The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Even With Cybersecurity... Isolation Is Non Productive

See Article Here

The attached article discusses how state and local governments should collaborate to strengthen their collective cybersecurity posture, and I agree, there is strength in numbers. State and local governments cannot compete with private industry salaries, but they have the same challenges, sometimes even more difficult challenges, like voter security. However, historically, everyone whether governments or corporations, have this fear that if they share information, i.e. make themselves vulnerable, someone will come along and use that against them. I believe this is an outdated premise, no one industry, corporation, nor government can know it all. Various entities see all sorts of threats, some industry specific and some not so much. But if we collaborate, we may be able to learn how a non-related industry threat can wreak havoc on our systems.

Say it with me, your average cyber-criminal doesn't care about your industry, they are attacking a vulnerability that may exist across all industries. Sharing what you are seeing can help everyone! The term Advanced Persistent Threat (APT) is being used so loosely these days it is sort of losing its true meaning. In my experience an APT attack is more of a targeted attack, ransomware is not an APT attack, it could be used as a tool in a cyber criminal’s arsenal but by itself it is not. Just like no one can withstand a federal investigation, no one can withstand a true APT attack. But if we are ranking where a company should put its money, don’t start with securing against an APT attack, start with ransomware. Have a vulnerability management program, actually patch your systems, have tried and TESTED backups off network, make sure you are practicing least privilege on your file shares, these are just a few things that can be done to battle that pesky ransomware bug.