Incident Response Plan: How to Prepare for the Worst and Protect Your Business

Imagine learning that you’ve just suffered a cyber incident. A cyber incident might be one of your software vendors telling you they found your password on the dark web. Perhaps you log onto your computer only to see a ransomware message. Maybe you can’t log onto your computer — and no one at your company can.

What should you do? How should you respond? And how can you minimize the impact, contain the fallout, and get your business up and running as quickly as possible?

With a cybersecurity incident response plan. (via Decoding Cyber)

Let’s discuss.

What is a cybersecurity incident response plan?

An incident response plan is a documented framework that outlines specific steps and procedures you should take in the event of a cyber incident in real time.

Think of it as an organizational guide that ensures everyone from your security team to the IT department to executives are on the same page. 

The incident response plan will detail everyone’s roles, responsibilities, and specific actions as the cyber incident unfolds in real-time. It will include clear steps to help you identify, contain, and mitigate the cyber incident. It should provide a clear path to recovering from the incident, including retrieving all lost data and restoring all services. Your incident response plan should also include a pathway for you to critically examine the failures that led to the cyber incident and learn valuable lessons about preventing them in the future.

Who needs an incident response plan?

Regardless of size or industry, every organization needs an incident response plan.

Think about it — if you're a massive corporation, you have access to money and data, which is the main reason bad actors attack. But even if you're a small business, you probably do lots of things online, like email, accounting, and operating a website. Aside from website security, you need to be prepared for a cyber incident

In terms of industries, some are targeted more than others. For instance, manufacturing is now the most-attacked industry, representing nearly 25% of all cyberattacks globally. But finance, insurance, professional services, energy, retail, education, healthcare, government, transportation, and media are not far behind.  

The bottom line is that no matter what type or size of business you’re running, there’s an extremely high likelihood that once you assess the threat landscape (which every company needs to do), you’ll find yourself susceptible to being attacked. 

Why is an incident response plan essential?

An incident response plan is crucial because you can do everything right and still get attacked and suffer an incident.

Here’s what we mean.

Cybercrime has been rising for decades and shows no signs of slowing down, especially regarding incidents like ransomware. If you’re running a business, you must embrace the reality that getting attacked is a matter of “when,” not “if.” Sure, you want to do everything possible to lessen the likelihood of being attacked. But you also want to accept that virtually every business is exposed to being attacked and that if you let your guard down for a second, you may suffer a consequence like lost money, data, or time.

As discussed in our three-part series “In the Crosshairs,” we suggest taking a proactive approach to cybersecurity measures. While defensive stances like zero trust are critical in the modern digital business world, they’re not enough. You can’t just sit back and take a defensive posture to cybersecurity. Sooner or later, cybercriminals will find an entry point to your network and systems. You want to engage with cyber criminals to get in front of them and make them think twice about attacking you.

Cybersecurity is like a long and ongoing war because there will always be cyberattacks in the digital universe. In this war, you can’t win once and for all vanquishing your enemies forever. Instead, you strive to win every battle, but they will win a battle or two. When that happens, when you experience an incident (minor or significant), your incident response plan comes into play.

Creating an incident response plan makes sense, especially when artificial intelligence (AI) is increasingly factoring into cybersecurity. Let’s say you take every single bit of our advice and meticulously and strategically plan for every possibility throughout your organization. As an aside, we suggest doing this! Why not be prepared for every possible outcome? An incident response plan is part of that preparation. Let’s look at some benefits!

3 benefits of an incident response plan

Three benefits of an incident response plan

An incident response plan will guide your business. When everyone knows that policies and procedures are in place to mitigate the damage and restore operations, they’ll be more likely to keep calm and carry on. Let’s look at the benefits of an incident response plan in more detail.

1. Minimize downtime 

With a well-defined incident response plan, organizations can quickly detect and mitigate security incidents, reducing the duration of downtime. This helps prevent financial losses, reputational damage, and potential regulatory penalties.

2. Reduce confusion

An incident response plan establishes a transparent chain of command, ensuring that the right individuals are notified and involved in incident handling, thus reducing confusion. This promotes efficient communication, coordination, and decision-making during high-pressure situations.

3. Improve compliance

An incident response plan can help ensure that your organization can demonstrate that you are protecting sensitive data and systems required by regulators. For example, organizations must have an incident response plan to comply with Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS) regulations.

We are now ready to dive into how to develop an incident response plan and how it differs from other similar initiatives. The meat of the article! Get your forks and knives ready. We serve it up fast, easy to consume, and above all… deliciously helpful!

6 steps to develop an effective incident response plan

Six steps to develop an effective incident response plan

Developing an effective incident response plan requires a systematic approach. Here are the critical steps to consider:

1. Conduct a risk assessment

Conduct a thorough assessment of potential risks and vulnerabilities to understand the organization's cybersecurity landscape. This assessment will help identify potential threats, their impact, and the likelihood of occurrence.

2. Establish a response team

Form a dedicated incident response team comprising representatives from IT, security, legal, HR, and other relevant departments. Define roles, responsibilities, and escalation procedures to ensure efficient incident handling.

3. Create an incident response framework

Develop a step-by-step framework that outlines the actions to be taken during each phase of incident response, such as detection, analysis, containment, eradication, recovery, and post-incident analysis.

4. Test your plan and train your team

Do not overlook the importance of this step! Many do, and they pay the price when they need to rely on their incident response plan during an actual cyber incident. Regularly test and update the incident response plan, conduct simulated exercises, and provide training to ensure all team members know their roles and responsibilities. This helps identify any gaps or areas for improvement.

5. Collaborate with external partners

Establish relationships with external partners, such as incident response service providers and law enforcement agencies. These partnerships can provide additional expertise, resources, and support during an incident.

6. Prioritize continual improvement

Incident response is an ongoing process, and it is vital to learn from each incident. Conduct post-incident reviews and incorporate lessons learned into the plan to enhance future response capabilities.

Do you still have questions on how to craft an incident response plan? Hit the AMA Request button, and we can help!

Is an incident response plan different from a disaster recovery plan?

An incident response plan is different from a disaster recovery plan. A disaster recovery plan is designed to help a company recovery from any type of incident (or disaster) after the disaster.

An incident response plan narrowly focuses on addressing cyber incidents during a cyberattack in real time. Keep these two critical differences in mind. A disaster recovery plan:

  1. Focuses on recovering tech and data after a disaster

  2. Applies to human or natural disasters 

Building on that second point, a disaster recovery plan provides procedures and protocols to recover and restore critical systems even if they didn’t originate with a cyberattack, such as:

  • Data loss and failed backups

  • Network interruptions

  • Hardware failure 

  • Utility outages 

  • On-site threats and physical dangers 

While your business should have a disaster recovery plan, remember that it’s not the same as an incident recovery plan — you need both. But what about a business continuity plan?

Is an incident response plan different from a business continuity plan?

An incident response plan is also different from a business continuity plan. A business continuity plan is vital in minimizing the effects of a company during the disaster (human-induced or natural); however, it does not address the underlining issue, like a cyber incident.

Again, an incident response plan narrowly focuses on addressing cyber incidents during a cyberattack in real time. A business continuity plan is broad and ensures the business can continue its essential functions during a crisis (cyber or otherwise), minimizing the impact on operations, customers, and stakeholders. A business continuity plan includes strategies for communication, alternate work arrangements, resource allocation, and prioritization of critical activities.

Both might sound similar to a disaster recovery plan, but a disaster recovery plan focuses on restoring data access and IT infrastructure after a disaster.

An incident response, disaster recovery, and business continuity plan can have overlapping elements, but they are distinct plans. The key is to remember that they’re critical in their own way — each one plays a role in keeping your business safe and secure in the face of external threats. Don't worry if you find them somewhat confusing; we can help! Hit the AMA Request button, and we can walk you through it.


A well-developed incident response plan is critical to an organization's cybersecurity strategy. It enables swift and effective responses to security incidents, minimizing the potential damage caused by cyber threats. By understanding the importance of incident response plans and related strategies like disaster recovery and business continuity plans, organizations can fortify their defenses and better protect their valuable assets from the ever-evolving landscape of cyber threats.


How to Guard Against Ransomware on a Budget

Ransomware is malware that a bad cyber actor installs on your computer systems, encrypting essential files to hold your business hostage in exchange for money. It’s a massive cyber threat with staggering costs. (via Decoding Cyber)

Consider these five stats:

  • 68% of all cyberattacks worldwide are ransomware.

  • 217 million of them occur in the United States (ranked first).

  • The global damages for ransomware exceed $30 billion.

  • The average cost of a data breach caused by ransomware is $4.54 million (doesn’t even include the actual ransom payment).

  • 78% of organizations say they’re “very” or “extremely” prepared to thwart a ransomware breach — yet half of them still suffer attacks anyway.

If you’re running a business, should these numbers terrify you? Yes and no. On the “yes” side, you must continually remember that this threat is never going away. Within the larger cyber war, ransomware is a significant battle perpetrated by bad actors who will likely never give up this tactic.

But that leads to the “no” part of the equation: cybercriminals will leverage ransomware only insofar as organizations make it easy. If you guard your company doors and windows and install a state-of-the-art security system, you are lessening the likelihood that cybercriminals will devote their resources to you when they can just go to your less secure neighbor. In other words, don’t be an easy target.

When framed in these terms, guarding against ransomware should go from “scary, expensive, and impossible” to “manageable within our budget.” By understanding the basics about vulnerabilities within your systems and networks, you will be in a great position to implement — and maintain — a solid ransomware defense with existing resources and minimal extra costs.

So here are three ways to guard against ransomware while not breaking the bank.

1. Implement a strong cybersecurity posture

The best way to protect against ransomware is to implement a strong cybersecurity posture that includes the following, most of which can be done with your current IT folks, i.e., without paying a single dime to a vendor:

  • Regularly update software and operating systems: This will help patch vulnerabilities that ransomware could exploit. The keys here are to be diligent and thorough and not to wait around. The last thing you want is to suffer an attack because you were a few hours late on a software update. 

  • Use strong passwords and multi-factor authentication (MFA): This will make it more difficult for cybercriminals to access your systems. All you have to do is ensure that everyone in your organization follows password security best practices.

  • Educate employees about ransomware attack vectors: This will help your teams identify phishing emails and other social engineering tactics commonly used to spread ransomware. It’s not particularly tough to see when scammers are trying to bait you into clicking a malicious link or handing over personal info. But you must be in the right, alert mindset, because getting caught up in daily work and responding to phishing attacks is easy. That’s why ongoing cyber awareness is critical. Fortunately, plenty of free programs are online, including us here at decodingCyber.

  • Back up your data regularly: This will give you a copy of your data if it is encrypted by ransomware. Depending on the volume of data you traffic in, you might have to shell out some green for this service. But think about it — what would you rather do? Suffer a cyber attack and: 

    • A: Not correctly back up your data and not have any way to run your business without said data.

    • B: Correctly back up your data and have a way to run your business with said backed-up data.

    • C: Do nothing and hope the ransomware magically does away.

    • Psst… the correct answer is “B,” don’t be tempted by “C.”

2. Implement a layered security approach

A layered security approach is a defense in depth strategy that uses multiple levels of security to protect against ransomware. I’m not going to lie; this might be the one place where you have to open up your wallet. But you might already be doing these things; you just need to check:

  • Deploy endpoint security: Endpoint detection and response (EDR) solutions are critical to protect your corporate assets, such as phones, computers, and servers (aka… your “endpoints” or physical devices connecting to and exchanging information with your network). Consider this part of a larger attack surface management strategy.

  • Account for proper network security: This will protect and monitor your network. The network is how data flows throughout your organization to and from endpoints. This includes firewalls, intrusion detection and prevention systems (IDS/IPS), and network segmentation.

  • Lock down your data: After your endpoints and network are secure, you want to protect what flows within your corporate network: the data. This includes data encryption, data loss prevention (DLP), and access controls.

3. Have a ransomware response plan in place

A ransomware response plan is a set of procedures to help you recover from a ransomware attack. These types of incident response plans are essential for two main reasons:

  1. They encourage a defensive mindset. Creating them should compel you to ask yourself, “Are we doing everything we think we’re doing to thwart an attack, and how do we know?”

  2. They help minimize downtime. If you suffer a major cyber attack, being prepared will help you minimize the time your systems are down, which has risen from about two weeks to three weeks on average, according to Statista.

Your plan can be made with little to no money spent (assuming you have the expertise within your company to oversee the process) and should include the following six steps:

Step 1: Prevention

Refer to the first two points above and document them. This will help you ensure you are adequately addressing the potential threat.

Step 2: Detection

You want to determine how you will confirm you are dealing with a ransomware attack. Believe it or not, there are some false alarms. At this stage, you will also want to outline how to identify the type of ransomware and the systems affected, leading to the next step.

Step 3: Containment and Isolation

You want to discuss ways to stop the spread of malware and isolate an infected system. This will help to prevent the ransomware from spreading to other systems. Proper network segmentation will be crucial in the containment phase.

Step 4: Communication

If you are dealing with ransomware, don’t call 911.


If you are dealing with ransomware in the US, don’t call 911. Report it to:

  1. IC3

  2. FBI

  3. CISA

This is where you plan all your communication. This might be the most essential step. Think about things like:

  • How to engage with your cyber insurance provider (assuming you have one). Will your insurance cover this? If so, what will your provider do? These questions help you determine your liabilities. 

  • How to communicate with your customers and stakeholders. This will help maintain trust and minimize the attack's impact; you are likely legally obligated to do so.

  • How to communicate with your attacker. Do you negotiate with them? Will you pay the ransom?

  • How to communicate with law enforcement. When and how do you need to engage law enforcement? Who do you call?

Step 5: Mitigation

Write out how you plan to deal with the malware. Who can you rely on for assistance? If this is covered by insurance, what will they help with? This is where you want to take your time and ensure all the critical stakeholders are at the table to plan your response strategy.

Step 6: Recovery and Assessment

At this point in your plan, determine how to restore your data (assuming it is encrypted via the attack). This will ensure you can regain access to your data, most likely from a backup. Data encrypted via a ransomware attack can rarely be decrypted. Make sure you run a backup and restoration test(s). The last thing you want to do here is accept, “Well, in theory, our customer data can be restored… according to the vendor. I think, right?”

You will want to discuss how to draft an assessment of the situation after it ends. Will you have to rebuild your network? What will trigger that decision? Who will decide? After all, a bad actor was inside your network and might have seen other vulnerabilities, creating a backdoor for them to re-enter later. Who will be allowed to see this report? Will any of this be discoverable should there be a legal dispute? Ensure your legal team/representative is actively engaged in drafting this step and reviews the entire plan.


In the digital world, bad cyber actors will attack most businesses at one time or another. But that doesn’t mean yours will suffer the terrible consequences of a ransomware attack. By implementing a strong cybersecurity posture and a layered security approach, you can reduce the chance that an attack will work. By staying current on the latest threats and trends and creating a ransomware response plan, you can protect your business from ransomware without breaking the bank.

Laid-Off Tech Workers Could Consider Any of the Nearly 800,000 Open Cybersecurity Jobs

Another day, another round of big-tech layoffs. Per Bloomberg, the number of recently laid-off workers is more than 100,000. That’s a lot of people newly #OpenToWork.

If your LinkedIn page is filled with former Googlers, Meta-ites, and Amazonians seeking new employment after that severance runs out, consider calling them over to the one tech industry that is literally starving for employees. According to the (ISC)2 2022 Cybersecurity Workforce Study, the current cybersecurity workforce gap is 3.4 million people worldwide.

Per (ISC)2’s report: “While the cybersecurity workforce is growing rapidly, demand is growing even faster. (ISC)2’s cybersecurity workforce gap analysis revealed that despite adding more than 464,000 workers in the past year, the cybersecurity workforce gap has grown more than twice as much as the workforce with a 26.2% year-over-year increase, making it a profession in dire need of more people.”

In the United States today, there are nearly 800,000 cybersecurity job openings, according to CyberSeek’s heat map – many of these roles are in states like California, Texas, Florida, Colorado, and Virginia. These states have thousands of openings available in various capacities, ranging from analysts to manager roles.

And according to some cyber experts, soft skills may be just as important as certifications. In a recently-published op-ed in Forbes, Boyd Clewis of Baxter Clewis Cybersecurity highlighted how important communication skills are  for IT professionals.

“In cybersecurity, the number one most valuable trait isn’t being great at working on systems and software—it’s having clear, precise verbal and written communication,” Clewis wrote. “Unfortunately, schools and training programs focus on technical skills, often ignoring communication. This poses a real problem, since communication skills are absolutely necessary in this field. IT and cybersecurity exist only as an extension of business, to help business processes enable applications.”

As previously reported in this blog, the White House has also pushed on filling the widening cybersecurity jobs gap. At the end of 2022, the executive branch celebrated the end of its 120-day cybersecurity “Apprenticeship Sprint.”

At the end of this sprint, the White House boasted 194 new cybersecurity registered apprenticeship programs and more than 7,000 apprentices getting hired. Several hundred new cyber-related occupations were also added to registered apprenticeship programs.

Organizations like Austin Community College, ISC(2), Cisco Systems, and the U.S. Department of Veterans Affairs all started new programs to train up-and-coming security experts, according to the WH press release. The largest provider of apprenticeships is within the U.S. government for the Department of Defense, according to the release.

Looking to expand your understanding of the cybersecurity industry? Meet with us in your city — check out our upcoming events at

Laid-Off Tech Workers Could Consider Any of …

Industry News Posted by Jen Greco on Jan 23, 2023

The Rise of ChatGPT: How AI Plays a Vital Role In Cybersecurity

For anyone plugged into the blossoming world of artificial intelligence, you’ve probably heard of (or chatted with) ChatGPT. And for anyone curious about how AI feels about AI when it comes to cybersecurity, look no further.

Following a handful of barbs regarding Asimov’s Rules of Robotics, I asked ChatGPT if it could “write me an article about the role of AI in cybersecurity.” Here is what it said:

The Role of Artificial Intelligence in Cybersecurity

Artificial intelligence (AI) has the potential to revolutionize the field of cybersecurity, and it is already being used in a variety of ways to improve the security and integrity of computer systems and networks. Some of the ways in which AI is being used to enhance cybersecurity include:

Threat detection and prevention: AI can be used to analyze large amounts of data, including network traffic and user behavior, to identify and alert on potential threats. By using machine learning algorithms and other techniques, AI can help to identify patterns and anomalies that may indicate the presence of a security threat, and it can take automated actions to prevent or mitigate these threats.

Vulnerability management: AI can be used to identify and prioritize vulnerabilities in a network, and to suggest patches or other remediation measures to address them. By continuously monitoring networks and systems for vulnerabilities, AI can help organizations to stay ahead of potential security threats and to ensure that their systems are secure and compliant.

Password management: AI can be used to generate strong passwords and to detect and alert on suspicious login activity. By using advanced algorithms and machine learning techniques, AI can help to ensure that passwords are secure and that unauthorized access to systems is detected and prevented.

Phishing and spam detection: AI can be used to analyze emails and other communications for signs of phishing or spam, and to flag or block these messages. By using natural language processing and other techniques, AI can help to identify and filter out malicious communications, and to protect users from falling victim to these scams.

In addition to these specific applications, AI can also be used to improve the efficiency and effectiveness of cybersecurity operations more broadly. By automating tasks and providing actionable insights and recommendations to security professionals, AI can help to streamline and optimize security processes, and to free up human analysts to focus on more complex tasks.

While AI has the potential to significantly improve cybersecurity, it is important to carefully consider the risks and limitations of these technologies. There is a potential for AI to be misused or to introduce new security vulnerabilities, and it is important to ensure that these technologies are used in a responsible and ethical manner.

Overall, the role of AI in cybersecurity is likely to continue to evolve and expand in the coming years, and it will be an important tool in the fight against cyber threats. By leveraging the power of AI, organizations can improve the security of their systems and networks, and better protect themselves and their customers from cyberattacks.


Obviously, as an editor by trade, I prodded at the bot for its pro-AI bias, for which it profusely apologized and stated that it didn’t intend to offend.

Apart from this discussion, it was able to offer some insights on Zero Trust in government, but its primary shortfall is that its unable to draw any knowledge on current events as its cutoff is in 2021. Thus, any discussion on recent cyberattacks or up-and-coming methods are less than ideal. Per the bot, it utilizes data available on published sources and integrates algorithms and other data to offer information in a conversational tone. It’s quick to relinquish any possible opinions, and won’t just do whatever the user inputs. For example, I asked the bot to write about the Colonial Pipeline attack, but in the style of a children’s story — to which it chided me, as it would be inappropriate and irreverent to discuss a serious topic in such a manner.

As a matter of cybersecurity, ChatGPT certainly represents a fairly great threat in terms of the ability to utilize AI for rampant disinformation — an issue that has been widely reported toward the end of 2022. In an article on eSecurityPlanet, Robert Blumofe, who is the CTO and EVP at Akamai Technologies, is quoted citing the threat of this tech in phishing.

“The technology will enable attackers to efficiently combine the volume of generic phishing with the high yield of spear phishing,” he said in the article.  “On the one hand, generic phishing works at a massive scale, sending out millions of lures in the form of emails, text messages, and social media postings. But these lures are generic and easy to spot, resulting in low yield. On the other hand and at the other extreme, spear phishing uses social engineering to create highly targeted and customized lures with much higher yield. But spear phishing requires a lot of manual work and therefore operates at low scale. Now, with ChatGPT generating lures, attackers have the best of both worlds.”

What may be most interesting from a security perspective is the fact that the developers are now concerned with those who may use the AI for nefarious purposes. For example, when I asked the bot to generate a password reset email for a Twitter user, it cheerfully complied — with a content warning.

While there’s currently no telling where this technology might take cybersecurity, it’s clear that the developers are beginning to take the potential for abuse.

For anyone interested in delving deeper, the bot is available here. Share your chat highlights in the comments.

Hackers Don't Take This Week Off: Weekly News Roundup

Is there a word for the week between Christmas and New Years where time seems to just move differently? Cyber experts know that hackers never take a week off – and in fact, tend to capitalize on these “quiet” times. Here are some of the latest security updates capping off the year.

NO NEW PATIENTS: A New Jersey hospital halted patient admissions due to “an IT security issue” – which is currently under investigation, according to CentraState Medical Center in Freehold diverted all new and incoming patients, though patient care had not been adversely affected, according to the report. The story…

AMONG OTHER DISRUPTIONS FOR THE WEEK: We’ve got the closing of the Harrington Raceway & Casino in Delaware due to a “temporary disruption.” Bristol Community College in Massachusetts has shut down campus internet access thanks to a breach. Plus, Howard Memorial Hospital down in Arkansas just had a breach that may impact patient and employee security and confidentiality.

IMAGINE PAYING $44 BILLION FOR THIS:  If you missed it, Piers Morgan’s Twitter account was really, really hacked over the Christmas holiday, and many are confident that his and other high-profile user data was leaked in a June 2021 bug. By July of 2022, Twitter insiders came to find that this bug was exploited to the tune of 400,000,000 users’ data. All this based on research from Israeli cyber-intelligence firm Hudson Rock, as reported by The Guardian.

TIKTOK’S FINAL COUNTDOWN: Leaving out the obvious cultural decay that TikTok has reaped upon America’s youth, the security threat it brings should be enough to concern any fairly savvy lawmaker. Governors across the United States have announced bans on the use of this app for state employees, and a ban was also included in the massive $1.7 trillion spending bill for all government-issued devices… making it, likely, possibly, the least expensive line item on the bill. Broader story from

LOOKING FOR THE BEST RECAP OF 2022?: KrebsonSecurity celebrated 13 years in business earlier this week – no small feat in a dynamic industry like this one. To celebrate, the site posted a full year-in-review – definitely an ideal read for putting your arms around the biggest stories in security for 2022. Remember when Norton was installing crypto-mining software on customers’ computers? Yeah, that was this year.

Hackers Don’t Take This Week Off: Wee …

Industry News Posted by Jen Greco on Dec 30, 2022

Note to Self: Smishing Schemes Are on the Rise

We may be living in strange times, but that text message you received last week from yourself probably didn’t pass the smell test for most cybersecurity professionals.

In case you missed it, a large number of Verizon customers got texts from their own phone numbers over the last few weeks. The compelling message? It’s a heads up that your March bill was paid, and a link for you to claim a “free gift.” Obviously, the gift likely anything but free.

SMS scams – or smishing – is costly for those who fall victim – in 2020, Americans lost $86 million on text message scams, according to the Federal Trade Commission and the AARP. The average individual loss was $800 in 2020 (that’s roughly $880 in 2022 dollars).

“As part of a recent fraud scheme, bad actors have been sending text messages to some Verizon customers which appear to come from the customers’ own number. Our company has significantly curtailed this current activity, but virtually all wireless providers have faced similar fraudulent activity in recent months,” Verizon said in a statement sent to Fox News.

Verzion doesn’t seem to think the Russians are behind this one, according to the same statement, where they also mentioned that they’re working closely with law enforcement to remedy the issue. That said, the author of this article from The Verge reported that the link in the message seemed to point back to a  Russian state TV network.

This seems to be a result of those robocalls going unanswered, thanks to aggressive phone spam filters offered by mobile carriers, according to Verizon. It’s not so easy to block your own number from spamming you.

“Just as Verizon continues to combat robocalls on behalf of our customers — 20 billion blocked to date — we are working diligently to crack down on pesky spam texts and have put a number of tools in place to prevent them from ever reaching you,” the company said in a press release.

If you’re a Verizon customer tackling these spam texts, they tell you not to delete it (full disclosure: this author deleted it immediately). If you get it, copy the message and text it to “SPAM” (that’s #7726 on your touchtone).

For now, the best move would be to follow the sage advice from AARP:

  1. Don’t respond – not even with a STOP.
  2. Don’t click links and don’t open attachments.
  3. Filter and block spammy messages.

Also, don’t forget to ask yourself why you’d be texting yourself with a free gift – instead, treat yourself to the joy of outsmarting yet another cyber criminal.

Note to Self: Smishing Schemes Are on the R …

Hot Topics in Cybersecurity Posted by Jen Greco on Apr 4, 2022

As Cybersecurity Threats Related to Russia-Ukraine Conflict Loom, Leaders Gather in Tampa

Mayor Castor, State CIO Grant Join Public Officials, FBI and US Secret Service Agents to Educate Local Leaders on Current Trends

Data Connectors, representing the largest cybersecurity community in North America, confirmed details of the Tampa Cybersecurity Conference on March 15. This first-of-its-kind gathering brings together federal, state, and local organizations with top private-sector executives from area businesses and public-sector leaders of regional municipalities.

The agenda includes Tampa Mayor Jane Castor, Florida State Chief Information Officer Jamie Grant, senior officials from the Tampa Field Offices of the United States Secret Service and the Federal Bureau of Investigation (FBI), the Florida Attorney General’s Office, alongside Chief Information Security Officers (CISOs) and other cybersecurity leaders from over 200 area businesses.

“The City of Tampa’s unique role as home to MacDill Air Force Base and Central Command means that we are very cognizant of the need to protect our critical infrastructure against attacks. We continue to work closely with the Department of Homeland Security, other government agencies and peers to participate in a whole-of-community approach to build and sustain security prevention and protection capabilities. The new reality is that both government and private networks are being attacked daily. That means we all have to be diligent and adapt to technology and education. Our cyber security safeguards are ongoing, with each employee having a role to play in protecting our cyber infrastructure,” Castor said.

The Conference features live expert panel discussions, networking opportunities, and informative presentations from leading cybersecurity solution providers. Honored guests on the agenda include:

  • Jane Castor: Mayor for the City of Tampa
  • Jamie Grant: Florida’s State Chief Information Officer (CIO)
  • Sanjay Virmani: Acting Special Agent in Charge, FBI Tampa Field Office
  • Richard Dean: Asst. Special Agent in Charge, US Secret Service – Tampa Field Office
  • Jeremy Rodgers: CISO, State of Florida
  • Ramin Kouzehkanani: Chief Information & Innovation Officer, Hillsborough County
  • Martin Zinaich: CISO, City of Tampa
  • Jason Manar: CISO, Kasteya

US Secret Service and FBI representatives will participate in panel discussions, and touch on the importance of public-private partnership to overcome the threats faced by businesses in the region. Keynotes include:

  • Jason Menar, the Chief Information Security Officer for Kaseya, who has the unique experience of having investigated the company’s 2021 data breach as an FBI agent, and
  • Florida State CIO Jamie Grant, who will talk about his organization’s progress building the Florida Digital Service.

The Conference will be held in downtown Tampa Marriott Water Street on Tuesday, March 15 with sessions starting at 9 a.m. Qualified professionals can obtain Continuing Professional Education (CPE) credits for participation.

Conference registration information can be found at:

About Data Connectors
Since 1999, Data Connectors ( has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live Conferences, Web Briefings, and regular communications.

As Cybersecurity Threats Related to Russia- …

Press Releases Posted by Jen Greco on Mar 7, 2022

INFOGRAPHIC: A Line of Defense for Healthcare
The healthcare industry is confronting the increasing frequency and debts of data breaches around the world. On average, these breaches increase hospital mortality rates and cost each breached hospital $6.5 million (USD) or $429, on an individual basis, per patient.

67% of first-year costs follow, as hospitals work to resurrect systems and operations. These expenses include making legal, technical, and regulatory amends, notifying and communicating with affected patients, and heightening data security following the incident. On top of these expenses, more money is lost as hospital business decreases as a result of waning customer trust, damage to their reputation, and system shutdowns during reparation. After hospitals find themselves on a steady path to recovery, small to medium medical organizations have spent 5% of their yearly revenue, which on average, totals to $2.5 million.

An additional layer of data security may be the answer to fears and ignite preventative action. Blockchain, defined as, “a distributed ledger for recording transactions and tracking assets”, can secure healthcare data and shield against breaches. Wearable and remote monitors, telehealth, gamification, and health data NFTs are a few blockchain tools that can make a world of difference.

Wearable and remote devices include narcolepsy, blood pressure, seizure, pulse, sleep apnea, and diabetic monitors among others. These devices can be connected to databases that retain each individual’s recorded information. Healthcare personnel can retrieve patient data as it’s being recorded, patients can have more personalized care, and paramedics can better treat patients according to recent data when they arrive. With better security, less errors in data reporting, and longer-lasting technologies, these devices offer many benefits that can aid both data safety and the productiveness of patient-professional relationships.

Telehealth on its own poses notable risks, as few fully-fleshed out regulations and protocols regarding the storage and distribution of data exist and personal information can be shared with marketers and other parties without consent. By implementing blockchain, telehealth security heightens and becomes more dependable. Blockchain can infuse secure storage systems for medical records and compile data to give medical professionals a more comprehensive account of patient history.  By augmenting customer trust in the system and providing more efficient forms of data exchange, adding blockchain components to telehealth could be another guard against data breaches.

Gamification and health data NFTs go hand-in-hand. With gamification, patients are more focused through strategies that facilitate orientation toward their health-related objectives and openness to adopting new skills and habits. Those who attend doctor’s appointments, complete surveys, take prescriptions, and abide by doctor’s orders are rewarded with cryptocurrency tokens. Medical professionals, in turn, minimize losses as a result of improved, motivated outcomes. 

NFTs for health data describes the utilization of non-fungible tokens to protect an individual’s health record, guarding against theft and fraud. Patients benefit from increased control over their data, the possibility of gaining a profit from sharing select data with third parties, and being able to verify the legitimacy of personal information. 

Blockchain is being adopted into systems by both long-standing and up-and-coming healthcare companies, as they improve services and transactions and guard against the toll that data breaches can take on any organization. Learn more about blockchain and health to see how it can secure your service and operations too.

INFOGRAPHIC: A Line of Defense for Healthcare

Infographics Posted by Jen Greco on Mar 2, 2022

“State of Cyber 2021” Brings Together Homeland Security, FBI, Secret Service and Local Executives in St. Louis

Law Enforcement, Chief Information Security Officers from Region’s Largest Organizations Convene to Get Ahead of Expanding Cyber Threats


ST. LOUIS, MO – November 29, 2021. Data Connectors, representing the largest cybersecurity community in North America, confirmed the details for the State of Cyber 2021 Conference, which will take place December 1st and 2nd, 2021. In partnership with the St. Louis InfraGard Alliance and local field offices of the Federal Bureau of Investigation (FBI) and the US Secret Service, the Chesterfield, MO-based firm will present this year’s in-person and online gatherings, a return from last year’s all-virtual format.

“The United States Secret Service is proud to collaborate with our local, state, and federal partners at the State of Cyber 2021 Conference. Sharing intelligence with them and the organizations responsible for a private infrastructure operating in the St. Louis metropolitan area furthers our investigative mission to thwart crimes against the financial infrastructure of the United States,” stated Thomas Landry, Special Agent in Charge, U.S. Secret Service – St. Louis Field Office.

Landry also headlines the agenda on Wednesday, December 1st.

The conference features prominent Chief Information Security Officer (CISO) executives from the region, as well as industry luminaries, cybersecurity solutions experts, and representatives from government agencies. The two-day agenda represents a combination of the St. Louis Cybersecurity Conference, which has been run annually since 2003, the St. Louis InfraGard Alliance’s State of Cyber event started in 2016, and an annual update for local cyber professionals conducted by the St. Louis Office of the United States Secret Service’ Cyber Fraud Task Force.

Validated professionals in the community that attend the Conference will receive briefings from the Department of Homeland Security (DHS) Cyber Infrastructure Security Association (CISA), and hear from local peer executives from organizations such as Mastercard, First Bank and TikTok.

The Conference will also feature a panel discussion on the State of Cyber Inter-Agency Cooperation, and keynotes from public and private sector executives:

  • Richard Quinn, Special Agent in Charge, FBI St. Louis Division
  • Erin Hug, Cyber Intelligence Analyst, Cybersecurity Forensics & Intelligence Unit at Missouri State Highway Patrol
  • Angela Robinson, Cybersecurity Specialist with the Department of Public Safety (DPS)
  • Derek Rieger, Deputy Director of the St. Louis Fusion Center
  • Brian Cockrill, Senior Special Agent – Technical Staff Assistant at the United States Secret Service – St. Louis Field Office
  • Christopher Cockburn, Cybersecurity Advisor at CISA
  • D. Henry, Cyber Security Advisor & Indiana Cybersecurity State Coordinator at CISA

Over 300 members of the Data Connectors Cybersecurity Community are expected to attend this conference. More than 30 community partners and affiliate organizations will also be a part of the gathering including Auth0, Attivo Networks, Darktrace, and Noname Security.

The Conference will take place on Wednesday and Thursday, December 1-2, starting at 8:00 a.m. CST at the Hyatt Regency St. Louis at The Arch, 315 Chestnut St., St. Louis, MO 63102. Registration is FREE for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation.

More information for the Summit can be found at


About Data Connectors
Since 1999, Data Connectors ( has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 Community Partners across North America. Members enjoy informative education, networking and support via award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

# # #

Note to reporters: If you wish to attend these sessions at no charge, please contact Michael Hiskey, Chief Strategy Officer, at +1.636.778.9495, or

“State of Cyber 2021” Brings Together H …

Press Releases Posted by Emily Ramsey on Nov 29, 2021

Atlanta's Chief Information Security Officers Debate Future of Cybersecurity; 2022 Trends


Targeted by Nation-States and Ransomware Gangs, Boards and Executive Leadership Teams Face Realities of Current Threat Landscape

ATLANTA, GA – October 25, 2021 Data Connectors, representing the largest cybersecurity community in North America, confirmed the details for the Atlanta Cybersecurity Conference this week.  The important gathering for senior executives in the region that has been listed as one of the top five in the country returns to an in-person format, after a 19-month hiatus.

The conference features prominent Chief Information Security Officers (CISO) executives from the region, as well as industry luminaries, cybersecurity solutions experts, and representatives from government agencies including the Federal Bureau of Investigation (FBI) and the United States Secret Service.

The 15th annual event returns with a two-day agenda, highlighting important areas of cybersecurity such as identity and access management, cloud email security, development security operations (DevSecOps), and managed detection and response.

“Boards and executive leadership teams are confronted with the reality that they can no longer engage in digital transactions or e-commerce without understanding the global cybersecurity landscape or the state of their internal security program,”  said Derek Johnson, local cybersecurity executive from the Susan G. Komen organization and Board Member at the InfraGard Atlanta Members Alliance. In his featured keynote at the conference, Johnson will lead a discussion for the cybersecurity community members on hand to explore the topic further this Thursday afternoon at the Marriott Buckhead Hotel & Conference Center.

In his presentation “Atlanta FBI Looks Back on 2021 Cyber Threats,” Special Agent Nathan Langmack, from the FBI Atlanta Field Office, will dissect the key components of some of the recent high-profile ransomware attacks such as SolarWinds and Colonial Pipeline. He will use these and others to surface lessons learned that translate to what CISOs and all information security executives should regard as best practices.

These discussions include some of the top executives throughout the region, such as:

  • Kevin Gowen, CISO at Synovus Bank
  • Dean Mallis, CISO at MARTA (Metropolitan Atlanta Rapid Transit Authority
  • Jameeka Green Aaron, CISO at Auth0
  • Michael F.D. Anaya, Head of Attack Surface Analysis at Palo Alto Networks
  • Tamika Bass, CISO at Georgia Department of Revenue
  • Taiye Lambo, Founder at HISPI and Pioneer vCISO

Over 300 members of the Data Connectors Cybersecurity Community are expected to attend this week.  More than 30 community partners and affiliate organizations will also be a part of the gathering including Votiro, Auth0, Attivo Networks, Security Scorecard, and the local chapters of ISC2, AFCEA, and CNSP.

The Conference will take place on Wednesday – Thursday, October 27-28 starting at 8:00 a.m. E.S.T at the Atlanta Marriott Buckhead Hotel & Conference Center, 3405 Lenox Road NE, Atlanta, Georgia 30326. Registration is FREE for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation.

About Data Connectors
Since 1999, Data Connectors ( has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking, and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Atlanta’s Chief Information Security …

Press Releases Posted by Emily Ramsey on Oct 25, 2021