CEOs: your main exposure to ransomware comes from the ease of spreading within an organization, getting "domain admin". Just hire a pentester, give them an account on a typical employee desktop, and ask them to get domain admin.

"DarkSide" is simply a bunch of standard pentesters. They are doing the same sorts of things like running mimikatz. They'll find simple errors. Hire pentesters, give them a standard employee desktop, watch how they spread and get admin credentials.

I hate simple proscriptions like "just use multifactor authentication". Your problems might be different. For example, maybe your problem is that you've got the same local admin credentials in the image for all your desktop builds.

I hate all simple proscriptions because you can become compliant with them while missing the entire point. "Oh, it's just an IAM issue". Well, no, that's like saying rocket engines are just a "fuel burning" issue. There's important details on just HOW this is done.

RDP is an incredibly common entry point. I can come up with glib proscriptions on how to secure it -- but that's not enough. I need to first understand what value to get from RDP and how to secure it while preserving that value. https://twitter.com/uncl3dumby/status/1391824084757925892

Lack of network segmentation is HUGE, with a lot of bang for little buck. I see a lot of resistance to it. I'm not sure if the reason is because I don't understand their concerns, or if they don't understand the value/costs. (I shouldn't assume the latter) https://twitter.com/haroldsmith3rd/status/1391824687685120001