宁波 新茶 spa

Patching Missteps Are Not an Excuse to Blame Victims of Ransomware Attacks

first_img“It’s their own fault. They wouldn’t have been hit if they’d kept up with their patches and updates.”How many times did we hear this line in the wake of WannaCry, Petya and virtually every other cyber attack that has exploited known vulnerabilities in recent years? To hear the Monday-morning quarterbacks talk, you’d think data security teams the world over were either lazy, unknowledgeable or both if they fell victim to one of these massively successful cybercriminal ventures.While it’s true that some of this year’s major ransomware attacks could have been avoided with timely patching, blaming the victim is naive.For mid-sized and larger organizations with an average IT department, patching is not an easy feat – it’s challenging, time-consuming and rife with issues.The Scale IssueIt may be relatively easy to keep up with one or two software and OS updates when you’re working with a personal computer and a handful of applications. However, for IT teams responsible for updating thousands of systems, the number of patches needed per month is not one or two. It could be over 100!I recently counted that an average 500-bed hospital uses about 460 applications. Every application requires updates and patches on an ongoing basis. Moreover, the most common apps – Flash readers, web browsers and OSes – require more frequent attention. Finding and attacking vulnerabilities is time-consuming and expensive for cybercriminals. So by targeting common apps, they get a bigger bang for their buck. Luckily for cybercriminals, these apps tend to be rife with vulnerabilities.Let’s not forget that the existence of these vulnerabilities is not the victim’s fault – it’s the vendor’s. And while vendors receive their share of negative attention when vulnerabilities are revealed, for some reason we find vulnerabilities much less baffling than a victim‘s inability to keep up with the demands of applying the patches.The Domino EffectIf updates and patches could be rolled out without side effects, they would be slightly more manageable. But this isn’t the case either.Anyone who has worked for a large company knows firsthand the collective groan that spreads when the IT team announces updates. Updates are inconvenient – work comes to a standstill while employees download and reboot. And inevitably, there are issues.Maybe a few employees’ VPNs no longer work. Maybe their multi-factor authentication becomes buggy. The reality is that most updates bring with them an array of complications and a flurry of help-desk calls, so IT teams plan for updates with this expectation.The Offline ChallengeOf course, for every device that experiences an issue after an update, there’s another device that doesn’t receive the update at all. Endpoint security updates are typically pushed through an endpoint management console. If a device is not connected to the company’s network or not turned on when a patch is pushed, it will miss the update. If the user has administrative control, which is more common than you would think, he or she can opt out of the update. If either of these scenarios happens enough, the company suddenly finds itself with a massive data security gap.Ideally, IT figures this out and fixes it quickly. But we don’t live in an ideal world – we live in one that makes patching thousands of endpoints highly challenging. And it’s only one item out of many on the average IT team’s checklist.Patching Is Good. Endpoint Security That Works Is Better.Don’t get me wrong. Patching should unequivocally be a priority of every IT team. A good strategy is to prioritize updates so that the most mainstream products, such as apps, browsers, and OSes, get the top spot.But when a ransomware attack or other exploit succeeds, we shouldn’t simply be asking why the victims weren’t up-to-date. We should be asking what else broke down in the data security chain that allowed the compromise to happen.Did a software provider prioritize UI over security in their rush to market, allowing the vulnerability to exist in the first place? Did an endpoint security solution fail to stop a known threat? Was the victim relying on 10-year-old technology that simply is no longer equipped to stop modern threats?There are many reasons security programs can fail to stop a threat. It’s time to change the conversation to offer a more comprehensive outlook on why breaches succeed. Otherwise, the blame will continue to be passed, and victims will continue to feel defenseless no matter how hard they try to keep up with changing data security demands. Even worse, cybercriminals will continue to succeed in their attack ventures, draining companies of millions more dollars and the entire industry of peace of mind.last_img read more

Lady Day , Starring Audra McDonald, Will Release Live Cast Album

first_img View Comments The live album will feature signature Holiday numbers performed by McDonald in the play, including “What a Little Moonlight Can Do,” “Tain’t Nobody’s Biz-ness” and “God Bless the Child.” Directed by Lonny Price, the play by Lanie Robertson tells the life story of the legendary jazz singer through the songs that made her famous. Set in 1959, in an intimate bar in Philadelphia, Holiday (McDonald) puts on a show that, unbeknownst to the audience, will leave them witness to one of the last performances of her lifetime. The Broadway production officially opened on April 13 and McDonald has been nominated for a Tony for her performance in the show. Lady Day at Emerson’s Bar & Grill Show Closed This production ended its run on Oct. 5, 2014 Related Shows From a Philly bar to your own living room! PS Classics will record a live performance of Lady Day at Emerson’s Bar and Grill, starring five-time Tony winner Audra McDonald as Billie Holiday, during the week ending May 31. The two-disc set will be released on July 15.last_img read more

LSU players’ COVID-19 quarantine reportedly result of outside contacts

first_imgDefending national champion LSU is one of several FBS football programs to be affected by COVID-19 since players were allowed to return to campus for workouts. The Tigers’ athletic department blamed its cases on interactions outside the team’s facility rather than players training together.SI.com reported Saturday that at least 30 of the Tigers’ 115 players have been in quarantine over the past week after testing positive or being in contact with people who contracted the virus. Some of the cases were traced to players’ visits to Tigerland, an area of bars and restaurants in Baton Rouge that was the source of a recent COVID-19 outbreak. The (Baton Rouge) Advocate reported Saturday that the spread started with a gathering of friends. “I’m protecting Baton Rouge from getting a higher viral load. That’s my obligation,” Mullenix told SI. “The quarantine, while frustrating, prevents community spread.”LSU has joined Clemson, the team it defeated in last season’s College Football Playoff championship game, and the other schools that are dealing with player outbreaks since teams were allowed to return to campus this month.Clemson announced last week that 28 people in the athletic department, including 23 football players, tested positive. Kansas State suspended workouts after 14 players tested positive. Texas reported 13 positive tests. Alabama reportedly has had eight players test positive. MORE: College football predictions for 2020″When you do contact tracing and get some honesty from kids, it’s very easy to see where it came from and what happened,” Shelly Mullenix, LSU senior associate athletic trainer, told SI. “I can talk to them about wearing a mask, but if your mask is under your nose, you’re not wearing a mask.”The exact number of positive tests on the team is not known. SI and The Advocate reported that no one in the program has required hospitalization and symptoms have been, at most, mild. Other players who visited Tigerland tested negative Friday, SI reported.SI described LSU’s safety protocols inside its football facility as “intense.” They include separate entrances for players and coaches, daily temperature scans and a “lengthy” questionnaire that players must fill out each day. Likewise, the school has been aggressive in ordering quarantines. last_img read more