[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Demystifying Threat Intelligence
\nFor Forrester, threat intelligence is not a single product or service, but a framework constructed around high-quality information sources and skilled analysts.
\nIn Five Steps to Build an Effective Threat Intelligence Capability, Forrester shows that five distinct focuses need to be combined to harness it effectively: laying the foundation; establishing buy-in; staffing the team; establishing sources; deriving intel.
\nGartner defines threat intelligence as, \u201cevidence-based knowledge\u2026 about an existing or emerging\u2026 hazard to assets that can be used to inform decisions regarding the subject\u2019s response to that\u2026 hazard.\u201d At first glance, this could be a definition for a single black-box product, but it\u2019s likely that it would actually need to exist inside a framework in order to contextualize the knowledge that originates from third parties.
\nIn all these definitions, there is one constant: threat intelligence cannot simply be deployed in a way that adds value as a black box system.
\nThere is an explosion of threat intelligence products on the market today, but they can all broadly be split into three groups \u2013 feed-, research- and platform-driven products.
\nWhile feed and research-driven products have the potential to add value, such as offering an outsourced information gathering or analyst function, they lack the ability to contextualize knowledge with local information.
\nThis dramatically limits their ability to deliver actionable intelligence to organizations.
\nAn alternative would be for a consumer to have direct access to a threat intelligence provider\u2019s backend storage and transform functions so that they could pull out intelligence based on their localized knowledge.
\nUnfortunately that\u2019s unlikely to be possible when these products deliver generic information to numerous end users rather than harvesting local knowledge about individual environments.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f4c95faf2c&e=20056c7556<\/p>\n
Malware Trends and Tactics: 3 Things Companies Need To Do
\nMalcovery produced 540 reports during the second quarter related to email-based malware and phishing attacks.
\nIn each case, Malcovery’s analyst team dissected the campaign to uncover how it was designed to penetrate your network perimeter.
\nThere are 3 things that companies need to do based on this analysis.<\/p>\n
Automate consumption of threat intelligence.
\nBeware of Microsoft Office attachments.
\nReview how your team is using third party file sharing services.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dc06c1be8b&e=20056c7556<\/p>\n
The FBI published an alert on the significant increase of the Business Email Scams (BEC), the number of victims is growing such as the financial losses.
\n… the FBI warned the world that Business Email Scams (BEC) victims are growing, making companies losing money.
\nThe law enforcement highlights that frauds use to start with crooks spoofing communications from high management and executives and deceive them to authorize international wire transfers.
\nNormally all starts with a phishing email specifically crafted to a company executive, or employees of the targeted company.
\nThe emails look like as a legitimate message sent from a look-alike domain, let\u2019s say that an original company is called Timetolife.com, the crook will send an email to the victim from Timetoolife.com.<\/p>\n
Since it is a crafted email, the crooks pay attention to the details so this type of emails will not set off spam traps, because it\u2019s a targeted email.
\nCrooks compose the emails by using the information on the target company available on open sources on the Internet (i.e. social media, press releases, and news).
\nThe list of successfully Business Email Scams is very long.<\/p>\n
Advises to prevent Business Email Scams<\/p>\n
Implement two-step authentication to emails
\nWhen possible call to the person who sent the email, to verify what is asking
\nInform employees not to publish\/share job-related activities on social media and forums
\nEducate your employee, have a security awareness program
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4d41230ee9&e=20056c7556<\/p>\n
The seven deadly sins of incident response
\nThe seemingly endless barrage of attacks on government and enterprise networks has made it clear that organizations need to be much more proactive when it comes to security.
\nDeploying perimeter defences \/ defences like firewalls and antivirus, and expecting them to keep attackers off of your network, has become just plain foolish in the light of today\u2019s increasingly complex threat landscape.
\nSecurity success is no longer just about keeping threats out of your network, but instead about how quickly you can respond and thwart an attack when it happens.
\nDespite this scenario, many organizations still haven\u2019t gotten it quite right when it comes to incident response.
\nHere are \u2018seven deadly sins\u2019 that Lancope often sees companies committing when attempting to build an incident response function.
\n1. Not understanding your environment due to a lack of visibility.
\n2. Not having the right staff.
\n3. Lacking the appropriate budget.
\n4. Becoming a headless chicken when breaches occur.
\n5. Using generic processes not specific to your organization.
\n6. Improper threat modeling.
\n7. Not considering your environment and capabilities when tuning devices.
\n8. Bonus sin! \u2013 Not taking advantage of the fruits of an incident investigation.
\nAccording to the previously mentioned Ponemon Report, 65 percent of respondents said that threat feeds were one of the most effective tools for helping to detect breaches.
\nYet 54 percent said they did not collect threat indicators from their own incidents for use in fighting future attacks.
\nOrganizations need to realize that the information they glean during an incident investigation is far more valuable than a third-party threat feed in determining which types of attacks their network might experience in the future and being better equipped to handle them.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=18eac28815&e=20056c7556<\/p>\n
Filling the ranks of Japan\u2019s cyberwarriors in time for 2020 Olympics proves a major challenge
\nThe government has set up new organizations tasked with boosting cybersecurity in the run-up to the 2020 Tokyo Olympic and Paralympic Games \u2014 but filling the slots of these cyberwarriors is proving to be an ongoing battle.
\nThe government set up a working team on cybersecurity last October to prepare for the 2020 Games.
\nBased on the basic law on cybersecurity, which was enacted the following month, the government in January created a cybersecurity strategy team, headed by Chief Cabinet Secretary Yoshihide Suga, and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC).
\nThe headquarters drafted a new strategy paper emphasizing measures for the period up to 2020.
\nThe draft calls for the establishment of a Computer Security Incident Response Team (CSIRT) for the 2020 Olympics and Paralympics.
\nIt would be staffed with dozens of experts from both the public and private sectors whose job would be to minimize damage from cyberattacks.
\nAccording to an estimate by the Information-Technology Promotion Agency, Japan, adequate cybersecurity response would require a total workforce of 350,000.
\nBut there are just 265,000 information security engineers in the country, with 160,000 of them needing to be retrained, the agency said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a53df6b903&e=20056c7556<\/p>\n
To Battle Cyber Attacks, CEOs Need To Act More Like The Military
\nA recent survey by Oxford University and the U.K.\u2019s Centre for the Protection of the National Infrastructure found that concern for cyber security was significantly lower among managers inside the C-suite than among managers outside it. \u201cSuch shortsightedness at the top is a serious problem,\u201d said David Upton, American Standard Companies Professor of Operations Management at Sa\u00efd Business School, University of Oxford.
\n\u2018The reality is that if CEOs don\u2019t take cyber security threats seriously, their organisations won\u2019t either \u2026 They must marshal their entire leadership team \u2013 technical and line management, and human resources \u2013 to make people, principles, and IT systems work together.\u201d
\nUpton is one of the authors of a new study, published in the Harvard Business Review, that sets out to explain how organizations can be more effective in this area.
\nThe other authors are James A.
\nWinnefeld Jr and Christopher Kirchhoff, respectively the ninth vice-chairman of the U.S.
\nJoint Chiefs of Staff and an admiral in the U.S.
\nNavy until his retirement this month, and a special assistant to the chairman of the Joint Chiefs of Staff.
\nIn the HBR article, entitled \u201cCybersecurity\u2019s Human Factor: Lessons from the Pentagon,\u201d they add:<\/p>\n
One key lesson of the military\u2019s experience is that while technical upgrades are important, minimizing human error is even more crucial.
\nMistakes by network administrators and users\u2014failures to patch vulnerabilities in legacy systems, misconfigured settings, violations of standard procedures\u2014open the door to the overwhelming majority of successful attacks.<\/p>\n
They believe there are measures that leaders of any sort of organization can take to ensure such principles are part of employees\u2019 everyday routines.
\nThey are:
\n1. Take charge
\n2. Make everyone accountable.
\n3. Institute uniform standards and centrally-managed training and certification.
\n4. Couple formality with forceful back-up.
\n5. Check up on your defenses.
\n6. Eliminate fear of honesty and increase the consequences of dishonesty.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4a6602c0ca&e=20056c7556<\/p>\n
Risks vs. Benefits of Security Investments
\nBeing able to determine the ROI of security investments is a complex, albeit necessary, task when organizations make security investments.
\nSimply put, the goal is to demonstrate how the benefits of the organization\u2019s security strategy outweigh the risk of not investing.
\nThe primary issue CISOs need to address is how much of an investment is enough.
\nAfter all, even an infinite budget will not prevent every last breach or incident.
\nA prudent CISO will communicate the current risk posture including any policies, procedures and controls in place to help protect the organization from threats, whether internal or external.
\nThe CISO ultimately needs to explain that risk exists regardless of investment, and then effectively outline the goal of reducing risk without impacting business operations.
\nBottom line, the days of a moat around the castle no longer exist.
\nThe challenge here is that most non-security executives feel safe and secure because they simply don\u2019t know what they don\u2019t know.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7497228dbc&e=20056c7556<\/p>\n
Cisco Predicts \u2018Second Wave\u2019 Of Cloud Adoption
\nHowever, the research \u2013 which was commissioned by Cisco \u2013 also revealed that nearly three quarters of the 3,000-plus organisations surveyed don\u2019t have a solid cloud strategy.
\nCisco Systems Inc. sees a growing second wave of businesses adopting cloud-computing platforms, and it\u2019s eager to help them optimize their cloud strategies.
\nIn the study, IDC identifies five levels of cloud maturity: ad hoc, opportunistic, repeatable, managed and optimised.
\nThey are also achieving $1.2m in cost reduction per cloud-based application.
\nThe manufacturing industry was found to have the largest cloud adoption rate, with 33 percent of companies having a developed strategy, followed by IT (30 percent), finance (29 percent), and healthcare (28 percent).
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d91e0e52c5&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage2.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=d5422b77fe)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Demystifying Threat Intelligence For Forrester, threat intelligence is not a single product or service, but a framework constructed around high-quality information sources and skilled analysts. In Five Steps…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1137","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1137"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1137\/revisions"}],"predecessor-version":[{"id":3624,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1137\/revisions\/3624"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}