Tuque's Take on the News
CISA working on updated National Cyber Incident Response Plan
The Cybersecurity and Infrastructure Security Agency (CISA) is working with industry stakeholders and government agencies on a new version of the National Cyber Incident Response Plan (NCIRP) — the framework that outlines the country’s response to significant cyber incidents. The updated plan was mandated in the 2023 National Cybersecurity Strategy, and CISA is now working with the Office of the National Cyber Director (ONCD) to coordinate input from regulators, critical infrastructure organizations and more. Read More…
White Tuque’s Take: Together, industry and government must continue to drive collaboration to minimize the harms from cyber incidents to society and defend our shared digital ecosystem. That said, businesses of all sizes need to understand their own vulnerabilities and associated risk.
Don’t know where to start? White Tuque can help you develop a roadmap to mitigate your cyber risk, no matter the size of your business. Learn more at www.whitetuque.com/help.
1Password discloses security incident linked to Okta breach
1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant. In a report released Monday afternoon, 1Password says threat actors breached its Okta tenant using a stolen session cookie for an IT employee. Okta first learned of the breach from BeyondTrust, who shared forensics data with Okta, showing that their support organization was compromised. However, it took Okta over two weeks to confirm the breach. Read More…
White Tuque’s Take: Securely managing credentials is key to ensuring that external threat actors cannot gain access to the organization’s critical systems. With organizations leveraging more vendor products to service their needs, it becomes imperative that gaps at both internal and external points are well covered.
We have subscription-based services that can help you find and auto-close vulnerabilities, monitor threats with managed detection and response (MDR), and more! Tell us more about your concerns at www.whitetuque.com/help.
Staff training far most cost-effective than going through a cyber compromise
Let’s face the elephant in the room: Employee awareness training is expensive and time-consuming.
Rajiv Gupta, associate head of the government’s Canadian Centre for Cyber Security, states that, “Prevention is definitely the key to cyber defence. Getting your employees trained up front is far more cost-effective than the ramifications of a cyber compromise.” Ransomware, to cite one example, “is incredibly costly and painful to live through. Many organizations realize that after they’ve suffered the incident.”
White Tuque’s Take: Training staff is an essential exercise in managing today’s cyber threat landscape. Creating a culture where security awareness and training are embedded into the organization will help the staff not only identify the cyber threats but also gives staff the capabilities to manage them.
How often and how much time should you spend training your staff? Let us help you develop a strategy that makes sense for your business, supports your goals for the future, and is meaningful to your team! Tell us more about your business: www.whitetuque.com/help.
Microsoft Authenticator now blocks suspicious MFA alerts by default
Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage.
Microsoft Authenticator is an app that provides multi-factor authentication, password auto-fill, and password-less sign-in to Microsoft accounts. When a user tries to log into an account with protected by multi-factor authentication (MFA), the Authenticator app sends a push notification to the user’s device to grant or deny access.
White Tuque’s Take: As more companies adapt MFA, attackers will shift to MFA fatigue attacks, essentially generating frequent multiple requests to frustrate users. Microsoft new additional feature should help to reduce the annoying notifications. It will mean users of Microsoft Authenticator should take the extra time to verify their authentication requests as attackers look for new ways to break in.
Think managing access control has too many processes? Our approach is streamlined and refined to be relevant and tangibly useful for leveraging best practices. Visit www.whitetuque.com/help to learn more.
White Tuque's Expert Opinions & Stories
Cyber Awareness & Cyber Readiness | Robert D Stewart, Founder & CEO
Small and medium-sized enterprises (SMEs) play a crucial role in the global economy; as such, they are also prime targets for cyber criminals. Cybersecurity Awareness Month is a great opportunity for SMEs to start to look internally at their technology, risks, and response planning.
For SMEs, a cyberattack or prolonged outage can be devastating, leading to financial losses, damaged reputations, legal ramifications, and even business closure. This month serves as an educational platform, empowering businesses to recognize potential threats like phishing, ransomware, and data breaches. By fostering a culture of cybersecurity, SMEs can safeguard sensitive information, customer trust, and overall business integrity. In an interconnected world where a digital presence is essential, cyber awareness is not just a necessity but a lifeline for SMEs, ensuring their resilience, growth, and prosperity in the face of evolving cyber threats.
White Tuque Presented with Business Growth Award at Barrie Chamber Business Awards 2023
White Tuque was recently recognized with the Business Growth Award at the Barrie Chamber of Commerce Business Awards. White Tuque was among three finalists to be nominated for this award, which was presented by the category sponsor Scotiabank.
We are proud to be recognized by Hon. John Brassard, MP Barrie-Innisfil, and by Hon. Andrea Khanjin, MPP Barrie-Innisfil. In her letter, she further commended White Tuque’s achievements. “Thank you for protecting our community against cyber attacks. Your team’s passion for problem-solving and efforts to promote cyber resiliency is a testament to your team’s strength.”
This award celebrates our unwavering commitment to our clients’ satisfaction. We are immensely proud of our dedicated team whose hard work and passion have fueled our remarkable growth journey. This recognition not only celebrates our success but also underscores our ongoing dedication to serving our community with the utmost dedication.