[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* 6 Scenarios That Increase Vendor Risk
* The Unstoppable Convergence of Physical Security and IT and What it Means for Your Role
* Mount St. Mary’s University plans to offer degrees in cybersecurity, forensic accounting
* Pakistan approves controversial Cyber Crime Bill
* Feds ask auto industry to help combat cyberattacks
* The best cyberdefence: Think like an attacker
* Optional Windows update aims to protect Microsoft wireless mice against hijacking
* How Airbus defends against 12 big cyber attacks each year
* Canada’s top 10 most ransomware-infected cities [Malware map]
* Singapore cloud outage guidelines can help businesses manage data breaches, says expert
* Common Education Sector security misconceptions
* Members of the Board and C-Suite Have New Tools to Help Reduce Cyber Security Risk
* Appeals Court Agrees Health Solutions Provider’s Insurance Requires Defense in Data Disclosure Class Action
* Slideshow 12 questions to assess your data breach response capability
* How to Plan and Execute Modern Security Incident Response – NEW
* POTUS taps Uber chief security officer to be a part of a cyber security commission
* Dominic Paluzzi named to Cybersecurity Docket’s Incident Response 30
* After 4 years, EU Parliament passes new data protection rules
* RAND Survey Shows Breaches Have Little Impact On Customer Loyalty
* U.S. government worse than all major industries on cyber security: report
* RSA survey: Not enough focus on cyber terrorism among U.S. organizations
* Cybersecurity Industry “Fighting the Wrong Battle for 20 Years”–New Research
* Software tools and services used to achieve ISO 27001
* Why ICS network attacks pose unique security challenges
* Threat hunting technique helps fend off cyber attacks
* Cybersecurity to help businesses deliver digital growth strategies: Cisco
* Insurance against cyber attacks ‘vital’ say businesses but only 41% covered for both security breaches and data loss
6 Scenarios That Increase Vendor Risk
1. “We don’t let our vendors know how important cybersecurity is to us.”
2. “We’ve hired a contractor to handle our sensitive data, but we haven’t asked them which specific employees have access to it.”
3. “We don’t build out contractual requirements for our vendors to meet with respect to cybersecurity.”
4. “We don’t ask to review documentation and results of previous audits.”
5. “WE HIRED a third party without knowing how they manage their own third-party relationships.”
6. “We trust a snapshot in time instead of relying on continuous monitoring.”
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=163172f87c&e=20056c7556
The Unstoppable Convergence of Physical Security and IT and What it Means for Your Role
The modern design of IP networks mean that they can encompass telephony and business critical systems, alongside CCTV and other security systems enabling physical access to the building.
Ellie Hurst, marketing manager at Advent IM, says that while our physical and cyber threats have converged, physical systems may not have the oversight of IT security regiment for patching and antimalware. “Systems are often networked and once you leave a geographical location and enter cyberspace, everything changes,” she says.
Another issue is around a potential skill gap, and not where you think it would be, according to Martin Grigg, senior security consultant at PTS Consulting and Lecturer in Integrated Systems for high-security facilities.
He said that the convergence of information and security technology has not created a skills gap but the merging of management roles may do exactly that.
The necessary skills to successfully deliver each role are usually held by people with different backgrounds.
Hurst says that it is important to note that umbrella oversight is needed from a risk perspective, to reduce the chance of converged risks remaining lost in silos – “so the oversight of a chief risk officer or senior information risk owner ensuring board ownership”.
Gillispie adds that oversight should be at board level and Risk assessments would be done on all systems to ensure any risk is mitigated and that it is within organisational risk tolerances and appetite.
Perhaps success best lies in making each team speak the language of the other to broaden understnadin of the issues at hand.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6d5792cb33&e=20056c7556
Mount St. Mary’s University plans to offer degrees in cybersecurity, forensic accounting
Both programs have been in the works for at least a year now, Mount faculty members said.
They’re a component of the new strategic plan moving forward at the Mount, “Mount 2.0,” which involves revamping the school’s core curriculum and expanding course offerings.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b647525a86&e=20056c7556
Pakistan approves controversial Cyber Crime Bill
The bill approved on Wednesday, must also be approved by Senate before it can be signed into law, Dawn online reported.
The draconian bill – which has been criticised by the information technology (IT) industry as well as civil society for curbing human rights – was submitted to the NA for voting in January 2015 by the IT ministry.
According to critics, the proposed bill criminalises activities such as sending text messages without the receiver’s consent or criticising government actions on social media with fines and long-term imprisonment.
Industry representatives have argued that the bill would harm business as well.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f22da19acd&e=20056c7556
Feds ask auto industry to help combat cyberattacks
The U.S.
Department of Justice’s top national security attorney Tuesday called on the private sector to work with the federal government and law enforcement agencies to fight cyber attacks.
“Sharing information and intelligence between law enforcement is not enough,” said John Carlin, assistant U.S. attorney general for national security. “With the ingenuity and development taking place in your hands … the infrastructure of the internet in your hands, to combat threats against it, we’re going to have to work together.
“I think we forget when we design a system how vulnerabilities can be exploited,” said the senior in mechanical engineering at the University of New Mexico. “We forget to look at how people could use the technology for ulterior motives.
It was interesting to hear it from someone who deals with it.”
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=19dca98993&e=20056c7556
The best cyberdefence: Think like an attacker
It’s a game of cat and mouse; in the ongoing battle between cyber criminals and cybersecurity professionals, it can sometimes be difficult to know what tactics attackers will employ next.
But in fact cybersecurity professionals don’t always have to be playing catch-up, especially if they can get into the mindset of their opposition.
This skill is making staff with experience working in IT security for the military particularly attractive to businesses.
Another trait which separates military security types from your average cybersecurity pros is the ability to go on the offensive — because it makes them more effective defenders.
“As an attacker, you’ve really got to look at the whole environment; you’ve really got to be creative,” he continues, “You’re just so much more aware of what’s possible, rather than being on the defensive side the whole time and being reliant on how things currently work.”
However, there are only a limited number of cybersecurity professionals who have worked in government information warfare — and even fewer who have carried out offensive attacks — so the pool of potential employees with this experience is limited.
But this can be overcome, Johnson suggests, by engaging in cyberwar games within an organisation, and taking turns to attack and defend.
“I’ll put our White Hat people up against Black Hats any day.
I’m not fearful that the Black Hats are any better than us; they may catch us unprepared, or at a bad moment in time — I don’t trivialise them — but I don’t feel in any way, shape, or form that they’re any better than the White Hat hackers.
So I’d never stoop to hiring them,” Kelly says.
Johnson, however, takes a different view: “I’ve seen people with that kind of background grow up and still have that curiosity, that innovation mindset where they don’t just approach the problem in one way, they’re thinking in new ways.
That’s hacking, trying to get systems to do things they weren’t designed to do, so if you start applying that to companies, that mindset is really valuable,” he says.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3cfb16a373&e=20056c7556
Optional Windows update aims to protect Microsoft wireless mice against hijacking
MouseJack exploits several vulnerabilities in the communications protocols between the USB dongles plugged into computers and the wireless mice and keyboards that are paired with them.
These flaws allow attackers to spoof a wireless mouse from up to 100 meters away and send rogue keystrokes instead of clicks to a computer.
The new KB3152550 update blocks this type of attack through a driver that filters input from affected Microsoft wireless mice to make sure that there are no QWERTY key frames that normally indicate keyboard traffic.
The update is available for Windows 7, 8.1 and 10, but not Windows Server.
It only protects standalone wireless mice and not those that are bundled together with a keyboard as part of Microsoft’s desktop set products.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4a28370152&e=20056c7556
How Airbus defends against 12 big cyber attacks each year
Civil aircraft manufacturer Airbus Group is hit by up to 12 major systems attacks each year, its chief information security officer has revealed, mostly through ransomware and state-sponsored hackers.
Stephane Lenco told the Australian Cyber Security Centre conference that defence was particularly difficult against state-sponsored attackers who “will try everything” to break in, and if successful, “will go after everything”.
As a response, Lenco took a strategy to his board outlining his plan to “deter, delay, delete and detect”.
Luckily, Lenco said, the infosec team still had the support of the executive for the four D’s approach, so the next step was about benchmarking.
What resulted was 47 streams containing around 350 individual projects.
The security team will also soon start red-teaming – adopting an attacker’s mindset to detect vulnerabilities in networks and systems – and blue-teaming (the defenders) to better catch and mitigate threats.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d8204133ae&e=20056c7556
Canada’s top 10 most ransomware-infected cities [Malware map]
Malware infections across Canada spiked almost 15 per cent in March and the country’s problem with ransomware was made evident when an Ottawa-based hospital was hit.
Overall malware was on the rise, increasing 14.7 per cent in March compared to February, according to tracking by EnigmaSoftware.com.
See our map below to see the new rates in individual cities.
Trois-Rivieres, Que. remains at the top of the list as we’re used to.
There wasn’t too much of a shake up in terms of city standings, except that we say Burnaby, B.C. enter the top 20 list by moving up from 27th spot to 15th.
We’ve updated our cybercrime map of Canada with a new layer of data, showing the police-reported cybercrime from 2013, the most recent data available from Statistics Canada.
The range of cybercrime reported by police services in Canada range from types of fraud to threats to crimes of a sexual nature.
In 2013, more than half of all cybercrime reported was described as a fraud violation, with 6,203 offenses out of a total of 11,124 offenses across all categories.
Also new to our map is a layer representing an IDC Canada survey conducted earlier this year.
It shows how much different regions in Canada are spending on IT security and how much they’d like to spend.
Which region do you think is spending the most on security.
Find out and read more analysis over on IT World Canada.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=02574f8da8&e=20056c7556
Singapore cloud outage guidelines can help businesses manage data breaches, says expert
Although the guidelines issued by the Infocomm Development Authority of Singapore (IDA) (58-page / 786KB PDF) state that they are “not meant to resolve issues due to cyber security, malicious act or breach of personal data protection laws”, they are built upon recognised Singapore and international standards for cloud security, SS 584: 2015.
The guidelines help explain how those standards interface with the country’s Personal Data Protection Act (PDPA) in event an outage is coupled with a data breach.
Businesses subject to the PDPA are obliged to employ reasonable security arrangements to protect personal data in their possession or under their control from unauthorised access, collection, use, disclosure, copying, modification or disposal.
Penalties for non-compliance with can include fines of up to SIN$1 million ($740,000)
The COIR guidelines also incorporate a framework of self-disclosure by cloud providers to help inform cloud users about the reliability and resilience of the cloud services they offer, as well as the “accountability, change management procedures and incident management procedures” cloud providers have in place.
A dedicated self-disclosure form has been created for cloud providers to fill out and post on their websites.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=33f2a167c0&e=20056c7556
Common Education Sector security misconceptions
2016 hasn’t begun in a very positive way for education institutions.
January 2016 saw data on 80,000 students, faculty, and staff at UC Berkeley compromised in the University’s third data breach disclosure of the past 15 months.
This was followed by a breach of 63,000 names and social security numbers of current and former students and staff at the University of Central Florida in early February 2016 obtained when hackers attacked the school’s computer system.
Misconception 1: I can have an open IT environment, or secure IT environment, but not both open and secure
Misconception 2: Breach protection and detection policies are enough to keep the hackers at bay
Misconception 3: I know which users and applications can be trusted
It’s clear that something needs to change.
The education sector recognises that an issue exists; yet many are still not putting the proper measures in place.
It has never been clearer that now is the time to act, and by thinking of security in a different way and overcoming the common misconceptions outlined above, education institutions can quickly begin the journey from security chaos to security harmony.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ff2ad7ab30&e=20056c7556
Members of the Board and C-Suite Have New Tools to Help Reduce Cyber Security Risk
HERNDON, Va.–(BUSINESS WIRE)–Learning Tree International (OTCQX: LTRE), a leading provider of IT and management training to business and government organizations worldwide, has launched a new course that covers cyber security from the perspective of senior executives and members of the board.
This course prepares members of the board and the C-Suite to understand, assess, and take a proactive posture in security through:
Effectively positioning their organizations to address cyber security threats
Supporting cyber security planning with management frameworks
The use of governance policy and cyber insurance to minimize risk
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e29c75cdf9&e=20056c7556
Appeals Court Agrees Health Solutions Provider’s Insurance Requires Defense in Data Disclosure Class Action
Availability of insurance is often among the first questions that arises when a company encounters a data breach or other Internet-related problem involving company records, even where the company lacks a cyberinsurance policy.
The federal Fourth Circuit Court of Appeals recently affirmed a ruling by a District Court that required insurance coverage for an inadvertent disclosure of private healthcare information under the policy’s provisions regarding the publication of material that may give “unreasonable publicity” to, or disclose information about, a person’s private life.
Travelers Indem. Co. v. Portal Healthcare Solutions, LLC, Case No. 14-1944 (4th Cir. April 11, 2016) (unpublished).
Two patients of Portal Healthcare who found their medical information through a Google search filed a class action suit against the hospital for allegedly having inadvertently made hospital medical records available and unprotected on the Internet.
Portal then sought coverage against its insurer, Travelers Indemnity Company.
Travelers, in turn, sought a declaratory judgment that it was not obliged to defend Portal under the traditional policies that Portal had purchased.
The trial court found coverage under policy language covering an injury arising from the “electronic publication of material” that discloses information about a person’s private life.
See Travelers Indem. Co. v. Portal Healthcare Solutions, LLC, 35 F. Supp. 3d 765 (E.D. Va. 2014).
This type of traditional invasion of privacy claim has historically been covered by this type of policy.
According to the trial court, the private medical information was “published” because it was available to everyone on the Internet—even though it was unclear whether anyone besides the two plaintiffs had ever accessed it—and because the information clearly related to the patient’s private life.
The appellate court agreed with the trial court’s reasoning and affirmed the finding that Travelers had a duty to defend Portal in the suit.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d7d61691e8&e=20056c7556
Slideshow 12 questions to assess your data breach response capability
A new Data Breach Response Guide from Experian walks through myriad processes for putting together an enterprisewide plan to prepare for and respond to a breach, and then put the plan into motion when an incident occurs.
The guide covers communicating with the C-Suite, creating a plan, practicing the plan, responding to a breach, auditing the plan, and a quiz with core questions to assess preparedness. “If you answer ‘no’ more than once or twice, you and your team should immediately address the gaps,” according to Experian, which offers breach recovery services.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f4b8c241fe&e=20056c7556
How to Plan and Execute Modern Security Incident Response – NEW
I had the opportunity to work with Anton on updating one of his best documents, “How to Plan and Execute Modern Security Incident Response”, which was published today on Gartner.com (GTP Access required).
The document is a nice assessment of what organizations should be doing in terms of incident response today.
It covers some of the basics, but also the changes we’ve been seeing in those practices in the past couple of years, especially the move to continuous IR.
As we say there,
“The traditional route of detecting incidents using security monitoring technologies is not the whole answer to today’s threat landscape, which is laden with skilled and persistent threat actors.
Leading organizations don’t just develop excellent security monitoring capabilities that operate in near-real time (such as mature SOC capabilities based on SIEM tools).
They also seek to explore the data they collect in order to discover — rather than detect in real time — incidents that their own detection controls missed.”
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=68e78359b7&e=20056c7556
POTUS taps Uber chief security officer to be a part of a cyber security commission
In looking to leverage that wealth of knowledge of and experience with cyber security attacks, President Barack Obama appointed a number of former and current tech executives to a 12-person Commission on Enhancing National Security.
Among those pulled from the tech world, including former IBM CEO Sam Palmisano, is Uber’s Chief Security Officer Joe Sullivan.
Sullivan, who joined Uber in 2015, handled security at Facebook prior to that for five years and at eBay before that.
Here are the rest of the appointed members:
Tom Donilon, former Assistant to the President and National Security Advisor (Chair)
Sam Palmisano, former CEO of IBM (Vice Chair)
General Keith Alexander, CEO of IronNet Cybersecurity, former Director of the National Security Agency and former Commander of U.S.
Cyber Command
Annie Antón, Professor and Chair of the School of Interactive Computing at Georgia Tech.
Ajay Banga, President and CEO of MasterCard
Steven Chabinsky, General Counsel and Chief Risk Officer of CrowdStrike
Patrick Gallagher, Chancellor of the University of Pittsburgh and former Director of the National Institute of Standards and Technology
Peter Lee, Corporate Vice President, Microsoft Research
Herbert Lin, Senior Research Scholar for Cyber Policy and Security at the Stanford Center for International Security and Cooperation and Research Fellow at the Hoover Institution
Heather Murren, former member of the Financial Crisis Inquiry Commission and co-founder of the Nevada Cancer Institute
Joe Sullivan, Chief Security Officer of Uber and former Chief Security Officer of Facebook
Maggie Wilderotter, Executive Chairman of Frontier Communications
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=990eeda051&e=20056c7556
Dominic Paluzzi named to Cybersecurity Docket’s Incident Response 30
CLEVELAND, April 14, 2016 /PRNewswire/ — Dominic Paluzzi, member at McDonald Hopkins, has been named to Cybersecurity Docket’s inaugural Incident Response 30, a list of the “best and brightest” data breach response attorneys and compliance professionals in the industry “who not only have the right stuff to manage a data breach response, but are also the kind of professionals critical to have on speed-dial when the inevitable data breach occurs.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=797550a419&e=20056c7556
After 4 years, EU Parliament passes new data protection rules
It’s been almost four years since proceedings began to agree new data protection rules within the EU, but the European Parliament has now passed new rules to help develop the digital single market.
According to the announcement made by the European Parliament, these new data protection rules will replace the older data protection legislation that has for years now been considered unfit for purpose.
72 hours to report a data breach
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0c542abb61&e=20056c7556
RAND Survey Shows Breaches Have Little Impact On Customer Loyalty
Only 11% of US adults who received a breach notification were likely to quit doing business with the hacked company, study finds.
New research from RAND Corp reveals that over 25% of American adults were notified in the past twelve months that their personal information had been breached.
And only 11% of them say they are unlikely to do business with the breached company again.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bbb307311c&e=20056c7556
U.S. government worse than all major industries on cyber security: report
U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.
The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1dde22cbc6&e=20056c7556
RSA survey: Not enough focus on cyber terrorism among U.S. organizations
According to the survey of over 200 security executives attending RSA, 92 percent think most U.S. organizations need more security against cyber terrorism or are behind the curve when it comes to protecting against such attacks.
Thycotic said 89 percent said businesses and the military must make developing capabilities to fight against cyber terrorism more of a priority.
A blog posted by Thycotic also revealed that 80 percent of respondents said such an attack could occur within the next 24 months.
The survey also showed that half of respondents think private companies in the U.S. are more at risk than government organizations, while 42 percent said the government is more vulnerable than private companies.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b928ba4dff&e=20056c7556
Cybersecurity Industry “Fighting the Wrong Battle for 20 Years”–New Research
HERNDON, Va., April 12, 2016 /PRNewswire-USNewswire/ — Global technology company Nuix has published a provocative white paper by cybersecurity veteran Chris Pogue arguing that the technology industry has been “fighting the wrong battle with the wrong weapons” against cybercrime for the past two decades.
The paper contends that for technology to fight cybercrime and insider threats effectively, it must solve human vulnerabilities.
The white paper examines five cognitive biases—”bugs in our brain software”—that cause people to make poor decisions.
It examines how other industries have learned to deal with these biases by concentrating on changing human behavior, and applies these lessons to the fight against cybercrime.
The white paper includes a strategic battle plan and practical action plan for organizations to focus on using technology, people, and processes to address the people problems of cybersecurity.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ad03c76264&e=20056c7556
Software tools and services used to achieve ISO 27001
Many organizations are unsure of what’s available to help them implement and get certified in quick time, so CertiKit summarized the most common areas of the ISO 27001 standard where software tools and services come in handy.
How many of these software tools and services you decide to use depends on your budget, timescales and how secure you want to be.
The infographic below will help you to choose wisely in order to achieve ISO 27001.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=896206623f&e=20056c7556
Why ICS network attacks pose unique security challenges
Until recently, industrial networks were separated from the rest of the world by ‘Air Gaps’.
In theory, this technique sounds great – disconnecting the industrial network from the business network and the Internet makes it very difficult for attacks to reach it.
However, an ‘Air Gap’ is no longer a functional or operationally feasible solution in today’s connected world.
With trends like IIoT (Industrial Internet of Things), industrial networks can’t remain stand-alone environments.
For efficiency and competitive advantage reasons, they are being connected to corporate systems and cloud applications.
In the process, they are being exposed to cyber-threats.
Patching PLCs is difficult, can cause disruptions or downtime, and can lead to reliability issues and other operational problems.
It is also common to find unpatched Windows-based workstations still running legacy operating systems like Windows NT and XP in operational environments due to the same concerns regarding operational stability and reliability.
One of the biggest technical challenges faced when trying to secure ICS networks is that several different communication protocols are used by components in process automation systems.
For example, the data-layer and control-layer use separate communication protocols.
Meanwhile, control-layer operations that manage the entire life-cycle of industrial processes use a different set of protocols altogether.
To make matters worse, each OT vendor uses a proprietary implementation of the IEC-61131 standard for making changes to PLC logic, PLC code updates, firmware downloads and configuration changes.
Since these implementations are rarely documented, it is very difficult to monitor these critical activities.
The emergence of cyber-threats is forcing the industrial sector to take a long, hard look at how ICS networks, and specifically, industrial controllers, are protected.
The current lack of visibility and security controls combined with the presence of unpatched vulnerabilities in OT networks is placing facilities at risk.
In order to prevent unintended changes by insiders and protect systems from external attacks, ICS-native monitoring and control technologies are required.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d41e964d1d&e=20056c7556
Threat hunting technique helps fend off cyber attacks
Cyber threat intelligence company DomainTools has released the results of a new survey conducted by the SANS Institute on the effectiveness of using threat hunting to aggressively track and eliminate cyber adversaries as early as possible.
According to the survey, adopters of this model reported positive results, with 74 percent citing reduced attack surfaces, 59 percent experiencing faster speed and accuracy of responses, and 52 percent finding previously undetected threats in their networks.
Though it’s a relatively new approach to the early identification of cyber threats, 85 percent of enterprises say they are currently involved with some level of threat hunting.
There are barriers to using the technique effectively though, 40 percent cite the need for a formal program and 52 percent a lack of skilled staff.
The top seven data sets that support threat hunting are IP addresses, network artifacts and patterns, DNS activity, host artifacts and patterns, file monitoring, user behavior and analytics, and software baseline monitoring.
The most common trigger for launching a hunt is an anomaly or anything that deviates from normal network behavior according to 86 percent of respondents.
However, the survey also reveals that only 23 percent of businesses have hunting processes that are invisible to attackers, meaning that the majority of organizations are at risk from exposing internal hunting procedures in a way that benefits the attacker.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=78e4586355&e=20056c7556
Cybersecurity to help businesses deliver digital growth strategies: Cisco
The Cybersecurity as a Growth Advantage report shows that 64 percent of executives recognise that cybersecurity is fundamental to their digital growth strategy, with nearly one third believing the primary purpose of cybersecurity is to be a growth enabler, while another 44 percent of executives believe cybersecurity is a competitive advantage.
China, India, and Canada were countries where growth enablement sentiment was strongest, with the report suggesting the views from these countries reflect the sharp rise in digital adoption.
According to John N Stewart, Cisco Chief Security and Trust Officer senior vice president, finance teams have solidified the beliefs executives have about cybersecurity, saying they also agree there are business benefits to be gained.
The research also revealed that inadequate cybersecurity can hinder a business’ growth.
Nearly 40 percent of respondents admitted they have halted their mission-