CyberSafe Chronicles
Tuque's Take on the News
Construction firms breached in brute force attacks on accounting software
Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks. The malicious activity was first spotted by Huntress, whose researchers detected the attacks on September 14, 2024.
Huntress has already seen active breaches through these attacks at plumbing, HVAC, concrete, and other sub-industry companies. In these attacks, the attackers are taking advantage of a combination of exposed services amplified by users not changing default credentials on privileged accounts.
White Tuque’s Take: Brute force method of breaching passwords and gaining access to privileged accounts is one of the oldest methods out there!
The main reasons these attacks persist are:
- Many users still use weak, easily guessable passwords
- Automated tools make it easy for attackers to try large numbers of password combinations quickly
To protect against brute force attacks:
- Use strong, unique passwords for each account (long, with a mix of characters)
- Implement multi-factor authentication
- Use account lockouts after multiple failed login attempts
Believe you need more guidance securing your systems and endpoints? Our approach is streamlined and refined to be relevant and tangibly useful for promoting best practices. Visit www.whitetuque.com/help to learn more.
Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable
A lack of cyber security expertise and employee training threatens the protection of cloud environments, according to new research by Check Point Software.
In its 2024 Cloud Security Report, the firm found that 61% of organizations experienced at least one security incident related to public cloud use in the past year, a significant increase from 24% the previous year.
Of those incidents, 21% resulted in a data breach. A shortage of skills was cited by 32% of respondents as a barrier to cybersecurity defense in cloud environments. Lack of security awareness among employees was cited by 41% of experts as a barrier.
White Tuque’s Take: Understanding your organization’s current security skill set and assessing what course of action to take in upskilling your employees is the first step to bridging the gap. Key is to foster a continuous learning culture: Encourage ongoing education and pursuit of certifications to keep pace with the rapidly evolving threat landscape.
Don’t think you have time for more training or need customized cybersecurity program development? Our approach is streamlined and refined to be relevant and tangibly useful for promoting best practices. Visit www.whitetuque.com/help to learn more.
What We Have Been Up To
June: White Tuque was invited to represent Chicago as part of the US Business Delegation to the Toronto Stock Exchange!
Last week, World Business Chicago invited cross-border business leaders to open the Toronto Stock Exchange and White Tuque was there!
“Airplanes, stadium seating and opening trading days, the only time it pays to be on the shorter side. It was an amazingly cool experience to be able to open the trading day on the TSX representing White Tuque USA, 1871, and the City of Chicago as part of the US Business Delegation to the Toronto Stock Exchange. We had the opportunity to start the day off connecting with stakeholders from both sides of the border. It was a privilege to take part and so much fun to help ring the opening bell!”
– Rob Stewart, Founder
August: Healthcare Think Tank event at VelocityTX on AI & Cyber!
Earlier in August White Tuque took part in Healthcare Think Tank‘s fascinating panel discussion around AI & Cybersecurity, hosted by VelocityTX in #SanAntonioTX. We want to thank the organizers at Healthcare Think Tank, especially Linda Elliott, for their efforts in assembling a group with diverse perspectives and experiences in cybersecurity, tech, and healthcare. Thank you to Velocity.TX for hosting the in-person and online event, broadening the reach of this discussion across North America.
Finally, we’re grateful to Prateek Agrawal for representing White Tuque on the panel. His expertise in risk mitigation and cybersecurity added valuable insights into what the future of AI and healthcare means today, and the impacts for the future.
