Share this page!

Lesley Carhart Profile picture
Twitter logo
3 Jul, 11 tweets, 2 min read
We all kept telling them it was escalating and just going to get worse…
But no… every time one cybercrime group posts a mea culpa, or a few people get indicted or arrested, the pundits are like
Please, learn this time:
- Ransomware is lucrative, and orgs pay out $$$
- Have a tested IRP
- Have offline and tested backups
- Insurance won’t save you alone
- Blinky boxes won’t save you alone
- Retain IR if not in-house
- Work on basic security hygiene
- Be ready!
- Ransomware does not just come through phishing emails anymore. Your (perhaps overly cruel) awareness tests won’t save you, alone.

The most common vectors I’ve seen recently are supply chain and vulnerable ingress/egress perimeter devices like concentrators or virtual clients.
There is an excellent product that you can use to survey your own cybersecurity maturity. It is called C2M2. I recommend your org sit down and do the Incident Response portions ASAP, and see what maturity level you are at and what is keeping you from getting any further.
You can find great references for doing this at US DoE energy.gov/ceser/energy-s…

It is really not industrial specific.
If you are not at MIL 1 yet I strongly encourage you to consider what structural, budget, and organizational changes you need to make it there, either internally or by retaining external security expertise.
Oh, I forgot - another security product to probably insult

- A cloud won’t save you, alone. Plenty of OneDrive, AWS, and Sharepoint getting encrypted during ransomware attacks.
“Defense in Depth across the Kill Chain” is *so many buzzwords* in one sentence, but actually mostly real ones, this time. There’s no magical silver bullet. Good cybersecurity requires layers of processes, architecture, tools, and humans.
I say this all because I genuinely care. My job is seeing organizations on their most catastrophic, stressful, costly cybersecurity day. Most of them joke they hope to never see me again. It’s fair.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lesley Carhart

Lesley Carhart Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @hacks4pancakes

Lesley Carhart Profile picture
11 May
One of the most talented young martial artists I’ve ever worked with burnt out and suddenly quit after a decade today. I’m reeling.

I don’t know if any teens at all read my account at all but like... if there are a bunch of adults really invested in mentoring you it’s... (1/x)
... totally okay to say you’re like, overwhelmed, need a break, you need to switch learning styles or speed, or just that you need more support.

Please don’t just give up and vanish because you don’t think you can meet our expectations, or because you think you messed up.
This goes for like your hobbies, infosec, hacking, whatever. Like, people who mentor can be self-centered jerks, but most of us really just want you to succeed - even if your measure of success changes over time! We are emotionally invested in you.
Read 4 tweets
Lesley Carhart Profile picture
10 May
I don’t think people appreciate how effectively Darkside has been ramping up operations mostly under the radar for the last year. This was a very big “oops”. They were doing a really good job of decimating businesses, including infrastructure - and everyone has been really quiet.
I mean like read between the lines
Read 9 tweets
Lesley Carhart Profile picture
5 May
Oh: “we don’t call threat hunting ‘threat hunting’ here when we do it, though”

I don’t care
You still have to do it if you want to catch stuff your automated detection misses
Your people had better know what to search for in reality when they need any education or references
WTF
Stop making ridiculous job titles and renaming common Cybersecurity terms just because it internal politics? All it hurts is your current and future analysts?
Every Cybersecurity monitoring organization today with any bandwidth available after detection automation and response not *performed by a hamster* should be doing the proactive task which is, in fact, called threat hunting.
Read 4 tweets
Lesley Carhart Profile picture
26 Apr
Today in, “wow, we’re failing as a profession”, a 60-reply-long joke thread on my neighborhood forum in 2021 about how ‘obviously everyone has to reuse passwords because they’re just too hard to remember as one gets older’.
Actually biting my fingers to not be “that nerd” on a funny ha ha joke.

Until the AOL-using retired gardeners in my town feel comfy using password managers and/or FIDO keys, we’re still lacking in usability and awareness.
Meanwhile we’re like, “just use a password manager, except you have to open it separately on iPhone if you use that plus a PC, and you can use a FIDO key on some sites, but don’t lose it, and you need a different authenticator app for home and work, but don’t use SMS.”
Read 5 tweets
Lesley Carhart Profile picture
22 Apr
Asexual Enby story time because you keep asking for more representation:
“Is this a fad?”
I can only speak for myself, but as an adolescent I was so skeeved by turning into an adult, sexualized woman that I quit every single school activity that started making me dress like one.
Like, I literally gave up music and art because at 10-12 they started requiring nylons and heels for uniforms and I was so not cool seeing myself.

When I was 15 I had a girl BFF for the first time. She would go have sex with her boyfriend at someone’s basement. I never snitched.
She “hooked me up” with his buddy as a ‘boyfriend’, but we just played MUDs on the computer while we were waiting and I was honestly very confused by everything that was happening.
Read 5 tweets
Lesley Carhart Profile picture
21 Apr
If you accuse people who give a crap about others who don't look, date, or pray like them of "virtue signaling", maybe you don't know enough people, and maybe you have been too sheltered from people who are suffering. Ultimately, it will impact you as a security professional.
I'll never forget the black, woman, veteran employee I watched break into tears because she had been pulled over by the police on her way to work during Chicago protests, held, and aggressively accused of being a rioter. She had ID reflecting all of this and was dressed for work.
There are whole neighborhoods here that are incredibly difficult to escape, and the police automatically make assumptions about anyone living or entering there. Places that have poor access to jobs, good education, support resources, and even decent food.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @hacks4pancakes has new unrolls!

Check out other threads from @hacks4pancakes!

Read all threads by @hacks4pancakes

:(