The continued warnings of potential cyber attacks. Horror stories from organizations that have lost access to data and weren’t fully operational for months. Updates and tips from vendors.
It’s information overload leaving many leaders anxious and lacking clear direction for where exactly to start in analyzing its current cyber posture and determining the right path to position the organization to be prepared for an attack.
In a recent webinar, our team not only provided our customers with an update on the current threat landscape, but also provided some insight for the work they are doing to help organizations monitor and protect systems, and prepare for a future breach.
The reality is that Russia and other threat actors could be doing things we aren’t seeing in preparation for attacks months or years down the road. The Solar Winds and Colonial Pipeline attacks are examples of breaches that occurred after hackers spent years in our systems exploring vulnerabilities for a targeted attack.
Our Director of Cybersecurity, Michael Seidelman, shares that malware, email phishing and social engineering are common entry points for attackers. So, our team regularly monitors all systems for alerts to a potential breach and act quickly to fix and protect.
Our team acts as threat hunters, looking for indicators of compromise and notifying clients immediately.
Zachary Hill, Think|Stack’s CTO, shares that our team is actively running reports to verify devices, apps and servers are up to date and patched, and that all tools are monitored to limit risk to as few vulnerabilities as possible.
He reinforces the importance of communication – teams should be conducting tabletop exercises to discuss potential threats, ways to train employees to know who to contact and the steps to take in the event of a breach, and communicating with vendors and core providers to understand how they are monitoring and updating their systems.
Organizations are vulnerable to attacks due most often to human error, so user awareness is critically important – employees as well as vendors. Think|Stack CEO Chris Sachse states that the easiest way for attackers to get into the organization is through users so in addition to continuous training, organizations must build a culture that encourages employees to have a skeptical mindset and take cyber seriously.
Our team works with clients to evaluate everything from business continuity plans – most don’t consider a cyber breach – to user access and cyber insurance. Something as simple as adding Think|Stack and other approved vendors to the policy will allow them to get to work immediately to respond to an attack instead of losing precious time waiting for approval.
When our team detects a vulnerability, we open a ticket and communicate with the point of contact, keeping your team aware and up to date.
Our team monitors threat intelligence, tracks the news and updates from partners, and filters the information gathered to provide clients with the most pertinent information that relates to their business and the credit union industry.
We help our clients to better understand their current capabilities, gaps in vulnerabilities, what to analyze and questions to ask. Cybersecurity, understanding the cyber threat landscape, and positioning your organization to be prepared for a future breach is complicated, but a trusted partner like us can help you navigate the complexity of it all.
Contact us to explore how we can help your team create a roadmap for improving your organization’s cyber posture, and develop a security culture.
About the Author
Chris Sachse, CEO
Chris started Think|Stack in 2011 to serve organizations who serve their communities. Chris saw the important role tech and cybersecurity played in the financial services space. For over a decade Chris and his team have made it their mission to support, secure and empower credit unions to innovate through continuous technology improvement. He is an educator at heart and passionate about helping leaders and their teams understand how technology can support their goals while delivering seamless, enjoyable technology experiences to their people. As a cloud and cybersecurity leader, Chris is proud to sit on the MD Governor's Workforce Development Board as Vice Chair as well as the Cybersecurity Association of MD as Chair.