David Forrestall

/David Forrestall

About David Forrestall

David Forrestall is the founder of SecurIT360, an independent, cyber-only security consulting firm. The firm actively monitors the current threat landscape for its clients, responds to incidents, and performs assessments to enable prudent security decisions. David is a Business Professional with proven expertise in technology, security, finance, and operations. He has over 25 years of Security, IT, and business consulting experience, and has worked with clients in a wide range of industries. He has extensive experience working with all levels of management and staff. David has a strong history of helping clients identify areas for improvement and implement processes and technology leading to increased corporate efficiency and profitability.

Coronavirus Cyber Security Challenges – The Remote Workforce

The Cyber Security Implications of the Coronavirus As the fear of the Coronavirus - COVID-19 - spreads, governments and companies are looking for containment strategies that reduce human contact.  Exposed cities are on lockdown, forcing any work to be done remotely and there are more restrictions to come.  Some companies have already closed locations as a precaution, and as restrictions increase, others will be forced to send workers home to work remotely.  The criminals have already started the scams: phishing campaigns to take people to fake news updates to see if they can entice a click.  That is the easy [...]

By | 2020-03-18T10:48:11-05:00 March 16th, 2020|Uncategorized|Comments Off on Coronavirus Cyber Security Challenges – The Remote Workforce

Cyber Security Budgeting for 2020

It is time to update our annual Cyber Security Budgeting advice.  I just lead an exercise at a conference where folks had limited budgets and needed to determine the best places to spend their Cyber Cash.  As I reviewed what we have adapted over the years, much of it is still the same.  We continue to become more dependent on technology composed of applications, operating systems, processors, storage, and connectivity.  IoT, autonomous vehicles, 5G, Huawei, and other new things continue to proliferate, but we still apply the same principles to protect ourselves.   So, what is new this year? The proliferation [...]

By | 2019-08-29T07:00:47-05:00 August 29th, 2019|Uncategorized|Comments Off on Cyber Security Budgeting for 2020

New York DFS – 23 NYCRR 500 Compliance

Checklist for Compliance In response to the increasing threats of cybercriminal activity and as an effort to protect Non-Public Information (NPI) held by entities under its jurisdiction, the New York State Department of Financial Services (DFS) implemented a cybersecurity regulation, 23 NYCRR 500. It has twenty-three Sections and went into effect on March 1, 2017. There are designated “Transition Periods,” but the last one expires on March 1, 2019. A few key things to consider when looking at this Regulation: It applies to Covered Entities, which include those operating under NY Banking Law, Insurance Law, or Financial Services Law – [...]

By | 2019-02-28T14:30:54-05:00 February 28th, 2019|Compliance, Computer & Network Security, Uncategorized|Comments Off on New York DFS – 23 NYCRR 500 Compliance

Budgeting for Cyber Security for 2019

Cyber-Security Budgeting is a Layered Approach Cyber-Security is arguably the hottest market right now.  Organizations are now willing to spend $$ now more than ever to avoid becoming the next headline.  When planning, it is easy to focus on available products that vendors are spending millions of dollars to push at us every day.  Products are required, but it is the process around these that keep you secure.  Best practices in security follow a layered approach, and budgeting is no different.  Where should you focus your efforts? The Basic Layers:  Reduce Known Risks These are not sexy, but neither is [...]

By | 2018-12-07T16:21:40-05:00 July 31st, 2018|Information Security, Uncategorized|Comments Off on Budgeting for Cyber Security for 2019

WannaCry – Worldwide Ransomware Attack – Updated

A widespread ransomware attack has spread across the globe infecting tens of thousands computers in as many countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan.  The software can run in many languages.  There have been several versions and updates, but the ways to protect remain the same.  Recently, a decryption tool has been discovered – see here. Technical Details Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through a Remote Desktop Protocol (RDP) compromise or the exploitation of a critical Windows SMB vulnerability.  Microsoft [...]

By | 2017-05-24T14:02:22-05:00 May 13th, 2017|Uncategorized|Comments Off on WannaCry – Worldwide Ransomware Attack – Updated

Law Firm Breach Used for Insider Trading Profit

Three Chinese citizens are charged for insider trading after allegedly making $4 million by using information obtained from Law Firms.  The breach has to do with stolen credentials and malware planted within Firm systems - a very common tactic.  The Law Firm names have not been released yet.  Firms are typically diligent with Banking and Healthcare data, but this breach had to do with a merger that was in the works.  The hackers bought shares before the announcement and profited from the stock increase.  This highlights the need for more than just basic cyber security products.  A more disciplined approach [...]

By | 2016-12-30T13:19:30-05:00 December 28th, 2016|Computer & Network Security, Data Breach, Information Security, Social Engineering|Comments Off on Law Firm Breach Used for Insider Trading Profit

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

In the first post I covered best practices for securing service accounts.  In this post, I am going to discuss some key elements in securing priveleged access.  Keep in mind, Microsoft has published a comprehensive guide to securing an Active Directory. Keep in mind that many of these things will require additional work on the front end, but that is usually due to poor existing practices.  Once processes are in place, these key components should not add significant overhead to administrative tasks. No users should regularly reside in Domain Admins (DA) or Enterprise Admins (EA) groups Straight from the horse's mouth: As [...]

By | 2016-03-21T09:57:50-05:00 February 18th, 2016|Asset Management, Compliance, Computer & Network Security, Microsoft|Comments Off on Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

I recently had a client ask me about our recommendations for securing service accounts within Active Directory.   We talked for a bit, and then I decided to write them down.  This post will have two parts, the first part is for Service Accounts and then the second post will be about privileged accounts. What is the minimum privilege needed? If the account will only use local resources on a single device, use a local account on that device. If the account needs permission to see users, computers, groups etc use a domain service acct. When only read access to [...]

By | 2016-02-18T11:02:18-05:00 February 18th, 2016|Asset Management, Compliance, Computer & Network Security, Microsoft|Comments Off on Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

2015 Cyber Security Awareness Month

What is Cybersecurity? According to US-CERT, "The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation." In other words, it is the people, processes and technology that manage or maintain the Integrity, Availability, and Confidentiality of the systems and data with which an organization functions.  Many times these roles are shared with IT which in turn can come with its own challenges.  Often times, IT is focuses solely on availability, or up-time and ease of use, and both [...]

By | 2015-10-02T09:15:18-05:00 October 2nd, 2015|Compliance, Computer & Network Security, Information Security, Research|Comments Off on 2015 Cyber Security Awareness Month

Third Party Apps: Consider The Risks

What are 3rd party tools? Everyone, from individuals to enterprises, uses third party tools and applications on their workstations, servers and mobile devices.  Some examples are Adobe Reader, Java, WinRAR, and many more.  They are applications that are run or installed, but are typically not centrally managed by your organization. Why are they important to an organization? Many times these tools are required to carry out critical job functions.  These can be running applications that require Java applets, fax services, custom written applications and so on. What risks can they introduce? Since these applications are usually not centrally managed, their [...]

By | 2015-10-01T09:22:47-05:00 October 1st, 2015|Adobe, Compliance, Computer & Network Security, Java, Vulnerabilities|Comments Off on Third Party Apps: Consider The Risks