[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing
For the past 18 months, Niddel has been collecting threat intelligence indicator data from multiple sources in order to make sense of the ecosystem and try to find a measure of efficiency or quality in these feeds. This initiative culminated in the creation of Combine and TIQ-test, two of the open source projects from MLSec Project. These projects have been improved upon for the last year and are able to gather and compare data from multiple Threat Intelligence sources on the Internet.
We take this analysis a step further and extract insights form more than 12 months of collected threat intel data to verify the overlap and uniqueness of those sources. If we are able to find enough overlap, there could be a strategy that could put together to acquire an optimal number of feeds, but as Niddel demonstrated on the 2015 Verizon DBIR, that is not the case.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b4440e760e&e=20056c7556
UK government to invest a further ÂŁ2bn to police cyberspace
The UK government is to inject ÂŁ2bn worth of funding toward of the increasing threat of cyberwarfare posed by regimes including China, Russia and North Korea following a review conducted by the Joint Forces Command (JFC).
An injection of funding will be released over the next five years, according to a report in the Sunday Times, with the recruitment of an estimated 300 experts from the UK’s underground hacking community. The newspaper cites military sources who recommended an annual budget of ÂŁ400m for cybersecurity â 10 times the current cost.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9ad40285c5&e=20056c7556
5 Ways to Create a Culture of Security
Installing a chief security officer in the C-suite is great. When everyone in the organization understands how certain behaviors can lead to compromised security, as well as whatâs being protected in the first place, a culture of compliance is created.
People Are the Foundation of Security
As a business leader, you can protect your organization by following five steps to foster a culture of compliance:
– Assess your organizationâs security
– Enable self-service
– Market internally
– Budget for security
– Define responsibilities
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=093a417e4c&e=20056c7556
Three quarters of businesses believe they couldnât stop a data breach
Only a quarter of U.K. businesses believe their organisation could detect a data breach at any time, a survey by software provider Informatica has shown.
The survey further shows that 33 per cent say their organisation is very good to excellent at detecting and containing breaches.
Fifty-six per cent of responding businesses say securing and protecting data is a high priority for them. In total, 59 per cent say that they worry about mistakes from a temporary worker or contractor, up from 53 per cent in 2014. Additionally, 52 per cent fear third party or outsourcersâ management of data.
An overwhelming majority (61 per cent) of businesses listed customer data as the information most at risk, followed by business intelligence (32 per cent) and the data contained within emails or attachments (29 per cent).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ee6465e65f&e=20056c7556
Crowdsourcing your security
Payroll services provider Automatic Data Processing (ADP) has been participating in shared intelligence programs for cyber defense for more than four years. This includes informal sharing of data directly with other organizations and more formalized commercial and collective data sharing, for areas such as cyber defense, fraud defense and public safety, says Roland Cloutier, CSO.
âWe have dedicated full-time staff that manage our technology infrastructure that automates feed-based programs and utilizes context management technologies for automation of data infusion into our security intelligence data warehouse,â Cloutier says.
ADP continuously updates its providers and partnerships to adjust to different threats and operational needs.
ADP has also leveraged global and regional reporting systems and most recently has begun integrating reporting capabilities with businesses workflow platforms, allowing its employees to report security issues while inside the main applications they use every day, Cloutier says. This way, they donât need to go to a portal, send an email, or even make a call.
Led by the healthcare industry, NH-ISAC is recognized by such entities as the U.S. Department of Health and Human Services, Health Sector-Coordinating Council, U.S. Department of Homeland Security, National Institute of Standards & Technology, as well as law enforcement agencies.
A broad approach to security has become vital at content delivery network services provider Akamai Technologies.
âWe find that crowdsourcing is remarkably effective,â says Andy Ellis, CSO. âWe started at the grassroots level around social engineering. We used to find that weâd get occasional reports to the security team around attempted social engineering.â
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0dc1c8d86c&e=20056c7556
Microsoft issues emergency patch for all versions of Windows
Microsoft has released an emergency out-of-band patch for a “critical”-rated security vulnerability, affecting all supported versions of Windows.
The zero-day flaw (classified as CVE-2015-2502) works by exploiting a flaw in how Internet Explorer handles objects in memory. If successfully exploited, an attacker could “gain the same user rights as the current user,” the advisory said. Those running administrator accounts are particularly at risk, it said.
Microsoft’s new Edge browser, which lands in Windows 10, is not affected by the vulnerability. The patch is available over Windows Update or through Microsoft’s website.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9cdcef768f&e=20056c7556
Five points of failure in recovering from an attack
An over emphasis on defense is leaving the financial sector exposed to cyber attack. An increase in threat levels has seen the sector bolster defenses by focusing on detection and attack response but recovery remains a fragmented process with little investment in cyber resilience.
Cyber resilience uses threat intelligence and existing internal resource to enable the organization to cope with the inevitable: a successful attack. Auriga has identified five key points of failure that are preventing organizations from implementing an effective Cyber Resilience strategy.
Aurigaâs warning echoes those expressed by The Bank of England in the recent Financial Stability Report (FSR) issued 1 July 2015 which identified the need for financial organizations to adopt a state of readiness to facilitate rapid recovery. The Financial Policy Committee has revised its recommendations in line with the FSR calling for regulators to conduct âa regular assessment of the resilience to cyber attacks of firms at the core of the financial systemâ with a report on the outcome of these assessments due to be published in summer 2016.
1. Restricting information. Information has to be defused if it is to be effective therefore processes need to be in place to ensure information flows via threat handling agents and out into the arteries of the business.
2. Static roles. Allocate roles and responsibilities but also detail how these may change in different scenarios.
3. Outsourcing because of ignorance. Supplementing inhouse knowledge by importing expertise is advisable but be wary of who you approach and be clear on your objectives.
4. Shopping for scenarios â Avoid off-the-shelf scenario planning or âplaybooksâ.
5. Untested incident response â Most organisations will have an Incident Response (IR) plan but surprisingly few are put to the test.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1a1214c093&e=20056c7556
A serious take on silly-sounding cybersecurity terms
.. Cyber hygiene simply means performing basic tasks to protect digital assets.
…cyber palette is the idea of implementing security in a multilayered way.
Cyber strong is not the latest rubber-wristband motto. It describes an organization that has taken steps to understand its cyber risk (possible harm) and to protect its networks and software systems using the cyber palette methodology.
… cyber (attack) vector and cyber (threat) intelligence donât sound silly. In fact, they sound sophisticated. Hereâs the silly part, though: They arenât sophisticated at all. A cyber vector is simply some type of vehicle/pathway/tool used to perpetrate a cybercrime or cyberattack. A threat actor would use a cyber vector to attack his target.
The cyber threat landscape is evolving, which is one of the reasons you are hearing more about cybersecurity. Since awareness is the first step toward understanding something new, itâs important that we understand the terminology thatâs being used, and see that these silly-sounding names are attached to some very serious concepts.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=83dac9f06a&e=20056c7556
Cyber Security Incident Response Conference (CSIRC)
Finally, an executive think-tank conference that recognizes a PROACTIVE VS. REACTIVE approach to cyber incidents, and provides first hand accounts of Stakeholders breaking down silos within their organizations to ensure penetration testing and vulnerability assessments are carried out.
November 16 – November 18
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5a71b0fa5b&e=20056c7556
Three elements that every advanced security operations center needs
Here are three things that are needed for a SOC to earn its “advanced” title.
Increased visibility and modularity, in addition to the full view of data, an advanced SOC should have the capability to expand with the business at a moment’s notice. A modular approach to an advanced SOC should be mandatory, allowing the business to roll out new infrastructure and immediately take advantage of out-of-the-box rules/configurations.
Increased correlation and analysis, the advanced SOC pulls in information from multiple sources, whether that be endpoints, gateways, or any networked devices, and determines what is the most important information.
Incident workflow and prioritisation, while the traditional SOC might provide basic logging to reveal basic metadata, an advanced SOC must be able to present the analyst with full packet inspection, instantly provide them with the scope of the attack without the need to manually interrogate each device, and show what information may have been affected.
http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5e3a116830&e=20056c7556
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2f2b4d959a&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=012d3d0807)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)