We continually capture lessons learned and best practices for reducing digital risk and enhancing cybersecurity and maintain a list you can use to review to ensure you and your team are optimizing defenses.
We provide no-nonsense tips on topics like:
How to configure our DNS to reduce the chances that malware will propagate in your systems
How to pick the best cybersecurity framework for your organization
OODA LLC is a CTO advisory and Due Diligence firm operating across multiple sectors of the economy. We are known for our ability to help companies mitigate risks and increase compliance while optimizing security spend.
Crucial Point helps clients improve defenses by:
CISO as a Service: Strategic leadership for corporate security programs, including evaluation of an exercising of incident response plans.
CTO as a Service: Technical architecture review and senior advice, including action plans for modernization and cloud transition.
Independent verification and validation of compliance, including GDPR, FFIEC, NIST.
BBC news ran a piece titled “Jamal Khashoggi: Saudi murder suspect had spy training” which provides more details on one of the 15-member team sent to kill Jamal Khashoggi. Maher Abdulaziz Mutreb was trained in how to use offensive spyware technology as part of nation-state sponsored efforts for the Saudi state.
A source described how Mr. Mutreb spent time in a course with him in 2011 learning to use tech his company was providing the Saudi government so it could carry out targeted attacks on the phones and computers of its own citizens.
From the BBC report:
“This information might have been basically everything from [their] GPS position, conversation, microphone audio around the device itself, camera pictures, files on disk, emails, contacts, everything that was on the device itself.”
The tools he was trained in, the source said, were similar to other tools which, according to Citizenlab and Amnesty International, were recently used against several of Mr Khashoggi’s friends.
We have a recommendation for all journalists as well as anyone else seeking to make it harder to be spied upon. Take action now to raise your defenses by reviewing the OODA Guide to Cybersecurity Best Practices.
And for external review of your cybersecurity posture see OODA LLC offerings in:
CTOvision reports on all the megatrends driving the future of IT, including trends in cybersecurity. More importantly, we track how the functionality of Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics and the Internet of Things will require new approaches to cybersecurity.
Our team has a track record of safeguarding some of the nation’s greatest secrets, equipping U.S. leadership with actionable intelligence that helps protect lives and driving technology innovation that has kept key agencies generations ahead of our adversaries.
Reply to any of our products to ask for more information on how we can serve your efforts.
For more on what we do and to engage us in a dialog see: Crucial Point
When People Magazine decides they need to start reporting on the cyber threat you know we are living in dangerous times. We have always believed more people should be informed of the threat and should work to mitigate risks, and are happy to have been a part of recent reporting in People.
OODA’s CISO as a Service offering puts our seasoned team of experts on your side.
Our leadership has spent years working across multiple sectors of the economy and in government agencies helping organizations protect what matters most. We know the threat, know best practices and know the importance of keeping your security program focused on enabling your business objectives. Our CISO as a Service offering is the ideal choice for firms who have grown to the point where a more robust security program is required. We can provide the executive leadership to get your program off the ground and can assist you in your search for a full-time CISO.
A trend we have noticed in engagements across multiple sectors of the economy is an absolute thirst for information on best practices for protecting information at home. Every employee of every company, from the most senior executive to most junior intern, is now leveraging advanced interconnected technologies in amazing new ways at home. In doing so they are introducing new risks to their personal privacy, and, at times, introducing new risks to the firm they work for. This means it is almost always in the best interest of employers to help employees understand how to better protect their personal information.
The hard part is that every home IT configuration will be different, and it is very hard for a company to provide useful, actionable guidance to every employee. We have found the most important recommendation is to encourage employees to adopt an attitude of personal responsibility and continuous questioning regarding optimal home security configuration.
This is the time of year when we think about change and make lists of resolutions to keep in the new year. As you think of your resolution list we have five topics for you to consider:
1. Use a managed DNS service at home and office: This can help prevent accidental navigation to websites that have been taken over by malicious actors and contain bad code. It can also help stop communications from malicious code in your systems back to their control sites.
2. Use two factor authentication for every account: There is no such thing as a silver bullet in cyber defense, but this is one of the most important things you can do. If an account does not offer multi-factor authentication, consider closing it.
3. Use a password manager (like Dashlane): We all have too many passwords to remember. A good password manager like Dashlane can help you keep them all up to date and secure and can also make your online life easier.
4. Update operating system and applications: Keeping your operating systems and applications patched reduces many risks.
5. Sign up for the daily at ThreatBrief.com: You can review the latest threat information in just a few minutes each morning. The threat is dynamic and the Threat Brief will help inform your decision-making by keeping you up to date.
If you are a DoD contractor of any size, including sub contractors to other contractors, you no doubt have already heard of the new changes to the Defense Federal Acquisition Regulations (DFARS) requiring enhanced security controls over contract info. The regulations are specific and will be costly. The good news is that the cost of compliance is considered an allowable cost under Federal Acquisition Regulation (FAR)/Cost Accounting Standards (CAS), which means if you do things smartly the government will allow you to role the cost into what is allowable for rates you charge. More good news is that when you engage external help in complying with DFARS you can leverage the talent of people who know the most efficient way to get these things done. This can not only get you into compliance but can make you more secure and save you money.