[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing<\/p>\n
For the past 18 months, Niddel has been collecting threat intelligence indicator data from multiple sources in order to make sense of the ecosystem and try to find a measure of efficiency or quality in these feeds. This initiative culminated in the creation of Combine and TIQ-test, two of the open source projects from MLSec Project. These projects have been improved upon for the last year and are able to gather and compare data from multiple Threat Intelligence sources on the Internet.<\/p>\n
We take this analysis a step further and extract insights form more than 12 months of collected threat intel data to verify the overlap and uniqueness of those sources. If we are able to find enough overlap, there could be a strategy that could put together to acquire an optimal number of feeds, but as Niddel demonstrated on the 2015 Verizon DBIR, that is not the case.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b4440e760e&e=20056c7556<\/p>\n
UK government to invest a further \u00a32bn to police cyberspace<\/p>\n
The UK government is to inject \u00a32bn worth of funding toward of the increasing threat of cyberwarfare posed by regimes including China, Russia and North Korea following a review conducted by the Joint Forces Command (JFC).<\/p>\n
An injection of funding will be released over the next five years, according to a report in the Sunday Times, with the recruitment of an estimated 300 experts from the UK’s underground hacking community. The newspaper cites military sources who recommended an annual budget of \u00a3400m for cybersecurity \u2013 10 times the current cost.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9ad40285c5&e=20056c7556<\/p>\n
5 Ways to Create a Culture of Security<\/p>\n
Installing a chief security officer in the C-suite is great. When everyone in the organization understands how certain behaviors can lead to compromised security, as well as what\u2019s being protected in the first place, a culture of compliance is created.<\/p>\n
People Are the Foundation of Security<\/p>\n
As a business leader, you can protect your organization by following five steps to foster a culture of compliance:<\/p>\n
– Assess your organization\u2019s security<\/p>\n
– Enable self-service<\/p>\n
– Market internally<\/p>\n
– Budget for security<\/p>\n
– Define responsibilities<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=093a417e4c&e=20056c7556<\/p>\n
Three quarters of businesses believe they couldn\u2019t stop a data breach<\/p>\n
Only a quarter of U.K. businesses believe their organisation could detect a data breach at any time, a survey by software provider Informatica has shown.<\/p>\n
The survey further shows that 33 per cent say their organisation is very good to excellent at detecting and containing breaches.<\/p>\n
Fifty-six per cent of responding businesses say securing and protecting data is a high priority for them. In total, 59 per cent say that they worry about mistakes from a temporary worker or contractor, up from 53 per cent in 2014. Additionally, 52 per cent fear third party or outsourcers\u2019 management of data.<\/p>\n
An overwhelming majority (61 per cent) of businesses listed customer data as the information most at risk, followed by business intelligence (32 per cent) and the data contained within emails or attachments (29 per cent).<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ee6465e65f&e=20056c7556<\/p>\n
Crowdsourcing your security<\/p>\n
Payroll services provider Automatic Data Processing (ADP) has been participating in shared intelligence programs for cyber defense for more than four years. This includes informal sharing of data directly with other organizations and more formalized commercial and collective data sharing, for areas such as cyber defense, fraud defense and public safety, says Roland Cloutier, CSO.<\/p>\n
\u201cWe have dedicated full-time staff that manage our technology infrastructure that automates feed-based programs and utilizes context management technologies for automation of data infusion into our security intelligence data warehouse,\u201d Cloutier says.<\/p>\n
ADP continuously updates its providers and partnerships to adjust to different threats and operational needs.<\/p>\n
ADP has also leveraged global and regional reporting systems and most recently has begun integrating reporting capabilities with businesses workflow platforms, allowing its employees to report security issues while inside the main applications they use every day, Cloutier says. This way, they don\u2019t need to go to a portal, send an email, or even make a call.<\/p>\n
Led by the healthcare industry, NH-ISAC is recognized by such entities as the U.S. Department of Health and Human Services, Health Sector-Coordinating Council, U.S. Department of Homeland Security, National Institute of Standards & Technology, as well as law enforcement agencies.<\/p>\n
A broad approach to security has become vital at content delivery network services provider Akamai Technologies.<\/p>\n
\u201cWe find that crowdsourcing is remarkably effective,\u201d says Andy Ellis, CSO. \u201cWe started at the grassroots level around social engineering. We used to find that we\u2019d get occasional reports to the security team around attempted social engineering.\u201d<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0dc1c8d86c&e=20056c7556<\/p>\n
Microsoft issues emergency patch for all versions of Windows<\/p>\n
Microsoft has released an emergency out-of-band patch for a “critical”-rated security vulnerability, affecting all supported versions of Windows.<\/p>\n
The zero-day flaw (classified as CVE-2015-2502) works by exploiting a flaw in how Internet Explorer handles objects in memory. If successfully exploited, an attacker could “gain the same user rights as the current user,” the advisory said. Those running administrator accounts are particularly at risk, it said.<\/p>\n
Microsoft’s new Edge browser, which lands in Windows 10, is not affected by the vulnerability. The patch is available over Windows Update or through Microsoft’s website.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9cdcef768f&e=20056c7556<\/p>\n
Five points of failure in recovering from an attack<\/p>\n
An over emphasis on defense is leaving the financial sector exposed to cyber attack. An increase in threat levels has seen the sector bolster defenses by focusing on detection and attack response but recovery remains a fragmented process with little investment in cyber resilience.<\/p>\n
Cyber resilience uses threat intelligence and existing internal resource to enable the organization to cope with the inevitable: a successful attack. Auriga has identified five key points of failure that are preventing organizations from implementing an effective Cyber Resilience strategy.<\/p>\n
Auriga\u2019s warning echoes those expressed by The Bank of England in the recent Financial Stability Report (FSR) issued 1 July 2015 which identified the need for financial organizations to adopt a state of readiness to facilitate rapid recovery. The Financial Policy Committee has revised its recommendations in line with the FSR calling for regulators to conduct \u201ca regular assessment of the resilience to cyber attacks of firms at the core of the financial system\u201d with a report on the outcome of these assessments due to be published in summer 2016.<\/p>\n
1. Restricting information. Information has to be defused if it is to be effective therefore processes need to be in place to ensure information flows via threat handling agents and out into the arteries of the business.<\/p>\n
2. Static roles. Allocate roles and responsibilities but also detail how these may change in different scenarios.<\/p>\n
3. Outsourcing because of ignorance. Supplementing inhouse knowledge by importing expertise is advisable but be wary of who you approach and be clear on your objectives.<\/p>\n
4. Shopping for scenarios \u2013 Avoid off-the-shelf scenario planning or \u2018playbooks\u2019.<\/p>\n
5. Untested incident response \u2013 Most organisations will have an Incident Response (IR) plan but surprisingly few are put to the test.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1a1214c093&e=20056c7556<\/p>\n
A serious take on silly-sounding cybersecurity terms<\/p>\n
.. Cyber hygiene simply means performing basic tasks to protect digital assets.<\/p>\n
…cyber palette is the idea of implementing security in a multilayered way.<\/p>\n
Cyber strong is not the latest rubber-wristband motto. It describes an organization that has taken steps to understand its cyber risk (possible harm) and to protect its networks and software systems using the cyber palette methodology.<\/p>\n
… cyber (attack) vector and cyber (threat) intelligence don\u2019t sound silly. In fact, they sound sophisticated. Here\u2019s the silly part, though: They aren\u2019t sophisticated at all. A cyber vector is simply some type of vehicle\/pathway\/tool used to perpetrate a cybercrime or cyberattack. A threat actor would use a cyber vector to attack his target.<\/p>\n
The cyber threat landscape is evolving, which is one of the reasons you are hearing more about cybersecurity. Since awareness is the first step toward understanding something new, it\u2019s important that we understand the terminology that\u2019s being used, and see that these silly-sounding names are attached to some very serious concepts.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=83dac9f06a&e=20056c7556<\/p>\n
Cyber Security Incident Response Conference (CSIRC)<\/p>\n
Finally, an executive think-tank conference that recognizes a PROACTIVE VS. REACTIVE approach to cyber incidents, and provides first hand accounts of Stakeholders breaking down silos within their organizations to ensure penetration testing and vulnerability assessments are carried out.<\/p>\n
November 16 – November 18<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5a71b0fa5b&e=20056c7556<\/p>\n
Three elements that every advanced security operations center needs<\/p>\n
Here are three things that are needed for a SOC to earn its “advanced” title.<\/p>\n
Increased visibility and modularity, in addition to the full view of data, an advanced SOC should have the capability to expand with the business at a moment’s notice. A modular approach to an advanced SOC should be mandatory, allowing the business to roll out new infrastructure and immediately take advantage of out-of-the-box rules\/configurations.<\/p>\n
Increased correlation and analysis, the advanced SOC pulls in information from multiple sources, whether that be endpoints, gateways, or any networked devices, and determines what is the most important information.<\/p>\n
Incident workflow and prioritisation, while the traditional SOC might provide basic logging to reveal basic metadata, an advanced SOC must be able to present the analyst with full packet inspection, instantly provide them with the scope of the attack without the need to manually interrogate each device, and show what information may have been affected.<\/p>\n
http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5e3a116830&e=20056c7556<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2f2b4d959a&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=012d3d0807)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing For the past 18 months, Niddel has been collecting threat intelligence indicator data from multiple sources in order to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1134","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1134"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1134\/revisions"}],"predecessor-version":[{"id":3621,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1134\/revisions\/3621"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}