Jump to content

Ransomware and Cyber Security Policies


Recommended Posts

https://www.theguardian.com/technology/2021/jun/14/ransomware-is-biggest-online-threat-to-people-in-uk-spy-agency-chief-to-warn

 

I recommending reading the full article but what might be on the horizon:
 

Quote

Cameron also called for insurance companies to stop paying out ransoms – currently legal because hackers are rarely members of banned terrorist groups - ...

 

Edited by GremlinIT
  • Like 1
Link to comment

Had a fun chat with OGI about Open Attach and Ransomware ...

 

Currently, OA uses SYSTEM to modify and create folders and files. However, it uses the User's permissions to read and open files.

 

This means that I can help prevent ransomware from encrypting the data but not prevent it from exfiltrating the client documents.

 

They decided that getting someone to finish the other half of the job was a bespoke contract. Told them we can wait, far more likely another broker is affected and kicks up a storm that affects OGI rather than us.

Link to comment

Tbf - I’d be interested in comparing how the competition / alternative OGI solution aka Virtual Cabinet, manages the same situation. That’s the real benchmark / leverage. 
 

If cyber is a concern - or a requirement of your BI - I’d suggest taking a serious look at those security functions in both. Then make your choice. 
 

#whosheadisontheblock

 

Link to comment
17 hours ago, Mark Sollis said:

#whosheadisontheblock

Not mine and I have lead so many horses to the water but I can't get them to drink. Putting it out here in public view is a last straw / venting action.

Link to comment
17 hours ago, Mark Sollis said:

If cyber is a concern - or a requirement of your BI - I’d suggest taking a serious look at those security functions in both. Then make your choice. 

 

Sorry - the above was a more generic prompt for ALL brokers - particularly those who need to review their risk appetite - not aimed at you guys per-se :blink:

 

17 hours ago, Mark Sollis said:

#whosheadisontheblock

 

Ditto for this - and to make sure everyone is aware they can't blame or claim from, their supplier for their own inadequate security analysis and prevention

 

I feel your pain with the horses - but at least you found the water - that's half the battle ;)

 

Link to comment
1 hour ago, Mark Sollis said:

I feel your pain with the horses - but at least you found the water - that's half the battle ;)

Now how do I convince colour blind horses that the water is clean and safe to drink? 😛 

Link to comment
  • Mark Sollis featured, unfeatured, featured and unfeatured this topic
On 18/06/2021 at 17:07, Mark Sollis said:

 

Makes no difference if they're not thirsty :o

Oh, they are. They only want the yellow liquid someone else is giving them because they were convinced, somehow, that it is lemonade. 😼

  • Like 1
Link to comment
  • 3 weeks later...

Latest response from OGI:

Quote

I did discuss this with engineering and we are not sure with what they are asking whether it's even achievable with the software. But if it is Engineering advised it would be chargeable. I discussed this with [hardware technician's name redacted]. 

 

My response:

Quote

This needs to go to development. OA simply needs to change its Read & Execute permissions from Windows Authenticated User to SYSTEM the same as it already does for Write and Modify permissions.

 

I don't know why development did half a job of it in the first place and that getting this on their enhancement wishlist is such an uphill battle.

Anyone else want to log a similar request and join the chorus? :D 

  • Like 1
Link to comment
On 09/07/2021 at 10:59, Mark Sollis said:

Not 24 hrs before your post! A despairing mini-rant criticising the very response you received. Feel free to add a real life instance on there - Typical Standard Response Warning 

I don't use Linked In. Good post.

My colleague had that all the time, would ask OGI support, "How do I do this?" and would receive the answer, "It can't be done." A week later they would go back to OGI with, "This is how you do it."

 

Now they don't even bother to log tickets with OGI. If OGI cared and had enough staff to put more time into working these things out with my colleague, then they would have an over all better product and better service.

  • Like 1
Link to comment
  • 2 weeks later...

I was discussing measures to guard against ransomware with an OGI support member. 

Hosts of virtual machines are not safe.

 

They had a client a few weeks ago, where the ransomware managed to get into the hosts (plural) and it destroyed the vhdx files (what a virtual machine is stored in). In a lot of instances, with limited access, more ports closed on the host and so forth, you would be inclined to believe that they are safe and only the virtual, more "public access" machines would be affected to different degrees.

 

I am now looking into making a Linux host, so that backup snapshots of a virtual machine will be safe and can easily be fired up for emergency cases.

Link to comment
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...