The Waypoint: December 2024 Edition
GuidePoint Security
We help organizations make smarter cybersecurity decisions that minimize risk.
As 2024 winds down, it’s a time to reflect on the past year and plan for the year ahead. To that end, this December issue of The Waypoint focuses on cybersecurity trends that will continue in the coming year: digital transformation through identity access management, ransomware response strategies, and OT Security. Additionally, we’re making it easy for you to rewind and find topics that you missed from us this year, and where to meet up with us in 2025. Let's get to it.
Roadmap
Learn How a Well-Governed Digital Identity Program Can Deliver Business Value
Security solutions are designed with the focus on Confidentiality, Integrity and Availability (CIA), but focusing on CIA alone limits the ability to fully communicate the value of Identity and Access Management (IAM) to the business. An effective and successful IAM program requires both agility and strong governance to ensure that current business needs are met, and are also flexible enough to meet future business needs while reducing time to value.
In this paper, we show how IAM programs can deliver value and help meet business objectives through an attribute-based approach. We also discuss the necessary framework for identity governance programs and how to create a governance structure for delivering expected outcomes to the business.
Ransomware Recovery: A Case Study
Auto Justice Attorney Michael T. Gibson opened his Orlando personal injury law firm 15 years ago after seeing his own family in need of legal help to advocate for them after a head on car collision. His firm is dedicated to helping auto accident victims and their families through the difficult, overwhelming, and often frustrating process of filing a personal injury or wrongful death claim.
One day Gibson and his family were on a vacation in Sanibel Island when he received a phone call from his partner saying that there were ransom letters printing out of the printers. The law practice had just been victimized by cybercriminals, who had encrypted the firm’s systems and data. “Our practice was basically crippled as even our backup systems were corrupted,” he said.
Watch this video to hear Gibson describe his experience working with GuidePoint Security’s Incident Response team, which helped get his law firm operational again within a short period of time.
Read the Latest Insights and Analysis
In the majority of cases, the determination of whether or not to pay a ransom is a business decision, and this blog is intended solely to help decision-makers navigate that decision-making process in a structured manner based on our experiences, engagements, and discussions with senior decision-makers in the wake of a ransomware incident.
In ransomware communications engagements and in this blog, GuidePoint’s Research and Intelligence Team (GRIT) does not actively direct or encourage the payment of ransoms to cybercriminals, which may incentivize or support continued ransomware operations. Instead, GRIT encourages a strong proactive defensive posture, a rapid reactive incident response, and general non-pecuniary communications to better understand the impacts or claims made by the threat actor.
Decisions of whether to pay a ransom should be based on a thorough consideration of viable alternatives, the business impact of degraded operations, an organization’s fiduciary responsibilities, and in considering all applicable legal, statutory, and regulatory considerations.
If you have been victimized by ransomware, please reach out to GuidePoint Security via our Report an Incident page.
In an era where cyber threats to critical infrastructure are growing in both sophistication and frequency, securing Operational Technology (OT), Industrial Control Systems (ICS), and the Industrial Internet of Things (IIoT) is more critical than ever. The interconnectedness of these systems within energy grids, water treatment facilities, transportation networks, and manufacturing plants makes them prime targets for attackers. A successful breach can disrupt entire cities or even countries, leading to both economic and physical harm.
A multi-layered security approach is essential to defend against these threats. This approach must include technical controls, process-oriented defenses, and—perhaps most importantly—collaboration between security executives and stakeholders across an organization.
This blog explores the key types of security required for critical infrastructure, the need for collaboration, and industry standards that can be used to provide a good blueprint for success.
THE SECURITY FRONTIER: WHERE TO FIND US
Health-ISAC Fall Americas Summit | December 2-6, 2024 | Phoenix, AZ
GPSEC is our premier 1-day security conference that brings together business executives, security professionals, consultants and innovative vendors in an intimate and interactive format. More than 10 GPSECs are planned for 2025 across the country. See when and where a GPSEC will be in your area!
R.S.V.P. for these Live/On-Demand Discussions
December 13 at 1:00pm ET
Join host, David Spark, host and the producer of CISO Series for this Super Cyber Friday discussion with James Hauswirth, Principal Security Consultant, GuidePoint Security, for an hour of critical thinking about strategically modernizing your infrastructure.
January 7, 2025 at 1:00pm ET
Start the year strong by joining GuidePoint Security's first cybersecurity Brick House roundtable in 2025. Gain insights from industry experts on evolving threats, AI advancements, IAM innovation and insights on tackling the year’s biggest challenges.
Missed one of our Brick House roundtable discussions this year? You can still watch Gary Brickhouse, CISO at GuidePoint Security, and our panel of experts as they explore a wide range of cybersecurity topics and challenges in our 2024 library.
CONTACT US
GuidePoint Security
2201 Cooperative Way | Herndon, VA | 20171 | 877- 889-0132