now browsing by tag
Most (54%) cybersecurity professionals believe the threat landscape is evolving faster than they can respond, with a lack of preparation and strategic thinking endemic, according to RedSeal.
The network resilience vendor polled 600 IT and security decision makers in the UK and US to compile its RedSeal Resilience Report 2017.
It revealed that most respondents feel they are under-resourced (54%), can’t react quickly enough when an incident strikes (55%) and can’t access insight to prioritize incident response (79%).
Just 20% said they’re extremely confident their organization will be able to function as normal in the event of a breach or attack.
What’s more, there seems to be a dangerous disconnect between perceived strengths and reality.
Some 40% of respondents claimed ‘detection’ is their strongest capability, stating it takes an average of just six hours to spot an incident.
However, this flies in the face of many other industry reports, compiled by the likes of Mandiant (99 days) and Trustwave (49 days).
RedSeal also claimed that only a quarter of respondents test their cybersecurity incident response annually, with many saying it’s too resource intensive (29%), outside their budget (27%) or takes too long (26%).
“Their data networks are dynamic. This dynamic nature creates a risk,” RedSeal CEO Ray Rothrock told Infosecurity.
“Given that they report in our research that they last created a map of their entire network on average nine months ago, there’s no way to know precisely if their most valuable assets are accessible to bad actors at the present time. The lag in knowing what the network looks like and where data lives is a crucial factor in being ready for the inevitable.”
The report also revealed that compliance rather than strategy is driving IT security planning for the vast majority (97%) of organizations.
“On the cyber front, digital resilience — the ability to contain the bad guys when they’re inside your network, and protect high value assets like customer data and content from exfiltration — will protect your networks and your vital financial assets,” concluded Rothrock.
“So, it’s important to know your network inside out. Know what is important to your business and your customers, where it is, and make sure it’s secure. Operational resilience means not only being ready, but having a plan and procedures and then rehearsing that action plan.”
The post Cybersecurity #Pros Can’t Keep #Pace with #Threat #Landscape appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Industry and government cybersecurity experts offer advice for protecting business assets and reputation in an increasingly dangerous cyber threat landscape.
Don’t expect the cyber threat landscape to get safer anytime soon. That’s the message given by speakers at two recent Boston-based events. “By any measure you want to use, the trend line is going the wrong way,” said Rob Joyce, White House cybersecurity coordinator, speaking at the Cambridge Cyber Summit hosted by CNBC and The Aspen Institute. “Whether you look at breaches, whether you look at criminal activity, whether you look at nation-state activity, or even the sanctity of our elections, we’ve got to worry.”
That sentiment was echoed by experts from business, the cybersecurity industry, and government intelligence and law enforcement agencies. While the picture they painted was grim, all the speakers were optimistic that the situation would improve over time. The speed of that improvement, though, is dependent on organizations changing the way they approach cybersecurity.
Processes and attitudes need to change, the experts agree. More effective means of protecting data and assets are well within the reach of most organizations. Their advice follows.
Do the cybersecurity basics well
Many companies are not consistent at doing what Joyce calls “the basic blocking and tackling of security, whether it’s patching, having a good architecture, understanding in advance where the threats are, having logs, monitoring, watching and dealing with it.” He and other speakers urged companies to review their policies and put processes in place that ensure the systems are working as they should be.
At the very least, organizations should be following the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Doing so is not a guarantee against a breach, but it demonstrates a “duty of care” that can reduce liability should a breach occur. “If you do all the things you should be doing to protect the network, like following the NIST framework, and still get breached, the chances of being penalized are less,” said Mike Gregoire, CA Technologies chairman and CEO, at the Cambridge Cyber Summit.
Organizations will not be able to do security basics well unless they embrace the process. At the Cambridge Cyber Summit, Mark van Zadelhoff, general manager of IBM Security, said he sees a “cultural shift to treat [security] like programs around safety—a Six Sigma approach to security hygiene.” He believes such an approach will better enable organizations to cope with the rising sophistication of hackers.
Know what hackers will value
“People don’t realize where value lies in their companies,” said Jeffrey Tricoli, section chief, Cyber Division, Federal Bureau of Investigation (FBI), at the InfoSecurity North America event. “Hackers’ valuations [of your assets] are better.”
For example, a company may have strong protections around customer data, but not around the communication channels with those customers. Those channels could become a means to access customer systems and assets. If you know what attackers are likely to go after, you know where to focus your security efforts.
Learn how the entire organization will respond to a breach
Most organizations have response plans should a breach occur, but not all of them go through the exercise of a fake attack. How will everyone—not just the security team—react when what van Zadelhoff calls the “boom event” occurs?
He recommends running simulations of a real attack where worst-case scenarios occur. That experience will not only help counter an actual breach when it occurs, but improve processes for communicating with customers and other affected stakeholders.
Practice good password hygiene
Password reuse means if one account is compromised, others where an individual used the same password are also at risk. “The best thing you can do is not to reuse passwords. As you hear about these breaches, what that means is you’ve been compromised at that company. But what [the attackers] often have is your account and the password you used. If you are reusing it at other sites, they can access you at those other sites,” said Joyce
Another poor practice is using keyboard patterns as passwords. While this approach makes passwords easier to use, hackers keep lists of them in their password databases. That means they can be as easy to crack as using “password” as your password.
Go to two-factor authentication (2FA)
The consensus among all the speakers was that the traditional username/password authentication is no longer an effective deterrent. They urged businesses to use 2FA if they aren’t already—for example, sending a code to the user’s cell phone. “Having a thing you possess and a thing you know is a really powerful tool of protection,” said Joyce. He added that 2FA is becoming the government’s best practice.
What’s holding back 2FA from being more widely used is consumer resistance. It adds another step to gain access, degrading user experience. “Two-factor authentication is the minimum standard,” said Gregoire. “It’s a pain, and that’s what happens with consumer applications. There are ways of protecting people. The problem is the customer experience is difficult, so we tend to shy away from [2FA].
Don’t use Social Security numbers as identifiers
The Equifax breach raised awareness of the vulnerability of everyone’s identity due to exposed Social Security numbers (SSNs). “I feel really strongly that the SSN as an identity or even worse as an access control is just a horrific idea,” said Joyce. “It evolved that way over time and it puts us all at risk.
“A SSN is an identifier that when you use [it], you’re actually putting yourself at greater risk because now people who steal that identity have access to your financial capabilities,” said Joyce. “Why should something you have to write down on a form and give to third parties transmit openly, allowed to be stored in filing cabinets and in records all over the country, even all over the globe — why should that be the thing that allows access to your financial records? We’ve got to move beyond it.”
Hold supply chain/value chain partners to a high security standard
Third-party providers of components and services are increasingly popular attack vectors. Many of them are small companies with weaker defenses than their larger customers, but they often have direct access to customer systems. That’s a problem, because weaknesses in the supply chain are often off security teams’ radar.
As CSO of the global value chain at Cisco, Edna Conway has to understand the threat landscape across Cisco’s value chain. That starts with knowing who all the players are. “If you don’t know who is in your value chain, you have gaps,” she said at the InfoSecurity North America event.
Knowing all the players makes it easier to identify where the biggest risks are and, in the event of a supply chain breach, which supplier was the source. “Provenance [of components] is difficult with digital, virtual products,” said Conway. An ASIC provider, for example, might source from someone else’s foundry. “The map can get daunting,” she said.
Conway also recommends that companies perform an end-to-end assessment of third-party security capabilities. You will need to balance tolerance levels for risk with the value of the relationship. For example, if there are few or no alternatives for a given supplier, you may be forced to accept a higher level of risk.
Prepare for more ransomware attacks
Ransomware attacks will increase in number, sophistication, and cost to business because they are highly profitable for attackers. Cybercriminals now act more like a business. Experts agree that ultimately the best deterrence for cybercrime is to make it more expensive. “We’ve got to understand as a nation how we are going to change the cost-benefit for cyber malfeasance,” said Joyce.
Organizations can take steps to increase the cost of doing business for ransomware attackers. Ransomware is becoming one of the biggest revenue generators for cybercriminals because too many victims pay. Government guidance has been to not pay the ransom, as many who do never get their data back. However, Joyce admitted that ultimately it’s a “personal decision you’ve got to make based on the situation.”
Employee training is also key. It’s true that employees sometimes click on links they shouldn’t even though they received training, but all speakers on this topic agreed that ransomware education makes a difference and should be ongoing.
While antivirus software is notoriously bad at detecting most ransomware attacks, new tools for detection and prevention are becoming available. At InfoSecurity North America, Cybereason CISO Israel Barak invited attendees to download its free Ransomfree tool.
Ransomfree works by focusing on the one thing all ransomware has in common: It encrypts files. The tool looks for abnormal file encryption processes and claims a 99 percent protection rate, and it works with fileless attacks. Why is it free? Cybereason requires anyone using Ransomfree to allow their systems to send any detected ransomware code to Cybereason’s servers. In other words, Ransomfree users become data collectors for Cybereason’s research efforts.
Automate where you can
Cyber adversaries are using highly automated tactics, leveraging the low cost of computing power and availability of sophisticated tools, according to Mark McLaughlin, Palo Alto Networks CEO, at the Cambridge Cyber Summit. Organizations have plenty of technology in place, he added, but not enough people to use the tools.
o compete with the bad actors, McLaughlin urged companies to, “Get automated. Drive for a highly automated, orchestrated solution with leverage.”
That’s easier said than done. McLaughlin estimated that the average company has 64 security solutions in place from multiple vendors. He expects more solutions and vendors to appear in the next few years. However, he also foresees platforms to emerge that will help manage them all and enable more automation.
The post How to survive the worsening cyber threat landscape appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
It seems like everyone is offering cloud services of every flavor these days, with new players joining the market every day. Over the past 10 years, we’ve seen cloud-based storage, email migration; remote monitoring, online productivity, and cloud security take center stage. Managed Service Providers (MSPs) are trusted with securing organizations’ networks. However, many do not fully understand their own customers’ priorities when it comes to security. As the IT industry continues to evolve, more security threats are emerging each day and we are seeing our private and personal data at risk of data breaches. Is the cloud secure? Companies that allow employees to use their network to visit social media websites are opening themselves up to cybersecurity risks. With more enterprises moving their business technology systems to the cloud—and moving away from on-premises—it only makes sense that security delivered as cloud services would follow suit. Yes, the on-premises security market is still growing, but we are seeing accelerating growth of cloud-based security services. According to Business Wire, the global Managed Security Services (MSS) market is estimated to grow from $14.32 billion in 2014 to $31.86 billion by 2019. Cloud-based security is indeed taking off. For most partners, it’s about […]
The post Every MSP should know about today’s Cyber-security landscape appeared first on National Cyber Security.
View full post on National Cyber Security
hacker proof, #hackerproof
The post Every MSP should know about today’s Cyber-security landscape appeared first on AmIHackerProof.com.
View full post on AmIHackerProof.com
Dr. Madan Oberoi is the Director of Cyber Innovation and Outreach Directorate at the INTERPOL Global Complex for Innovation in Singapore. In this interview he talks about the key developments that allow law enforcement to stay on top the fast-paced digital threat landscape, offers insight on the challenges involved in managing international cyber innovation and research within INTERPOL, and introduces INTERPOL World 2015. What are the challenges of managing international cyber innovation and research within INTERPOL? With rapid technological advancement and effortless access to cyberspace, the world faces a range of new crime threats that are increasingly complex and intertwined. In the last few decades, we have witnessed a growing integration and interconnectedness of systems that were previously divergent, resulting in a ‘system-of-systems’. Crimes in cyberspace are not contained by national boundaries or within countries, making them a truly global threat. For example, in the cybercrime arena, the offence may have been committed in one jurisdiction or country, but the victims may be in a different jurisdiction, and regulations may differ. It is therefore extremely important that all stakeholders such as governments, police organizations, academia and private industry work together to combat these crimes. To help address this need, we […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post INTERPOL and the fast-paced digital threat landscape appeared first on National Cyber Security.
View full post on National Cyber Security