We are proud to share our inaugural MOXFIVE Insights Report for 1H 2022.
Our goal with MOXFIVE Insights is to further inform and educate the community on trends we observe across our forensics, recovery, and business resilience engagements.
As cybersecurity continues to serve as a growing concern for businesses and board rooms, we believe there is still a lack of explanation and education regarding how attacks happen. Often the explanation of how an attack occurred is either overly generic or overly technical for executives, which makes it more difficult for them to understand what can be done to minimize the business impact of an incident. We also see an opportunity to provide stakeholders with meaningful insights to apply when they need them most – in time of crisis when responding to an attack.
For example, understanding the initial entry point of a ransomware attack was a phishing email is good to know but stops short of clearly explaining what specific security controls could have minimized the severity of the attack. In this case, it would be more impactful to share with the stakeholders that while endpoint detection & response (EDR) software was deployed, the employee clicked on the phishing email on a Saturday morning when no one was monitoring the EDR console and alerts were firing. The lack of monitoring during this time allowed the threat actor to move laterally, accessing backup servers, wiping all backups, and deploying ransomware before anyone noticed. In short, while having EDR deployed is a worthy investment, so too is 24x7 monitoring and response by seasoned professionals.
In other situations, it helps to have insights readily available and actionable to guide the response process from the outset. For example, the understanding that a particular ransomware operator has recently been unintentionally executing their encryptor – the software that encodes the victim’s files – multiple times, could optimize the recovery effort. More specifically, MOXFIVE has been able to proactively recommend obtaining additional temporary storage to support the decryption process. By preparing for this threat activity from the outset, the response team can more efficiently decrypt systems and resume business operations.
While our industry has evolved in recent years as it relates to information sharing and collaboration, we still have a long way to go. MOXFIVE aims to peel back the layers of technical jargon and explain why certain attacks are more impactful than others, while also providing greater context on the impact of security controls. As we seek to provide more transparency and visibility into the cybersecurity industry, we hope the community finds our inaugural MOXFIVE Insights interesting and informative.
MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our platform approach enables victims of attacks to work with a Technical Advisor who provides the expertise and guidance needed in a time of crisis, and facilitates the delivery of all technical needs required, consistently and efficiently.
Learn MoreWith experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.