[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Demystifying Threat Intelligence
For Forrester, threat intelligence is not a single product or service, but a framework constructed around high-quality information sources and skilled analysts.
In Five Steps to Build an Effective Threat Intelligence Capability, Forrester shows that five distinct focuses need to be combined to harness it effectively: laying the foundation; establishing buy-in; staffing the team; establishing sources; deriving intel.
Gartner defines threat intelligence as, “evidence-based knowledge… about an existing or emerging… hazard to assets that can be used to inform decisions regarding the subject’s response to that… hazard.” At first glance, this could be a definition for a single black-box product, but it’s likely that it would actually need to exist inside a framework in order to contextualize the knowledge that originates from third parties.
In all these definitions, there is one constant: threat intelligence cannot simply be deployed in a way that adds value as a black box system.
There is an explosion of threat intelligence products on the market today, but they can all broadly be split into three groups – feed-, research- and platform-driven products.
While feed and research-driven products have the potential to add value, such as offering an outsourced information gathering or analyst function, they lack the ability to contextualize knowledge with local information.
This dramatically limits their ability to deliver actionable intelligence to organizations.
An alternative would be for a consumer to have direct access to a threat intelligence provider’s backend storage and transform functions so that they could pull out intelligence based on their localized knowledge.
Unfortunately that’s unlikely to be possible when these products deliver generic information to numerous end users rather than harvesting local knowledge about individual environments.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f4c95faf2c&e=20056c7556
Malware Trends and Tactics: 3 Things Companies Need To Do
Malcovery produced 540 reports during the second quarter related to email-based malware and phishing attacks.
In each case, Malcovery’s analyst team dissected the campaign to uncover how it was designed to penetrate your network perimeter.
There are 3 things that companies need to do based on this analysis.
Automate consumption of threat intelligence.
Beware of Microsoft Office attachments.
Review how your team is using third party file sharing services.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dc06c1be8b&e=20056c7556
The FBI published an alert on the significant increase of the Business Email Scams (BEC), the number of victims is growing such as the financial losses.
… the FBI warned the world that Business Email Scams (BEC) victims are growing, making companies losing money.
The law enforcement highlights that frauds use to start with crooks spoofing communications from high management and executives and deceive them to authorize international wire transfers.
Normally all starts with a phishing email specifically crafted to a company executive, or employees of the targeted company.
The emails look like as a legitimate message sent from a look-alike domain, let’s say that an original company is called Timetolife.com, the crook will send an email to the victim from Timetoolife.com.
Since it is a crafted email, the crooks pay attention to the details so this type of emails will not set off spam traps, because it’s a targeted email.
Crooks compose the emails by using the information on the target company available on open sources on the Internet (i.e. social media, press releases, and news).
The list of successfully Business Email Scams is very long.
Advises to prevent Business Email Scams
Implement two-step authentication to emails
When possible call to the person who sent the email, to verify what is asking
Inform employees not to publish/share job-related activities on social media and forums
Educate your employee, have a security awareness program
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4d41230ee9&e=20056c7556
The seven deadly sins of incident response
The seemingly endless barrage of attacks on government and enterprise networks has made it clear that organizations need to be much more proactive when it comes to security.
Deploying perimeter defences / defences like firewalls and antivirus, and expecting them to keep attackers off of your network, has become just plain foolish in the light of today’s increasingly complex threat landscape.
Security success is no longer just about keeping threats out of your network, but instead about how quickly you can respond and thwart an attack when it happens.
Despite this scenario, many organizations still haven’t gotten it quite right when it comes to incident response.
Here are ‘seven deadly sins’ that Lancope often sees companies committing when attempting to build an incident response function.
1. Not understanding your environment due to a lack of visibility.
2. Not having the right staff.
3. Lacking the appropriate budget.
4. Becoming a headless chicken when breaches occur.
5. Using generic processes not specific to your organization.
6. Improper threat modeling.
7. Not considering your environment and capabilities when tuning devices.
8. Bonus sin! – Not taking advantage of the fruits of an incident investigation.
According to the previously mentioned Ponemon Report, 65 percent of respondents said that threat feeds were one of the most effective tools for helping to detect breaches.
Yet 54 percent said they did not collect threat indicators from their own incidents for use in fighting future attacks.
Organizations need to realize that the information they glean during an incident investigation is far more valuable than a third-party threat feed in determining which types of attacks their network might experience in the future and being better equipped to handle them.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=18eac28815&e=20056c7556
Filling the ranks of Japan’s cyberwarriors in time for 2020 Olympics proves a major challenge
The government has set up new organizations tasked with boosting cybersecurity in the run-up to the 2020 Tokyo Olympic and Paralympic Games — but filling the slots of these cyberwarriors is proving to be an ongoing battle.
The government set up a working team on cybersecurity last October to prepare for the 2020 Games.
Based on the basic law on cybersecurity, which was enacted the following month, the government in January created a cybersecurity strategy team, headed by Chief Cabinet Secretary Yoshihide Suga, and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC).
The headquarters drafted a new strategy paper emphasizing measures for the period up to 2020.
The draft calls for the establishment of a Computer Security Incident Response Team (CSIRT) for the 2020 Olympics and Paralympics.
It would be staffed with dozens of experts from both the public and private sectors whose job would be to minimize damage from cyberattacks.
According to an estimate by the Information-Technology Promotion Agency, Japan, adequate cybersecurity response would require a total workforce of 350,000.
But there are just 265,000 information security engineers in the country, with 160,000 of them needing to be retrained, the agency said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a53df6b903&e=20056c7556
To Battle Cyber Attacks, CEOs Need To Act More Like The Military
A recent survey by Oxford University and the U.K.’s Centre for the Protection of the National Infrastructure found that concern for cyber security was significantly lower among managers inside the C-suite than among managers outside it. “Such shortsightedness at the top is a serious problem,” said David Upton, American Standard Companies Professor of Operations Management at Saïd Business School, University of Oxford.
‘The reality is that if CEOs don’t take cyber security threats seriously, their organisations won’t either … They must marshal their entire leadership team – technical and line management, and human resources – to make people, principles, and IT systems work together.”
Upton is one of the authors of a new study, published in the Harvard Business Review, that sets out to explain how organizations can be more effective in this area.
The other authors are James A.
Winnefeld Jr and Christopher Kirchhoff, respectively the ninth vice-chairman of the U.S.
Joint Chiefs of Staff and an admiral in the U.S.
Navy until his retirement this month, and a special assistant to the chairman of the Joint Chiefs of Staff.
In the HBR article, entitled “Cybersecurity’s Human Factor: Lessons from the Pentagon,” they add:
One key lesson of the military’s experience is that while technical upgrades are important, minimizing human error is even more crucial.
Mistakes by network administrators and users—failures to patch vulnerabilities in legacy systems, misconfigured settings, violations of standard procedures—open the door to the overwhelming majority of successful attacks.
They believe there are measures that leaders of any sort of organization can take to ensure such principles are part of employees’ everyday routines.
They are:
1. Take charge
2. Make everyone accountable.
3. Institute uniform standards and centrally-managed training and certification.
4. Couple formality with forceful back-up.
5. Check up on your defenses.
6. Eliminate fear of honesty and increase the consequences of dishonesty.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4a6602c0ca&e=20056c7556
Risks vs. Benefits of Security Investments
Being able to determine the ROI of security investments is a complex, albeit necessary, task when organizations make security investments.
Simply put, the goal is to demonstrate how the benefits of the organization’s security strategy outweigh the risk of not investing.
The primary issue CISOs need to address is how much of an investment is enough.
After all, even an infinite budget will not prevent every last breach or incident.
A prudent CISO will communicate the current risk posture including any policies, procedures and controls in place to help protect the organization from threats, whether internal or external.
The CISO ultimately needs to explain that risk exists regardless of investment, and then effectively outline the goal of reducing risk without impacting business operations.
Bottom line, the days of a moat around the castle no longer exist.
The challenge here is that most non-security executives feel safe and secure because they simply don’t know what they don’t know.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7497228dbc&e=20056c7556
Cisco Predicts ‘Second Wave’ Of Cloud Adoption
However, the research – which was commissioned by Cisco – also revealed that nearly three quarters of the 3,000-plus organisations surveyed don’t have a solid cloud strategy.
Cisco Systems Inc. sees a growing second wave of businesses adopting cloud-computing platforms, and it’s eager to help them optimize their cloud strategies.
In the study, IDC identifies five levels of cloud maturity: ad hoc, opportunistic, repeatable, managed and optimised.
They are also achieving $1.2m in cost reduction per cloud-based application.
The manufacturing industry was found to have the largest cloud adoption rate, with 33 percent of companies having a developed strategy, followed by IT (30 percent), finance (29 percent), and healthcare (28 percent).
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d91e0e52c5&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=d5422b77fe)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)