Joint Cybersecurity Advisory Outlines Approaches to Discovering and Remediating Attacks



cyberattack approachThis newly-released report is the result of a collaborative effort by cybersecurity authorities in Australia, Canada, New Zealand, the United Kingdom, and the United States.

Nothing says “this is the standard” like a set of guidelines that are written by and agreed upon by the world’s leading experts in cybersecurity. The Joint Cybersecurity Advisory: Technical Approaches to Uncovering and Remediating Malicious Activity provides organizations with technical approaches, mitigation steps, and best practices designed to “enhance incident response among partners and network administrators along with serving as a playbook for incident investigation.”

Some of the most important content in this advisory is its mitigation content; having a planned response *is* important, but it’s better to keep an attack from happening. Some of the familiar recommendations include disallowing unrestricted RDP access (a commonly-used tactic for ransomware attacks) and disabling the interactive logon of service accounts (used as part of lateral movement activity), among others.

It also provides guidance around best practices to put in place prior to an incident occurring. These include:

  • Application whitelisting
  • Limiting privileged access
  • Maintain backups of essential data and systems
  • Use and maintain a secure workstation image

In addition, the collective cybersecurity authorities see the user as “the frontline security of [an] organization,” citing the need for “User Education.” According to the advisory, the education focuses on malicious downloads and phishing emails, as well as how to respond should they either come face to face with an attack, as well as should they fall for one.

Security Awareness Training helps to address these recommendations, educating the user with practical examples of modern attacks, while emphasizing the importance of the user’s role in organizational security.

Take a look at this advisory; it provides great context into what you should be doing both before and after an attack.


Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat-request-a-demo

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews