secure network is immeasurably valuable to any organization handling sensitive information.
For More Info, visit our products page: RegDOX® Products | RegDOX Solutions | Nashua, NH
Click to rate this post!
[Total: 0 Average: 0]

This Post Has 0 Comments