We continually capture lessons learned and best practices for reducing digital risk and enhancing cybersecurity and maintain a list you can use to review to ensure you and your team are optimizing defenses.
We provide no-nonsense tips on topics like:
How to configure our DNS to reduce the chances that malware will propagate in your systems
How to pick the best cybersecurity framework for your organization
OODA LLC is a CTO advisory and Due Diligence firm operating across multiple sectors of the economy. We are known for our ability to help companies mitigate risks and increase compliance while optimizing security spend.
Crucial Point helps clients improve defenses by:
CISO as a Service: Strategic leadership for corporate security programs, including evaluation of an exercising of incident response plans.
CTO as a Service: Technical architecture review and senior advice, including action plans for modernization and cloud transition.
Independent verification and validation of compliance, including GDPR, FFIEC, NIST.
BBC news ran a piece titled “Jamal Khashoggi: Saudi murder suspect had spy training” which provides more details on one of the 15-member team sent to kill Jamal Khashoggi. Maher Abdulaziz Mutreb was trained in how to use offensive spyware technology as part of nation-state sponsored efforts for the Saudi state.
A source described how Mr. Mutreb spent time in a course with him in 2011 learning to use tech his company was providing the Saudi government so it could carry out targeted attacks on the phones and computers of its own citizens.
From the BBC report:
“This information might have been basically everything from [their] GPS position, conversation, microphone audio around the device itself, camera pictures, files on disk, emails, contacts, everything that was on the device itself.”
The tools he was trained in, the source said, were similar to other tools which, according to Citizenlab and Amnesty International, were recently used against several of Mr Khashoggi’s friends.
We have a recommendation for all journalists as well as anyone else seeking to make it harder to be spied upon. Take action now to raise your defenses by reviewing the OODA Guide to Cybersecurity Best Practices.
And for external review of your cybersecurity posture see OODA LLC offerings in:
Fing is a nice app that runs on your smartphone or tablet that will show you who else is on your network. It puts an interface on capabilities like Ping, Traceroute and many others and presents information in a way that is fast. You can find links to download the app at Fing.io. Next time you decide to join a public WiFi network at a conference or hotel you can launch Fing and see how they have configured the network and if you can see others on the net. Note: The Fing app works a bit better on Android, for now. Apple has restricted the ability of applications to see some technical info (specifically MAC addresses). But the greatest functionality of the app is its connectivity to the device mentioned below, the FingBox. So don’t let the lack of ability to scan MAC addresses deter you from downloading the app.
Fing now has something that makes it far more powerful than just an app on your mobile device. They offer a device for your home network called the Fingbox. This adds network security and troubleshooting to watch over your network and give you control to block users you don’t want in your net. It detects intruders, manages devices authorized to use your network and also analyzes the quality of your WiFI and Internet connections. Fingbox also gives you parental controls.
Another really neat thing it will do is give you a “WiFi Fence” around your home. This of this like having a magic super power. You can set it to give you alerts when any device comes near your home. Imagine getting an alert when the mailman approaches or when the pizza delivery guy gets near. Imagine getting an alert when a bad guy comes close at night. Or would you like to know when a WiFi enabled drone is within range of your house?
I love the Fingbox and mostly highly recommend it to anyone with WiFi at home. Find it here.
CTOvision reports on all the megatrends driving the future of IT, including trends in cybersecurity. More importantly, we track how the functionality of Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics and the Internet of Things will require new approaches to cybersecurity.
Our team has a track record of safeguarding some of the nation’s greatest secrets, equipping U.S. leadership with actionable intelligence that helps protect lives and driving technology innovation that has kept key agencies generations ahead of our adversaries.
Reply to any of our products to ask for more information on how we can serve your efforts.
For more on what we do and to engage us in a dialog see: Crucial Point
OODA’s CISO as a Service offering puts our seasoned team of experts on your side.
Our leadership has spent years working across multiple sectors of the economy and in government agencies helping organizations protect what matters most. We know the threat, know best practices and know the importance of keeping your security program focused on enabling your business objectives. Our CISO as a Service offering is the ideal choice for firms who have grown to the point where a more robust security program is required. We can provide the executive leadership to get your program off the ground and can assist you in your search for a full-time CISO.
A trend we have noticed in engagements across multiple sectors of the economy is an absolute thirst for information on best practices for protecting information at home. Every employee of every company, from the most senior executive to most junior intern, is now leveraging advanced interconnected technologies in amazing new ways at home. In doing so they are introducing new risks to their personal privacy, and, at times, introducing new risks to the firm they work for. This means it is almost always in the best interest of employers to help employees understand how to better protect their personal information.
The hard part is that every home IT configuration will be different, and it is very hard for a company to provide useful, actionable guidance to every employee. We have found the most important recommendation is to encourage employees to adopt an attitude of personal responsibility and continuous questioning regarding optimal home security configuration.
This is the time of year when we think about change and make lists of resolutions to keep in the new year. As you think of your resolution list we have five topics for you to consider:
1. Use a managed DNS service at home and office: This can help prevent accidental navigation to websites that have been taken over by malicious actors and contain bad code. It can also help stop communications from malicious code in your systems back to their control sites.
2. Use two factor authentication for every account: There is no such thing as a silver bullet in cyber defense, but this is one of the most important things you can do. If an account does not offer multi-factor authentication, consider closing it.
3. Use a password manager (like Dashlane): We all have too many passwords to remember. A good password manager like Dashlane can help you keep them all up to date and secure and can also make your online life easier.
4. Update operating system and applications: Keeping your operating systems and applications patched reduces many risks.
5. Sign up for the daily at ThreatBrief.com: You can review the latest threat information in just a few minutes each morning. The threat is dynamic and the Threat Brief will help inform your decision-making by keeping you up to date.