Lessons from Mandiant's Chris Sistrunk on industrial cyber incident response

This excellent insight starts with excellent cyber security advice: "collaborate, plan ahead, and practice!" But how do you actually practice cyber defence? How do you actually build cyber defence muscle and cyber defence reflexes instead of just assessing your fitness? How do you do it for IT and OT and include everyone involved... SOC, CISO, but also production floor, management, and PR? Who can provide an environment like my own that can be smoked for me to properly cyber bench-press and cyber dribble under real pressure? CybergymIEC

🔐 Cybersecurity Isn’t Just Compliance—It’s Craftsmanship 94% of cyberattacks begin with email. Yet over 60% of SMBs still rely on basic spam filters as their first line of defense. That’s not resilience. That’s a recipe. At IT Nation Connect Global 2025, the “Cybersecurity Distilled” session challenged MSPs and IT leaders to rethink security—not as a checklist, but as a craft. Like distilling spirits, true cybersecurity requires refinement, vigilance, and layered protection. Here’s the distilled wisdom: - 🥃 Antivirus is gin. Endpoint detection is whisky. Signature-based AV meets the minimum. EDR with behavioral analytics filters threats before they mature. - 👁️ Monitoring is the master distiller’s eye. SIEM and MDR tools offer real-time visibility and expert-led response—far beyond audit logs. - 🔐 Access controls are the stillhouse gate. IAM and MFA enforce zero trust, ensuring only verified users and devices enter. - 🧱 Backups are the aged cask. Immutable backups and tested BCDR plans preserve business continuity—even after ransomware or outages. - 🧠 Employees are the human firewall. Security awareness training transforms users from risk vectors into active defenders. - 📊 Compliance is the recipe. Resilience is the blend. GRC tools streamline audits, but the goal is maturity—not just passing the test. Cybersecurity isn’t just about stopping threats—it’s about building systems that endure. Whether you're an MSP, IT director, or business leader, it’s time to mature your security posture from “gin” to “whisky.” #CyberSecurity #MSP #ITLeadership #EndpointProtection #ZeroTrust #SIEM #MDR #BCDR #HumanFirewall #EmailSecurity #GRC #ResilienceSignals #ITNationConnect #ConnectWise Article Link - https://lnkd.in/gzJ6AVNk

𝗙𝗼𝗿 𝗦𝗠𝗘 𝗟𝗲𝗮𝗱𝗲𝗿𝘀: 𝗧𝗵𝗲 𝟯 𝗝𝗮𝗿𝗴𝗼𝗻-𝗙𝗿𝗲𝗲 𝗦𝘁𝗲𝗽𝘀 𝘁𝗼 𝗣𝗿𝗼𝗮𝗰𝘁𝗶𝘃𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 Many growing businesses (50-200 employees) report feeling overwhelmed by the endless jargon, complex tools, and constant threats associated with cybersecurity. The truth is, proactive security doesn't have to be complicated. My unique background, blending Threat Intelligence with a passion for making security understandable, has shown me that simplicity is power. Here are 3 jargon-free steps to get ahead of vulnerabilities without needing a dedicated 20-person security team: 𝗞𝗻𝗼𝘄 𝗬𝗼𝘂𝗿 𝗪𝗲𝗮𝗸 𝗦𝗽𝗼𝘁𝘀 (𝗦𝗶𝗺𝗽𝗹𝘆!): Forget "Vulnerability Scans" for a moment; let us clarify the objective. Think: "Where are our digital doors and windows?" Action: Regularly test your website, key applications, and employee devices. Use simple, automated tools that give you a clear, red/yellow/green report. If you use a partner, demand reports you can actually understand. Why it matters: You can't protect what you don't know is exposed. 𝗧𝗿𝗮𝗶𝗻 𝗬𝗼𝘂𝗿 𝗧𝗲𝗮𝗺, 𝗡𝗼𝘁 𝗝𝘂𝘀𝘁 𝗬𝗼𝘂𝗿 𝗧𝗲𝗰𝗵: Forget "Security Awareness Training, let us simplify the concept." Think: "How do we empower everyone to spot danger?" Action: Conduct short, engaging, real-world scenario training (not boring compliance videos). Focus on common threats like phishing emails or suspicious links, using examples specific to your business. Why it matters: Your employees are your strongest firewall if they know what to look for, or your weakest link if they don't. Simple training cuts risk dramatically. 𝗣𝗹𝗮𝗻 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗪𝗼𝗿𝘀𝘁 (𝗜𝘁 𝗛𝗮𝗽𝗽𝗲𝗻𝘀!): Forget "Incident Response Plans" for a moment and let us focus on the outcome. Think: "What do we do if something does get through?" Action: Have a clear, 3-step action plan: 1) Who do we call (IT, security partner)? 2) What systems do we immediately shut down/disconnect? 3) How do we tell our customers/stakeholders (if needed)? Why it matters: A quick, clear response minimizes damage, protects your reputation, and ensures business continuity. Proactive security for SMEs isn't about expensive, complex systems; it's about a clear understanding, consistent action, and empowering your people. What's one simple security step your growing business took recently that made a real difference? Share your insights! #CybersecurityForSMEs #SmallBusinessSecurity #JargonFreeSecurity #DigitalProtection #BusinessGrowth #ActionableSecurity

Transforming Cybersecurity Through People-Focused Training Human error remains one of the leading causes of cyber incidents across organisations of all sizes. Traditional cybersecurity approaches often overlook the critical human element, leaving businesses vulnerable despite significant investments in technology. Our partnership with Goldphish | Cybersecurity Awareness changes that by putting people at the centre of cybersecurity strategy. We are now able to support you with cybersecurity awareness training that goes beyond compliance checkboxes to create measurable risk reduction. Our people-focused approach equips workforces with the knowledge and skills to recognise and resist evolving threats, transforming cybersecurity from a burden into a competitive advantage. “At Infoprotect UK, we don’t believe cybersecurity awareness should be a compliance tick-box exercise. That’s why we’ve partnered with Goldphish to deliver engaging, people-first training that equips staff to recognise and resist real-world threats. Together, we will help businesses build a security culture where employees become a true frontline defence against cyber risk,” says Brad Fraser, CEO. We are excited to announce our strategic partnership with Goldphish, the market leader in cybersecurity awareness training, to deliver comprehensive security awareness solutions that address one of today's most pressing business challenges. “Goldphish is all about offering one product with everything you need to improve security behaviours and reduce cyber incidents caused by employees. We are always looking at ways to expand our channel partner network. We are excited to have partnered with Infoprotect and look forward to their customers building a more cyber-sharp workforce with Goldphish Security Awareness, to stay compliant and avoid loss,” says Jess Massyn, Global Sales Director at Goldphish. Key Benefits ·     Higher completion rates and superior knowledge retention through engaging, interactive content ·     Seamless integration into existing staff workflows with minimal business disruption ·     Ongoing security awareness and targeted phishing simulations that deliver quantifiable results ·     Cost-effective training using customisable, scenario-based simulations relevant to your industry ·     Clear metrics and insights on staff performance and organisational security posture ·     Streamlined reporting and automation that empowers security teams to respond efficiently to threats ·     Development of security-aware staff who drive rapid incident reporting and proactive threat management ·     Shift from reactive security measures to a proactive, organisation-wide security mindset For more information about our cybersecurity awareness training solutions, please contact Hazel Richardson to discuss how this partnership can enhance your organisation's security posture.

There are five questions we wish every business asked their IT provider. Bookmark this and bring it to your next 1:1 with your IT. Question 1: Do you start with prevention or with monitoring (SOC/SIEM)?  ● Why ask it: Monitoring without strong basics is like CCTV cameras without door locks. You'll get alerts—after attackers walk in.  ● What to look for in their answer: A prevention-first plan: MFA enforced everywhere, patching SLAs, secure configuration baselines, removal of legacy protocols, and least-privilege access. Monitoring added after foundations are in place. Question 2: Where do MDR/XDR fit in our overall security strategy?  ● Why ask it: MDR/XDR are valuable, but they exist because traditional AV isn't enough. They are a layer, not the strategy.  ● What to look for in their answer: Clear positioning of MDR/XDR alongside prevention controls—not as a silver bullet. Evidence they tune policies for your environment, document response playbooks, and measure outcomes (time to detect/respond), not just deploy an agent. Question 3: Exactly what's in scope—and what isn't? Map it to recognized controls.  ● Why ask it: Breach post-mortems often start with "I thought our MSP handled that." Ambiguity is risk.  ● What to look for in the answer: A written service matrix tied to frameworks (e.g., Essential Eight, ISO27001): who owns MFA enforcement, patching cadence, backups and restore testing, email security, endpoint protection, identity and access logging, and user training. Transparent gaps and recommendations—no 'we do everything.' Question 4: How do you prove the basics are actually working—every week?  ● Why ask it: Policies don't stop attacks; evidence of controls working does.  ● What to look for in their answer: Routine, business-readable reports with hard numbers. Question 5: What's our incident response plan—and when did we last rehearse it?  ● Why ask it: The first 60 minutes decide cost, downtime, and headlines.  ● What to look for in their answer: A tested playbook with named roles and clear communication paths. Use these five questions in this order and insist on answers. If the responses are vague, product-led, or can't show evidence, you've just surfaced your biggest cyber risk. Better yet: Contact Vertex for an independent, evidence-based posture review today: your partner in cybersecurity.

DIY cybersecurity is becoming harder and riskier for Englewood SMBs. We just published a practical guide explaining why Managed IT Services outperform DIY protection and how our local team helps reduce downtime, speed up response, and simplify HIPAA/PCI compliance. What’s inside: • 24/7 monitoring & rapid incident response • AI-era threats (phishing, RaaS) explained in plain English • Real cost comparison vs. in-house/DIY • Englewood-specific considerations for healthcare, retail & professional services • How E-Valve Technologies keeps you audit-ready Read the post → https://lnkd.in/eb-AE8im Want a no-pressure risk assessment? Just ask :). #ManagedIT #Cybersecurity #EnglewoodNJ #BergenCounty #HIPAA #SMB #mspaa The Managed Service Providers Association of America®

𝗣𝗿𝗼𝘁𝗲𝗰𝘁 𝘆𝗼𝘂𝗿 𝗱𝗮𝘁𝗮 𝘁𝗵𝗶𝘀 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝘄𝗮𝗿𝗲𝗻𝗲𝘀𝘀 𝗠𝗼𝗻𝘁𝗵 𝘄𝗶𝘁𝗵 𝗜𝗦𝗢/𝗜𝗘𝗖 𝟮𝟳𝟬𝟬𝟭 Cybers Security Awareness Month is the perfect time for businesses to take a closer look at how well they’re protecting their most valuable asset: data. In a world where data breaches, ransomware attacks, and cyber threats are daily realities, information security isn’t just an IT issue; it’s a business imperative. 𝗧𝗵𝗮𝘁’𝘀 𝘄𝗵𝗲𝗿𝗲 𝗜𝗦𝗢/𝗜𝗘𝗖 𝟮𝟳𝟬𝟬𝟭 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 𝗰𝗼𝗺𝗲𝘀 𝗶𝗻. 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗜𝗦𝗢/𝗜𝗘𝗖 𝟮𝟳𝟬𝟬𝟭? ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS). It provides a structured framework to help organisations manage the security of assets such as financial data, intellectual property, employee information, and customer details. Rather than relying on ad hoc controls or reactive measures, ISO/IEC 27001 takes a systematic, risk-based approach to protecting information, ensuring that security is built into the fabric of your organisation. 𝗪𝗵𝘆 𝗜𝗦𝗢/𝗜𝗘𝗖 𝟮𝟳𝟬𝟬𝟭 𝗺𝗮𝘁𝘁𝗲𝗿𝘀 𝗳𝗼𝗿 𝗯𝘂𝘀𝗶𝗻𝗲𝘀𝘀𝗲𝘀 Cybersecurity isn’t just about technology; it’s about people, processes, and culture. Implementing ISO/IEC 27001 helps organisations strengthen all three by: ✅ Identifying and managing data risks before they become incidents ✅ Protecting customer data, building confidence and trust ✅ Meeting regulatory and contractual obligations for data security ✅ Reducing downtime and disruption caused by security breaches ✅ Demonstrating leadership and accountability in managing information security For businesses that rely on digital systems, ISO/IEC 27001 provides reassurance to customers and partners that their data is in safe hands, and that your organisation takes security seriously. 𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗮𝗻𝗱 𝗮 𝗰𝘂𝗹𝘁𝘂𝗿𝗲 𝗼𝗳 𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 By aligning with ISO/IEC 27001, organisations create a culture where information security isn’t a one-time project, but an ongoing commitment to protecting people, data, and reputation. ISO/IEC 27001 helps to embed security awareness and accountability across all levels of business. This Cyber Security Awareness Month, take the next step in strengthening your defences. Implementing ISO/IEC 27001 isn’t just about compliance, it’s about building resilience, trust, and long-term confidence in your business.   Discover more on Information Security Management Systems at: https://lnkd.in/g3i-mBYv #CyberSecurityAwarenessMonth #CyberSecurityMonth #CyberSecurity #ISO27001 #DataSecurity #ISMS #InformationSecurity #ISOIEC27001 #5Ticks #Trust #Trusted #Compliance #AI #Cyber #IntertekSAIGlobal

🔐 October is Cybersecurity Awareness Month! As technology continues to power how we work, connect, and serve clients, one thing is certain — cybersecurity is no longer just an IT issue; it’s a business imperative. At Solarus Consulting Services, we’ve seen firsthand how even small oversights — a weak password, an unchecked link, or an unpatched system — can open the door to serious risks like data breaches, fraud, or service disruption. This month is a great reminder that strong cybersecurity starts with awareness. Every employee, from front line to the boardroom, plays a role in keeping our organizations safe. 💡 Here are a few practical ways to strengthen your organization’s cyber resilience: 🧠 Train your team — Regular cybersecurity awareness sessions on phishing, social engineering, and password hygiene can prevent most cyber incidents. 🔑 Use multi-factor authentication (MFA) — It adds a simple but powerful layer of protection against unauthorized access. 🧩 Keep systems updated — Outdated software is a hacker’s favorite target. 🕵️ Review access controls — Limit sensitive data access to those who truly need it. 📊 Audit and test — Periodic cybersecurity and IT risk assessments can help you identify gaps before attackers do. Cybersecurity isn’t just about protection — it’s about building trust, resilience, and continuity for your clients, employees, and partners. If your organization hasn’t yet conducted a cyber risk assessment or reviewed its incident response plan, now is the perfect time. At Solarus Consulting Services, we help organizations assess, strengthen, and embed cybersecurity into their overall risk management framework. Let’s make this Cybersecurity Awareness Month a turning point for safer, stronger organizations. #CybersecurityAwarenessMonth #RiskManagement #InternalAudit #SolarusConsultingServices #DataProtection #CyberResilience #BusinessContinuity

DIY cybersecurity is becoming harder and riskier for Englewood SMBs. We just published a practical guide explaining why Managed IT Services outperform DIY protection and how our local team helps reduce downtime, speed up response, and simplify HIPAA/PCI compliance. What’s inside: • 24/7 monitoring & rapid incident response • AI-era threats (phishing, RaaS) explained in plain English • Real cost comparison vs. in-house/DIY • Englewood-specific considerations for healthcare, retail & professional services • How E-Valve Technologies keeps you audit-ready Read the post → https://lnkd.in/eAX89Mra Want a no-pressure risk assessment? Just ask :). #ManagedIT #Cybersecurity #EnglewoodNJ #BergenCounty #HIPAA #SMB

🔐 Cybersecurity in Focus: Public Services and Global Brands Under Attack Two recent cyber incidents have highlighted the growing threat to both public sector bodies and global enterprises: 🔹 Suffolk County Council was targeted by a denial-of-service (DoS) attack, which disrupted access to its website and several online services. The attack also affected the Suffolk Chamber of Commerce and Harwich Town Council, with a social media group claiming responsibility. 🔹 Asahi Group Holdings, Japan’s largest brewery, suffered a major cyber-attack that halted domestic production and disrupted logistics and customer service operations. These events serve as a stark reminder that no organisation is immune. Whether you're a local authority or a multinational brand, cyber threats can cause serious disruption to operations, reputation, and public trust. 🛡️ How Can Organisations Protect Themselves? To reduce the risk and impact of cyber-attacks, organisations should: 🔒 Invest in layered cybersecurity defences, including firewalls, intrusion detection systems, and endpoint protection. 🕵 Carry out regular vulnerability assessments and penetration testing to identify and address weaknesses. 🛠️ Deploy DDoS mitigation tools and services to detect and deflect malicious traffic. 🧑🎓 Educate staff on cyber hygiene – covering phishing awareness, password security, and incident reporting. 🧑💼 Develop and rehearse incident response plans to ensure swift recovery and clear communication. 💻 Collaborate across sectors to share threat intelligence and best practice. 💬 Cyber resilience is no longer a ‘nice to have’, it’s a strategic necessity. How is your organisation preparing for operational cyber risks? Take control before threats take hold. Contact Boo Consulting Limited today to safeguard your organisation’s future. Be proactive, don’t wait until it’s too late. #CyberSecurity #RiskManagement #BooConsultingLimited ______________________________________________________________________________ I am Louise Harrison 💻, Business Development Manager of Boo Consulting Limited. Your compliance journey starts here!   Please reach out to me to learn how your baseline security will help foster meaningful connections with your prospects, clients, and teams. #BooConsultingLimited   📩 [email protected] ☎️ +44 (0)1637 838155