Welcome to the “CyberSecurity Loop” News Bytes – Edition #9

By John Reeman | March 27, 2025
CyberSecurity Loop Newsletter #9

Last week I ran a live “cybersecurity breach simulation” at the Legal Counsel Forum in Sydney.

The format of the 1 hour session allowed delegates to play along as I walked them through a scenario of a data breach.  Then using my “colour code framework” we explored the essential elements that make up a well defined Incident Response strategy and plan.

Cyooda Security Colour Code Method

Attendees then colour coded each of the elements, using a traffic light system and scored themselves out of a possible total of 28.  If they scored 21 or above then they had nailed it!  Anyone below 21 on the other hand had some work to do!

It was a fun event to do in 1 hour! Normally I run these workshops over a 3 - 4 period with executive leadership and operational teams.  If you are interested in learning more you can contact me directly on LinkedIn or use the link in the resource section below!

In other security news:-

  • NSW Courts suffered a data breach on Tuesday 25th.  Investigations are now underway by NSW Police and the story is still evolving.  Sensitive court documents were allegedly accessed, including AVOs and court affidavits.
  • Brydens Lawyers suffered a data breach back in February and have now taken out an injunction to stem the flow of information being leaked in the wake of the alleged ransomware attack.
  • In May,ransomware payment rules and reporting come into force for businesses with turnovers in excess of $3 million.
  • OpenAI is now offering $100k bounties for anyone who identifies critical vulnerabilities in their platform.
  • Oracle Hacked- Despite Oracle categorically denying that its cloud systems have been breached, sample data released by the hacker seems to suggest otherwise.  A hacker named ‘rose87168’ announced recently on a hacking forum the sale of data associated with over 140,000 Oracle Cloud tenants. The hacker claims to have obtained six million lines of data, including SSO and LDAP passwords.

Tool

If you are interested in GenAI, I recently came across this great visual map that shows the number AI vendors that service the Legal sector broken down by category.

Legal Tech Hub

Here’s the link [https://www.legaltechnologyhub.com/contents/lth-genai-legal-tech-map-march-2025/]

Tip

This might be a bit geeky for some of you! So you can skim past this or hand it on to a more technical person in your firm!

If your firm is using Microsoft 365 and your Tennant was setup before Just 2023, make sure that you have “Unified Logging” turned on as prior to that date it was not enabled by default. It is essential to be collecting the right audit logs for alerting and forensics. Both your security operations team and DFIR responders, if you ever need one will thank you for it!

Also, the good news is that the default retention period for Audit Logs Standard has been increased from 90 days to 180 days at no extra cost to your license. This is important as threat actors, on average, stay hidden in organisations for more than three months before they strike.

More details can be found here -

[ https://learn.microsoft.com/en-us/purview/audit-get-started]

[https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/modern-work-plan-comparison-enterprise.pdf]

Resource

Ransomware Kit

I’ve put together a 72-ransomware basic rescue kit resource which provides:

  • An outline incident response plan
  • A ransomware payment workflow diagram
  • Essential logging requirements for both cloud and on-premises services
  • The Top-10 things you should be focussing on

[Get the kit here >> Ransomware Rescue Kit]

Quote

"You’re braver than you believe, stronger than you seem, and smarter than you think." - A.A. Milne

Posted in Cyooda Newsletter

Leave a Comment