Access Point Consulting

The question of who should own the resilience strategy within an organization is more pertinent than ever. Based on discussions with various industry leaders and our team's own experiences, it is clear that while the concept of resilience is broad and multifaceted, specific roles within an organization are better positioned to lead these initiatives. More pointedly, the CISO should not only be involved in but often lead the resilience effort company-wide. This is because the CISO serves as an independent assessor of security-related situations, uniquely positioned to oversee and coordinate efforts that span across multiple departments. The independence of the CISO is crucial. Just as in finance, where controls are designed to prevent fraud (for example, ensuring the person who sets up a vendor cannot pay the vendor), similar principles of checks and balances apply in IT and cybersecurity. This separation of duties ensures that resilience strategies are implemented without conflicts of interest and are comprehensive enough to cover all aspects of the organization's operations. For growth-stage companies, the integration of such roles and responsibilities poses both financial and operational challenges. Hiring or appointing a CISO or a similar role with the necessary expertise and authority can be a significant investment. However, the cost of not having a dedicated role focused on resilience can be much higher, considering the potential risks of cyber threats and operational disruptions. It's situations like these in which people like Jeff Ulanet and his team at Atlas Health turn to Access Point's Virtual CISO team for our decades of experience in security leadership. Resilience should not be an afterthought or a box-ticking exercise. It is a strategic imperative that requires leadership and commitment at the highest levels. The CISO, supported by the executive team, should lead this charge, ensuring that resilience strategies are aligned with the organization's overall business objectives and risk management framework. At Access Point Consulting, you can find expert security leadership without the financial and operational burden of a full-time resource. Learn more at https://hubs.ly/Q02x3Nh50 #Cybersecurity #BusinessResilience #CISO #Leadership #AccessPointConsulting

The potential for artificial intelligence (AI) and machine learning (ML) systems to be manipulated to produce false outcomes presents a significant risk. For instance, imagine a scenario where manipulated ML generates an incorrect clinical image or diagnosis. Such errors could stem from internal biases or external interferences at the data source or during the data ingestion process. This issue underscores the complexity of threats faced when integrating these technologies into healthcare operations. For healthcare organizations utilizing ML to streamline operations, the importance of governance and control systems around these technologies is critical. Questions about who is using ML, how it is being used, and what other systems it interacts with are essential for ensuring that these powerful tools do not inadvertently become sources of risk. The discussion around AI in healthcare is not just about innovation but also about securing these innovations. The NIST Cybersecurity Framework remains a vital tool for organizations navigating modern cybersecurity challenges. This framework provides guidelines that help organizations implement effective cybersecurity measures that can mitigate the unique challenges posed by AI. As AI and ML continue to evolve and integrate deeper into healthcare systems, the need for a comprehensive approach to their governance and security becomes increasingly important. Organizations must ensure that their ML systems are not only efficient but also secure and unbiased. This requires continuous vigilance, regular updates to security protocols, and a commitment to understanding and mitigating the risks associated with these technologies. Jeff Ulanet says it best in this clip from his time on stage together with Geoff Hancock and Rick Leib at HIMSS24. #AIinHealthcare #MachineLearning #Cybersecurity #HealthcareInnovation #AccessPointConsulting

At Access Point Consulting, we recognize the imperative of ingraining cybersecurity response into the organization's muscle memory. This approach not only prepares teams for potential crises but also ensures that the response is swift, coordinated, and effective. Conducting regular drills, ideally two to four times a year, is crucial for ensuring that every member of the team knows their role during a cybersecurity incident. These exercises help teams internalize their responsibilities and the expected timelines for updates. Such drills make the difference between a disorganized response and a swift return to normal operations. Despite best efforts, the reality is that incidents—be it malware attacks or cloud platform outages due to vendor lock-in—can and do happen. The key to minimizing their impact lies in having robust recovery strategies. In healthcare, where security directly impacts patient safety, the ability to quickly and effectively recover from an incident is not just about business continuity—it's about lifesaving. Recovery strategies should not only focus on immediate mitigation but also on learning from the incident. What worked? What didn’t? How can the organization prevent similar failures in the future? These insights are invaluable for building resilience and enhancing the organization’s overall security posture. The development of a resilience culture within an organization is essential. It ensures that cybersecurity is not seen merely as a series of technical challenges but as an integral part of the organizational ethos. This cultural shift is vital because, as history shows with recent examples like Home Depot, no organization is impervious to attacks. The goal, therefore, is not to create an impenetrable system but to build one that can withstand, respond to, and recover from attacks as effectively and efficiently as possible. #HealthcareCybersecurity #CyberResilience #PatientSafety #AccessPointConsulting

Vulnerability in HTTP Connection Headers Parsing in Tinyproxy Matthew Fagan, Access Point Consulting

Several RCE vulnerabilities are detailed in a recent HPE Aruba Networking security advisory

We've learned through experience that one of the most significant bottlenecks in the flow of critical information is the creation process itself. Templates streamline communication by providing a predefined format for presenting information. This standardization means that when an incident occurs, the response team can quickly populate the templates with specific details and distribute them without delay. For executives, who often juggle multiple priorities and need to digest information rapidly, templates ensure they know exactly where to look for the information that matters most to them. This efficiency not only speeds up decision-making but also enhances the overall strategic response by ensuring that all stakeholders are informed and aligned promptly. Similarly, having a cybersecurity playbook is akin to having a detailed game plan. A playbook outlines standard operating procedures for various scenarios, providing clear guidelines and steps for the team to follow during an incident. This preparation is invaluable because it reduces uncertainty and hesitation, allowing the cybersecurity team to execute their tasks with confidence and precision. The use of templates and playbooks also plays a crucial role in building trust and credibility within the organization. When leaders consistently receive well-organized, concise, and actionable information, their trust in the cybersecurity team's capabilities and management grows. This trust is crucial not only in the heat of a crisis but also in everyday operations, as it underpins the security posture and resilience of the entire organization. Recent updates to the NIST Cybersecurity Framework 2.0, emphasize the importance of governance and structured incident response—principles that are well-supported by the use of templates and playbooks. These documents not only adhere to but are enhanced by the structured approach that templates and playbooks provide, aligning internal processes with industry best practices and regulatory expectations. #Cybersecurity #IncidentResponse #NIST #CommunicationExcellence #AccessPointConsulting

MedStar has fallen victim to a significant data breach. Report by Matt Berns, Access Point Consulting

Trust between technical teams and executive leadership is a must when it comes to incident response. When an incident occurs, it's crucial that there is a mutual understanding that the cybersecurity team is equipped with a solid plan and the necessary resources to address the issue. This trust ensures that when the team outlines the impact of the breach and what is required to mitigate it, the executives are ready to act swiftly, enabling the necessary resources or actions without delay. Chris Skinner is a recent addition to our team. He observed that while an ad hoc process may be better than none, it often leads to inefficiencies and confusion. The lack of a structured, codified process can result in a reactive environment where responsibilities are unclear, and accountability is often passed from one person to another. This scenario not only slows down the response but can also exacerbate the impact of the incident. The transition from an ad hoc to a codified process is not merely a change in how tasks are performed; it represents a fundamental shift towards a culture of preparedness and professionalism. A formalized process ensures that everyone knows their role and the steps to follow, which significantly reduces the time spent on coordinating actions during a crisis. Furthermore, communication is a critical component of this process. Knowing when and what to communicate to the C-suite is essential. Executives should not be micromanaging or inundating the IR team with requests for updates in the heat of the moment. Instead, there should be a clear schedule for briefings that allows the IR team to focus on resolving the incident while keeping leadership informed at appropriate intervals. Investing in a skilled cybersecurity team is only the first step. The C-suite must trust this team to manage incidents effectively. This trust is cultivated through demonstrated competence and consistent communication. It’s about letting trained professionals do their job while ensuring they have the support and resources to execute their responsibilities effectively. By fostering an environment where the technical team is trusted to act and the executive team is prepared to support, organizations can ensure that responses to cyber threats are swift, efficient, and minimally disruptive. This approach not only protects the organization's data and systems but also preserves its integrity and reputation in the long run. #Cybersecurity #IncidentResponse #CorporateCulture #AccessPointConsulting

The speed and efficiency of your incident response efforts can drastically affect the outcome of a breach or attack. A crucial element in enhancing your organization's cybersecurity posture is developing robust relationships with key internal stakeholders, particularly within the finance department. When cybersecurity leaders cultivate these relationships, requests for critical funds, such as those for IR activities or retainer fees, are more likely to be understood and prioritized. It’s essential that these requests are not seen merely as budgetary pressures but as vital investments in the organization's resilience against cyber threats. Having a trusted IR company on retainer is another strategic asset that can significantly streamline the response process during a cybersecurity incident. This proactive approach ensures that when a breach occurs, the external experts are familiar with your organization’s systems and can jump into action without delay. Pre-established access to necessary systems like your Security Information and Event Management (SIEM) and predefined procedures mean that your response begins immediately, drastically reducing the potential damage caused by delays in addressing the threat. Pre-preparedness with an IR retainer eliminates the need to scramble to draft contracts or statements of work in the midst of a crisis. Such readiness not only speeds up response times but also alleviates the stress and chaos often associated with mobilizing resources during an incident. The familiarity between your internal teams and the retained IR professionals fosters a coordinated effort that can significantly reduce the incident's dwell time—the period during which the threat actors have access to your systems. Moreover, the relationships with your legal and executive teams are equally critical. These relationships ensure that there's a strategic plan and structure in place, which is crucial for quick decision-making during a crisis. Trust and understanding between cybersecurity teams and executive leadership are fundamental to ensuring that the response to an incident is swift and effective. #Cybersecurity #IncidentResponse #StrategicPartnerships #AccessPointConsulting

Exploited vulnerability in Cisco ASA and Cisco FTD causes a denial-of-service condition