What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-24 23:23:00 | BrandPost: Beyond the Cyber Buzzwords: What Executives Should Know About SASE (lien direct) | Coined in late 2019 by Neil MacDonald and Joe Skorupa of Gartner®, SASE (secure access service edge) describes a strategy that converges cybersecurity and WAN edge networking to address challenges that organizations are facing now. Specifically, organizations need to manage an ever-growing technology stack across an increasingly dynamic “service edge” that now includes branches, mobile users, SaaS applications, and shifts in data centers between on-premises and the cloud.Individual cybersecurity technologies, like SD-WAN, WAN optimization, NGFW, ZTNA, SWG, CASB, and more, frequently lead to scalability problems if left as separate services. This scaling issue is compounded if these technologies must also be self-managed, upgraded, and maintained.To read this article in full, please click here | Guideline | ||
|
2022-08-24 11:54:00 | How 2023 cybersecurity budget allocations are shaping up (lien direct) | Cybersecurity spending in the coming year may not be recession-proof, but it's likely to be recession-resistant. Still, pressure remains on security leaders to prioritize technologies that generate the most bang for the buck. Forrester released a report Tuesday to help organizations do just that."It's hard to assess what 2023 budgets will look like because most companies are in their budget planning for 2023 now, but I think most companies are taking a cautious approach," says Forrester Vice President and Research Director Merritt Maxim."There might be some growth or flat, with the potential that if there is a more significant downturn next year, then spot cuts may be necessary," Maxim continues. "For now, though, I don't see any immediate slashing of budgets in anticipation of macroeconomic conditions."To read this article in full, please click here | Guideline | ★★★ | |
|
2022-08-22 02:00:00 | 7 critical steps for successful security onboarding (lien direct) | Jerich Beason, CISO, Commercial Bank at Capital One, equates the Great Resignation with the great onboarding.“If you are a cyber leader, you are likely onboarding new talent this year. My experience is that the first week onboard sets the tone for that person's tenure,” he writes in an online post. “Don't take this opportunity lightly. You only have one chance to make a first impression.”[ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. | Sign up for CSO newsletters. ] He says critical tasks to handle during onboarding include providing an overview of the security vision, mission, and core values as well as walking new employees through the security strategy and roadmap.To read this article in full, please click here | Guideline | ||
|
2022-08-17 12:10:00 | New Deep Instinct partner program targets MSSPs fighting ransomware (lien direct) | Cybersecurity firm Deep Instinct has rolled out a new partner program to provide its endpoint and application protection software to managed security service providers (MSSPs), the company announced Wednesday.The Stratosphere program was initially announced in April, and designed as a simplified channel program that focuses on expected partner margins, instead of set discounts on the product. Volume-based recognition and “medallion tiers” for sales are out. Instead, the company is offering “loyalty points” for achieving a range of different sales-related goals-like creating leads, getting customers certified, or completing business plans.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-08-09 02:00:00 | How OKRs keep security programs on track (lien direct) | When Michael Gregg joined the State of North Dakota as a security leader, he brought with him a concept he liked to use for keeping his security program on track: identifying objectives and key results (OKRs) and tracking progress against them.He says they had worked for him in the past, and he believed that introducing their use to the state's security program could be equally useful.“It was a good way for the security team to stay focused. It helps give me and the teams priorities, it gives alignment between the teams, and we get the tracking and accountability,” says Gregg, who was named the state's CISO in late 2021 after working in the position as an interim and prior to that as director of state cyber operations.To read this article in full, please click here | Guideline | ||
|
2022-08-08 10:05:00 | Ransomware, email compromise are top security threats, but deepfakes increase (lien direct) | While ransomware and business email compromise (BEC) are leading causes of security incidents for businesses, geopolitics and deepfakes are playing an increasing role, according to reports from two leading cybersecurity companies.VMware's 2022 Global Incident Threat Response Report shows a steady rise in extortionary ransomware attacks and BEC, alongside fresh jumps in deepfakes and zero-day exploits.To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-08-08 02:00:00 | SBOM formats SPDX and CycloneDX compared (lien direct) | Software bills of materials (SBOMs) are becoming a critical component of vulnerability management. Many organizations, however, are still wrestling with understanding fundamental topics in the SBOM discussion, such as the differences among the SBOM formats.What are SBOM formats? SBOM formats are standards for defining a unified structure for generating SBOMs and sharing them with end users or customers. They describe the composition of software in a common format that other tools can understand.The leading SBOM formats are Software Package Data Exchange (SPDX), Software Identification (SWID) Tagging, and CycloneDX. Only SPDX and CycloneDX are being adopted for security use cases. SWID is primarily focused on licensing and is therefore out of scope for this discussion. As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and others have stated, we will have multiple SBOM formats for some time.To read this article in full, please click here | Vulnerability Guideline | ||
|
2022-08-02 06:03:00 | BrandPost: Security Leaders Share 5 Steps to Strengthening Cyber Resilience (lien direct) | With new threat actors emerging every day and a growing number of cyber attacks making headlines, cybersecurity has become a critical business imperative. Security leaders face the dual challenge of needing to stay competitive in a rapidly evolving business landscape while also defending against increasingly serious cyber threats, reducing complexity, and facilitating their organization's digital transformation.To better understand emerging security trends and top concerns among Chief Information Security Officers (CISOs), Microsoft Security conducted a survey of more than 500 security professionals. Based on the responses we received, we developed five steps organizations can take to improve their cyber resilience in the process. Keep reading to uncover our insights.To read this article in full, please click here | Threat Guideline | ||
|
2022-08-02 02:00:00 | How OpenSSF Scorecards can help to evaluate open-source software risks (lien direct) | Everyone knows the phrase “software is eating the world” by Marc Andreessen from over a decade ago. Software powers and touches nearly every aspect of modern society, both personally and professionally, and is critical to the modern economy and national security.It can also be said that open-source software (OSS) has eaten the software industry. The Linux Foundation and other groups have estimated that free and open-source software (FOSS) constitutes 70% to 90% of any modern software product. Not only is modern software largely composed of OSS components, but IT leaders are more likely to work with vendors who also contribute to the OSS community.To read this article in full, please click here | Guideline | ★★★★★ | |
|
2022-08-01 10:00:00 | BrandPost: Three Pillars of the Autonomous SOC (lien direct) | Security operations center (SOC) leaders face a difficult balancing act. They need to secure complex infrastructures and applications as organizations shift to the cloud, achieve digital transformation, and manage risk – while attracting and retaining skilled cybersecurity talent in a tight labor market.Add in today's fast-evolving threat landscape with its increased volume of sophisticated attacks, and you have the perfect storm: the lack of visibility into complex operating environments, the inability to analyze cloud-scale volumes of data, and the struggle to enhance team performance. All of which lead to lower productivity and higher security risk.To read this article in full, please click here | Threat Guideline | ||
|
2022-08-01 02:00:00 | 5 ways to unite security and compliance (lien direct) | As numerous data compliance laws proliferate across the globe, security professionals have become too focused on checking their requirements boxes when they should be focused on reducing risk. Can the two work harmoniously together?The answer depends on how effectively IT security leaders can work with their auditors and speak to their boards, say experts. These are their top five recommendations:1. Focus on data protection It's well-known that compliance is about protecting regulated data, while cybersecurity is focused on keeping bad guys out. From a data protection perspective, the key security measure then is to avoid processing or storing regulated data that isn't needed. If regulated data must be stored, make sure you're using stronger-than-recommended encryption, says James Morrison, national cybersecurity specialist for Intelisys, the infrastructure support division of payment systems company, ScanSource.To read this article in full, please click here | Guideline | ★★★★★ | |
|
2022-07-28 15:04:00 | BrandPost: CISOs Are Focused on These 3 Trends, Are You? (lien direct) | Security leaders are facing growing pressures in today's rapidly evolving cyber landscape. The rise in remote work means that many organizations are managing a complex web of in-person, online, and hybrid work scenarios while also juggling cloud migration to support their diversified workforce. There's also the increase in the sheer volume of cyber attacks to contend with; between July 2020 and June 2021, there was a 1,070% increase in ransomware attacks alone.[1]For Chief Information Security Officers (CISOs), this has created a variety of new challenges to contend with. Based on our conversations with security leaders, Microsoft has identified the top three focus areas that CISOs are prioritizing today so you can understand what steps your organization should take to guard against ongoing cybersecurity threats.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-07-27 12:57:00 | BrandPost: How a Cybersecurity Program Can Counter Configuration Drift (lien direct) | Once your organization is secured, you'll need to ensure that your environment doesn't stray from its protected state. Configuration drift may be inevitable, but you can leverage best practices to minimize its consequences.Why does configuration drift occur? Whether by choice or chance, change happens in IT environments. Software updates roll out, ad hoc decisions take effect, end users change settings, and new systems come in. When these decisions are made in haste, security considerations can be incomplete or missing altogether.Even if systems were secure to start with, the once-hardened IT environments develop “gaps” over time. It's not always easy to keep track of the changes that can lead to configuration drift. You'll need a management tool that provides you with a big (and granular) picture so that your team can effectively monitor and remedy the situation.To read this article in full, please click here | Tool Guideline | ||
|
2022-07-27 05:00:00 | GitGuardian launches ggcanary project to help detect open-source software risks (lien direct) | Code security platform provider GitGuardian has announced the launch of a new open-source canary tokens project to help organizations detect compromised developer and DevOps environments. According to the firm, security teams can use GitGuardian Canary Tokens (ggcanary) to create and deploy canary tokens in the form of Amazon Web Services (AWS) secrets to trigger alerts as soon as they are tampered with by attackers. The release is reflective of a wider industry trend of emerging standards and initiatives designed to tackle risks surrounding the software supply chain and DevOps tools.ggcanary features “highly sensitive” intrusion detection In a press release, GitGuardian stated organizations' continued adoption of the cloud and modern software development practices is leading to them unknowingly expanding their attack surfaces. Poorly secured internet-facing assets and corporate networks are triggering attackers to turn to components in the software supply chain like continuous integration and continuous deployment (CI/CD) pipelines as entry points, it added.To read this article in full, please click here | Guideline | ||
|
2022-07-21 11:38:00 | Deloitte expands its managed XDR platform (lien direct) | Deloitte announced an update this week to its Managed Extended Detection and Response platform. The upgrade boosts the platform's capabilities to collect intelligence, hunt for threats, and secure mobile devices. Among the new modules added to Deloitte's MXDR offering: Cyber Security Intelligence, which adds to Deloitte's tools and proprietary sources intelligence from CrowdStrike Falcon X. The combination will provide users with actionable indicators of compromise (IoCs), threat notifications, threat actor profiles, industry landscapes, automated sandbox analysis, and threat briefing requests for information. "CSI allows us to be much more proactive in our detection, prevention, and understanding of threats so we can be more proactive in planning with our clients," says Deloitte MXDR leader Curt Aubley. Dynamic Adversary Intelligence, which provides clients with "over-the-horizon" adversary investigations. DAI uses passive intelligence collection methods, including global telemetry, industry-leading application programming interface integrations, refined tradecraft, proprietary analytics of publicly available information, and proprietary sources via Splunk. "DAI gives clients an inside-out view of attackers," Aubley explains. "It can also give a client the information they need to give to authorities to track down adversaries." Digital Risk Protection, which lets a client follow their digital footprint online. "We can fingerprint a client's intellectual property," Aubley says. "Using that information, along with data like domain names, email addresses, and others, we can look on the open web, deep web, and dark web and see if that information has gotten into the hands of an adversary. Then we can let a client know how to best manage any potential crisis that might arise from that leak. We can also look inside their environment to determine how the leak happened." Active Hunt and Response, which includes the use of a "dissolvable agent" that can be planted in the memory of an endpoint and collect data about an attacker while remaining invisible to them. In addition, a new Mobile Prevent, Detection, and Response module has been added to the MXDR platform. It has expanded hunting capabilities and is fully integrated with CrowdStrike Falcon for Mobile Endpoint Detection and Response and CrowdStrike's mobile threat defense.To read this article in full, please click here | Threat Guideline | Deloitte Deloitte | |
|
2022-07-21 05:10:00 | NSO Group\'s Pegasus crashes as Apple initiates Dignity and Justice Fund (lien direct) | Much has been written about NSO Group's collision with government reality when the Israeli firm found itself on the wrong side of a business decision to sell their technologies to entities that used it to target human rights activists, political leaders, journalists, and a bevy of U.S. persons. The collision came in the form of the U.S. government blacklisting the company, effectively drying up a great percentage of their clients to the point where bankruptcy was seen on the horizon.White House nixes L3Harris interest in NSO Then, according to a recent New York Times expose, U.S. defense contractor/supplier L3Harris allegedly attempted a Phoenix-like save and raise the charred NSO from the ashes, with the sub rosa assistance of the U.S. intelligence community. Apparently, L3Harris had its eye on the “zero-click” exploit provided by NSO's Pegasus for resale or exploitation by the U.S. To those not well versed in the government supply and contract world, L3Harris has expertise in the exploitation of cellphones.To read this article in full, please click here | Guideline | ||
|
2022-07-20 02:00:00 | Breaking down CIS\'s new software supply chain security guidance (lien direct) | Securing the software supply chain continues to be one of the most discussed topics currently among IT and cybersecurity leaders. A study by In-Q-Tel researchers shows a rapid rise in software supply chain attacks starting around 2016, going from almost none in 2015 to about 1,500 in 2020. The Cloud Native Computing Foundation's (CNCF's) catalog of software supply chain attacks also supports a rise in this attack vector.To read this article in full, please click here | Guideline | ||
|
2022-07-19 03:34:00 | Unauthorized access jumped 4x in 2021 (lien direct) | Security breaches from issues associated with supply chain and third-party suppliers have recorded an unprecedented jump of 297%, representing about a fourth of all the security breaches in 2021 in the US, according to a study by digital identity and access management platform ForgeRock.The 2022 Consumer Identity and Breach Report found unauthorized access to be the leading infection vector for the breaches, accounting for 50% of all records compromised in 2021.The average cost of a breach in the US, according to the report, was $9.5 million, which is the highest in the world and up 16% from $8.2 million in 2020.For the study, ForgeRock gathered data from several sources including the Identity Theft Resource Centre, Forrester Research, and the Ponemon Institute, between January 1, 2021 and December 1, 2021.To read this article in full, please click here | Guideline | ||
|
2022-07-15 08:45:00 | TikTok resets the clock on security leadership (lien direct) | The best time to do succession planning was last year. But the next best time is right now.The news this morning that Roland Cloutier is stepping away from the TikTok Global CSO role may or may not be surprising. After all, Roland joined TikTok a couple of years ago, around the same time that TikTok was dragged into some US political maneuverings. At the time, it wasn't clear if Roland was going to be their CSO-for-life, or if his role was to guide TikTok through a transition and build an excellent foundation for its security future (I guess we know now).To read this article in full, please click here | Guideline | ||
|
2022-07-15 02:00:00 | New US CISO appointments, July 2022 (lien direct) | The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Amy Bennett, executive editor.To read this article in full, please click here | Threat Guideline | ||
|
2022-07-14 02:00:00 | 5 key considerations for your 2023 cybersecurity budget planning (lien direct) | As CISOs look to prepare their 2023 security budgets, some might be asking themselves, “where do I begin?” There are such varied and rapidly changing facets of defending organizations against cyber threats that the task of sorting out which risks need the most attention can seem overwhelming.Nevertheless, security leaders need to begin thinking about how much funding they will need and how they will allocate their budgets. “At a macro level, when defining strategic goals and developing budgets for security, CISOs should know that the status quo will likely leave security leaders with an impossible mission ahead-constrained to maintain operations and new initiatives,” says David Chaddock, director of cybersecurity for consultancy West Monroe.To read this article in full, please click here | Guideline | ★★ | |
|
2022-07-12 02:00:00 | Locked in: How long is too long for security vendor contracts? (lien direct) | Stephanie Benoit Kurtz thought she had a good deal when, in one of her former CISO roles, she signed a three-year contract with a vendor for vulnerability management as a service.Benoit Kurtz inked the deal thinking that her security operations program would make full use of all the offered features. But she found early into the three-year stretch that her team only used about 60% of them.She says she was in a bind: paying for a product that wasn't really the right fit with no way to get out of the contract.“It's hard to go back to the manufacturer and say, 'I didn't need that module so can I get my money back?” They don't seem to want to engage in that conversation,” says Benoit Kurtz, a former security executive who is now lead faculty for the College of Information Systems and Technology at the University of Phoenix.To read this article in full, please click here | Vulnerability Guideline | ||
|
2022-07-11 02:00:00 | Understanding your API attack surface: How to get started (lien direct) | We live in a world of cloud computing, mobile devices and microservices. Nearly every application we interact with is powered by APIs, often many, especially when dealing with the leading cloud service providers (CSPs), mobile applications and microservice environments. This makes APIs a critical part of an organization's attack surface.Akamai estimates that roughly 83% of internet traffic is API-based. Other studies such as those from Salt Security state that API attacks increased over 600% from 2021 to 2022, and Gartner predicts that 90% of web-enabled applications will have broader attack surfaces due to exposed API's. The latest study from Imperva claims that vulnerable APIs are costing organizations between $40 and $70 billion annually.To read this article in full, please click here | Studies Guideline | ||
|
2022-07-07 04:26:00 | U.S. and UK warn local governments, businesses of China\'s influence operations (lien direct) | In a concerted effort to spread the word on the threat posed by China to governments at the state and local level as well as businesses of all sizes, the U.S. National Counterintelligence and Security Centre (NSCS), issued a “Safeguarding Our Future” bulletin. “Protecting Government and Business Leaders at the U.S. State and Local Level from People's Republic of China (PRC) Influence Operations” differs from previous warnings on China's use of social networks, pseudo-state-sponsored hackers, etc. The NSCS highlights how the Chinese intelligence apparatus uses the whole-of-government approach as they work to acquire information in support of the Communist Party of China (CCP) directives.To read this article in full, please click here | Threat Guideline | ||
|
2022-07-04 05:22:00 | Asia could be placing all the wrong cybersecurity bets (lien direct) | Over two-thirds (69%) of security leaders in Asia are confident about their organization's cybersecurity resilience, even as 48% also admit that there is still room for improvement, a new joint study by Microsoft and risk advisory firm Marsh has found.The Asian edition of The State of Cyber Resilience report, which had over 660 participants, including CEOs, CISOs, and risk managers, revealed that companies in Asia have experienced a far higher number of privacy breaches (28%) and denial of service attacks (21%) as compared to their global peers (18% and 14% respectively).Companies in Asia perceived privacy breaches or the loss of data as their top security concerns, while globally ransomware was observed as the biggest concern among organizations. As such, data loss is a critical concern that needs to be addressed and factored into cyberrisk management strategies, the report said.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-06-30 02:00:00 | Key takeaways from CSA\'s SaaS Governance Best Practices guide (lien direct) | SaaS governance and security is gaining attention among IT and security leaders. This is good, given that organizations are using exponentially more software-as-a-service (SaaS) than infrastructure-as-a-service (IaaS) offerings. Large enterprises are using upwards of 200 different SaaS offerings, compared to two or three IaaS providers, and only about 30% of organizations have any sort of SaaS security solutions in place.Despite the pervasive use of SaaS, it is overwhelmingly ungoverned with little insight into use, data storage or access control. That's why the Cloud Security Alliance (CSA) created the SaaS Governance Best Practices for Cloud Customers whitepaper, for which I was honored to serve as its co-lead. These are some of the key security takeaways from the SaaS governance best practices guidance.To read this article in full, please click here | Guideline | ||
|
2022-06-29 08:42:00 | BrandPost: Four Key Ways CISOs can Strengthen OT Security (lien direct) | The past decade has seen an increase in the number of operational technology (OT) attacks and their impact on organizations. Fortinet recently released its 2022 State of Operational Technology and Cybersecurity Report revealing that 93% of OT organizations experienced one intrusion in the past year and 78% of them experienced more than three intrusions. The survey also found that CISOs and business leaders consider OT security a top concern. Outlined below are steps leaders can take to improve their OT security posture to decrease the risk of threats and keep up with bad actors.To read this article in full, please click here | Threat Guideline | ||
|
2022-06-08 09:57:00 | BrandPost: 4 Factors to Consider When Choosing a Cloud Workload Protection Platform (lien direct) | Every dollar spent on security must produce a return on investment (ROI) in the form of better detection or prevention. As an IT leader, finding the tool that meets this requirement is not always easy. It is tempting for CISOs and CIOs to succumb to the “shiny toy” syndrome: to buy the newest tool claiming to address the security challenges facing their hybrid environment.With cloud adoption on the rise, securing cloud assets will be a critical aspect of supporting digital transformation efforts and the continuous delivery of applications and services to customers well into the future.However, embracing the cloud widens the attack surface. That attack surface includes private, public, and hybrid environments. A traditional approach to security simply doesn't provide the level of security needed to protect this environment and requires organizations to have granular visibility over cloud events.To read this article in full, please click here | Tool Guideline | ||
|
2022-05-30 02:00:00 | The Open Source Software Security Mobilization Plan: Takeaways for security leaders (lien direct) | The Linux Foundation and the Open Source Security Foundation (OpenSSF) have introduced the Open Source Software Security Mobilization Plan. This is in response to attacks on the software supply chain and an uptick in interest in securing them. Supply chains are appealing targets to malicious actors because they can compromise a single point and have a cascading impact across the ecosystem of customers, as the SolarWinds and Log4j attacks have shown.To read this article in full, please click here | Guideline | ||
|
2022-05-19 05:47:00 | Two account compromise flaws fixed in Strapi headless CMS (lien direct) | Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised.According to researchers with the Synopsys Cybersecurity Research Center (CyRC), the flaws allow a user with low privileges to access sensitive data that can be used to perform a password reset for a higher privileged account, such as the administrator. This means attackers need to gain access to a low-privileged account first and this can be achieved via compromised credentials, phishing or other methods.To read this article in full, please click here | Guideline | ||
|
2020-10-20 03:00:00 | Avoiding the snags and snares in data breach reporting: What CISOs need to know (lien direct) | Failing to report sensitive data breaches to US regulatory and law enforcement agencies just got more dangerous and confusing for CISOs and their organizations. If that failure is seen as a coverup, such as paying ransoms for retrieving sensitive data, it could lead to steep fines or jail time. | Data Breach Guideline | ||
|
2020-10-05 06:45:00 | BrandPost: From Botnets to Phishing: A Discussion on the 2020 Threat Landscape (lien direct) | An unforeseeable shift in network structures and attack strategies was dropped on the cybersecurity industry in 2020. As the COVID-19 pandemic continues to take its toll on organizations and individuals around the globe, we are now dealing with a threat landscape that's become more intense, complex, and saturated than ever before. And many organizations are finding it challenging to allot sufficient resources towards managing and mitigating these growing and evolving threats, having already faced operational setbacks prompted by the sudden transition to a fully remote workplace. Considering the ever-evolving nature of today's cyber threats, business leaders must continually familiarize themselves with up-to-date threat intelligence and invest in the resources necessary to protect what is now – and will remain indefinitely – a larger, more fluid attack surface. This time, the changes happening across the cyber threat landscape are more dramatic, and the risks due to recent network changes are greater than ever. This makes accurate and actionable threat intelligence even more crucial. The following threat summary highlights the cyber criminal community's ability to adapt and take advantage of low-hanging fruit to achieve their goals. | Threat Guideline | ||
|
2020-07-21 10:14:00 | BrandPost: How to Get Broader, Deeper MITRE Attack Coverage by Using EDR and NDR Together (lien direct) | The MITRE ATT&CK Framework has rapidly become the go-to lens through which security operations teams view their ability to detect attacker tactics, techniques, and procedures (TTPs). The ATT&CK Framework comprises 266 (and counting) TTPs across 12 tactic categories from initial compromise through maintaining persistence, defense evasion, and finally impact, spanning the course of a full cyberattack campaign.When enterprise SecOps teams start using MITRE ATT&CK, they gain a clearer view of which attack tactics they're able to detect, and which might fly under the radar or evade their defenses and eventually lead to a breach. Understanding these gaps in their defenses makes it easier to understand where to invest security budget, and how to update policies and procedures to fill those gaps. | Guideline | ||
|
2020-06-24 10:17:00 | BrandPost: ExtraHop Named in the 2020 Gartner Market Guide for UCaaS Monitoring (lien direct) | Unified Communications solutions have been integral to the enterprise for years, and as remote work becomes more common, the attack surface and potential for challenging performance issues increase with it. Remote workers logging in from new, unmanaged devices, shared devices, and generally using more UC services than ever will lead to more and more service issues and potential security leaks.On top of that, as with every type of enterprise solution, on-premises products will be replaced by those based in the cloud. The move to cloud-based solutions enables agility, but, as any person in IT Operations will remind you, digital transformation rarely happens in isolation. With each migration, the operations necessary to monitor and maintain that solution must also be able to function in the cloud. | Guideline | ||
|
2020-06-16 10:10:00 | BrandPost: SecureX: The Connective Tissue for Integrated Security (lien direct) | There's rarely a dull moment for security leaders. Many technology-related things are constantly evolving - the threat landscape, attack surface, business needs, and access to specific skill sets.That's why every security approach must enable both agility and stability - in other words, satisfy the ability to quickly respond to new events, while also providing robust, reliable security. “It comes down to simplifying the security team's day-to-day operations so that they can spend more time on higher-value activities that ultimately make their organization more secure,” says Jeff Reed, Senior Vice President of Product Management, Cisco Systems. | Threat Guideline | ||
|
2020-06-03 03:00:00 | Spring 2020: CISO rising (lien direct) | Welcome to the Summer 2020 digital issue of CSO, featuring winners of our CSO50 awards and Hall of Fame honorees. In these pages, we take a deep dive into the evolving role of the CISO, including the areas where they are taking on new responsibilities, the changing expectations around data privacy and protection, and some of the challenges ahead.[ Register now to view the Summer 2020 digital issue. ] Contents LEAD5 tips for scaling a security organization How to prepare your SOC for mergers, new business innovation and a constantly changing and growing attack surface. | Guideline | ||
|
2020-05-22 03:00:00 | How Abnormal Security combats business email compromise (lien direct) | When looking at all the different ways that hackers can threaten networks and enterprises, flashy incidents like ransomware scams often come to mind. But a relatively new kind of attack called business email compromise (BEC) has taken the lead in both frequency and overall damage, quickly becoming public enemy number one. | Guideline | ||
|
2020-04-27 03:00:00 | Android security: Patching improves, but fragmentation challenges remain (lien direct) | Android device makers have improved their patching processes over the past two years according to a new analysis, decreasing the time gap between when security updates become public and their integration into firmware. This is good news for the Android ecosystem, which has historically been considered worse than Apple's iOS when it comes to patch hygiene. However, version fragmentation remains high in the Android world, with significant differences among device manufacturers and even across the same vendor's product lines. This leads to many devices running versions that are no longer supported.[ Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Berlin-based Security Research Labs (SRLabs) has published the results of its binary analysis of around 10.000 unique firmware builds running on many Android device models from different manufacturers. Most of the data was collected with SnoopSnitch, an application developed by the company to analyze mobile radio data for abnormalities that could indicate user tracking and fake base stations. It can also check if the Android firmware running on a device has the critical vulnerability patches that correspond to its reported security patch level. | Vulnerability Patching Guideline | ||
|
2020-04-24 07:48:00 | BrandPost: Improving Security Outcomes While Balancing the CISO Budget (lien direct) | CISOs must continually do more with limited financial and human capital. This challenge is becoming more difficult as the attack surface expands, and as cost optimization becomes more critical.To this end, a majority of security leaders (61%) report that outcome-based objectives are helping them better allocate security spending, according to the Cisco 2020 CISO Benchmark Report. Use of this method is up 10% from the 2019 survey.What does this mean in practical terms? To achieve sought-after outcomes, organizations should:1) Find investment balance across their security technology portfolio;2) Achieve the visibility necessary to proactively respond to threats and incidents | Guideline | ||
|
2020-04-23 13:01:00 | BrandPost: A Q&A with Cisco\'s CISO about Addressing Enterprise-wide Security (lien direct) | CISOs roles have significantly expanded. They're now tasked with securing complex IT infrastructures that expand the attack surface, assessing and mitigating risks, addressing the business' and board's concerns about security - as well as managing people, processes, and technologies on limited budgets.And in light of the recent coronavirus pandemic, all these challenges are further heightened. There has been a 26% increase in cyberattacks, with CISOs expecting COVID-19 to affect their risk-based decisions for years to come, according to a recent survey conducted by CSO. | Guideline | ||
|
2020-03-09 03:00:00 | Top cybersecurity facts, figures and statistics for 2020 (lien direct) | Looking for hard numbers to back up your sense of what's happening in the cybersecurity world? We dug into studies and surveys of the industry's landscape to get a sense of the lay of the land-both in terms of what's happening and how security leaders are reacting to it. If you want data on what systems are most vulnerable, what malware is topping the charts, and how much people are getting paid to deal with it all, read on.9 key cybersecurity statistics at-a-glance 94% of malware is delivered via email Phishing attacks account for more than 80% of reported security incidents $17,700 is lost every minute due to phishing attacks 60 percent of breaches involved vulnerabilities for which a patch was available but not applied 63 percent of companies said their data was potentially compromised within the last twelve months due to a hardware- or silicon-level security breach Attacks on IoT devices tripled in the first half of 2019. fileless attacks grew by 256 percent over the first half of 2019 Data breaches cost enterprises an average of $3.92 million 40 percent of IT leaders say cybersecurity jobs are the most difficult to fill The year in vulnerabilities Let's start by getting basic: no matter how many new and exotic vulnerabilities you'll hear about, in this article and others on cybersecurity, there's one that towers over all the rest. In an examination of thousands of security incidents, Verizon found that almost all malware arrived on computers via email: this was true in 94 percent of cases. In not unrelated news, the number one type of social engineering attack, accounting for more than 80 percent of reported incidents, is phishing-the end goal of which is often to convince users to install malware. So if you want to improve your security posture, you know where to start. (And before you think of phishing as some kind of sinister Eastern European or Nigerian scam, know that 40 percent of phishing command and control servers are in the US.) | Malware Studies Guideline | ||
|
2020-02-26 07:55:00 | 2020 Security: Securing Your Business with an Integrated Security Platform (lien direct) | IT security may, at times, seem an elusive goal.CISOs are facing multiple challenges. Digital transformation efforts, cloud and mobile implementations, and DevOps adoption have led to increasingly complex IT environments. These same trends have also expanded the attack surface.At the same time, security leaders are grappling with obstacles often outside their control - including sophisticated threats arising from well-funded attackers and the ongoing skills gap.With the release of Cisco SecureX, CISOs gain a solution that addresses these challenges and offers the visibility and confidence that arise from an improved security posture. | Guideline | ||
|
2020-02-19 15:41:00 | BrandPost: What Does Cloud-Native Mean for Security? (lien direct) | Among enterprise C-level leaders, "cloud-native" is becoming a strategic imperative for several reasons. Cloud-native applications are purposefully designed and deployed using agile methods to support flexibility and scalability in the cloud. The implementation of cloud-native applications is thus more efficient and lends itself to automation.While this defines cloud-native in the simplest of terms, there are several implications for security operations, from the migration process to collaborative efforts in securing the hybrid attack surface.The Relationship Between Cloud-Native and Security The recent 451 Research report, "The Impact and Evolution of Cloud Native," suggests that cloud-native architectures are more economical because they are driven by multiple microservices. Businesses can easily scale when they need to, making software deployment and development a much simpler and more cost-effective process. | Guideline | ||
|
2020-01-07 03:00:00 | How to stop email spoofing of parked domains (lien direct) | Deploying DMARC to prevent email spoofing is a no-brainer. No one wants spoofed email from @yourdomain.com that could easily lead to a successful phishing attack or business email compromise (BEC). But have you deployed DMARC (Domain-based Message Authentication, Reporting and Conformance) for domains you own that do not send or receive email? | Guideline | ||
|
2019-11-19 07:09:00 | BrandPost: Five Reasons You Need a Global View of Your Attack Surface (lien direct) | In the past, the vast majority of an organization's attack surface was based on static ranges registered to that organization. This made it relatively simple to monitor for signs of compromise and prevent intrusion by malicious actors.But things have changed. Today, most organizations have assets on so much more than the static ranges registered to them. The following are the five places where organizations tend to have Internet assets, and where it's critical to identify those assets and reduce your attack surface. They also represent five reasons you need a global, outside-in view of your attack surface. Core IP space: Core ranges are table stakes. Organizations need to rapidly monitor known ranges for inadvertent misconfigurations or device exposures. Any exposures on these ranges are highly attributable and likely to be targeted quickly. Cloud environments: Organizations are moving to the cloud, and it has never been easier for an employee to spin up a device outside of normal IT processes. Organizations should have focused discovery of assets pointed at all cloud environments, including AWS, Azure, Google, Oracle, Rackspace, and other cloud-hosting providers. Commercial ISP space: A mobile workforce has created new classes of risk that haven't previously existed. Traveling employees may have misconfigured workstations that expose their laptops to the world. These exposures are highly ephemeral because they move as the employee travels from home to a coffee shop to a hotel. Subsidiary and acquisition networks: Attackers look for entry points anywhere they can, including nested subsidiaries and historical acquisitions. Often, Expanse identifies both on-premise and cloud assets that were orphaned during an M&A event and are unmonitored. Organizations should take care to search for abandoned assets that may have been overlooked previously. Strategic suppliers: Suppliers are more connected than ever. It's often impossible to do business without sharing sensitive data or permitting network access to critical business partners. Exposures on these fringe segments of your network can lead to data loss or network intrusions on your corporate enclave. Organizations have networks that are so widely distributed that they need to monitor the entire Internet in order to accurately track their Internet-facing presence. It's critical to have the right security and IT Operations solutions in place to discover and monitor your global Internet attack surface across these five areas where Internet Assets live. | Guideline | ||
|
2019-08-26 10:38:00 | Capital One hack shows difficulty of defending against irrational cybercriminals (lien direct) | Software engineer Paige Thompson was arrested in late July for an unprecedented hack into a cloud server containing the personal data of over 100 million people who had filed credit card applications with leading financial institution Capital One. Thompson, who at the time of her arrest ran a hosting company called Netcrave Communications, had held a series of engineering jobs, including a stint at Amazon Web Services (AWS) in 2015 and 2016, where she presumably gained the skills to exploit a vulnerability in an application firewall on Capital One's AWS server. | Hack Vulnerability Guideline | ||
|
2019-07-23 07:48:00 | BrandPost: How Build Kits Speed Implementation of Cyber Best Practices (lien direct) | When it comes to servers, operating systems, and other technology, secure configurations are a key best practice for reducing cyber threats and vulnerabilities. Attackers and cybercriminals are looking for systems with default, insecure settings that are easier to exploit. Changing settings can also indicate a machine has been compromised, leading to a breach or other data theft. In order to mitigate the risk of cyber threats, secure configurations are a must. There are dozens of cybersecurity frameworks available to help guide you in locking down environments. The CIS Benchmarks are one robust option for configuration best practices; they provide consensus-developed guidance to help secure cloud environments, servers, desktop machines, applications, web browsers and more. You can also use a CIS Build Kit to help implement secure configurations in just a few minutes. Keep reading to learn how benchmarks are developed, how to audit for configuration security, and how build kits can help. | Guideline | ||
|
2019-07-12 08:03:00 | How organizations are bridging the cyber-risk management gap (lien direct) | Cyber-risk management is more difficult today than it was two years ago. So say 74% of cybersecurity professionals in a recent ESG research survey. Respondents point to an expanding attack surface, an increase in software vulnerabilities, and more sophisticated tactics, techniques, and procedures (TTPs) from cyber-adversaries. (Note: I am an ESG employee.) OK, so there's a cyber-risk management gap at most organizations. What are they going to do about it? The research indicates that: 34% will increase the frequency of cyber-risk communications between the CISO and executive management. Now, more communication is a good thing, but CISOs must make sure they have the right data and metrics, and this has always been a problem. I see a lot of innovation around some type of CISO cyber-risk management dashboard from vendors such as Kenna Security, RiskLens (supporting the Factor Analysis of Information Risk (FAIR) standard), and Tenable Networks. Over time, cyber-risk analytics will become a critical component of a security operations and analytics platform architecture (SOAPA), so look for vendors such as Exabeam, IBM, LogRhythm, MicroFocus (ArcSight), Splunk, and SumoLogic to make investments in this area. 32% will initiate a project for sensitive data discovery, classification, and security controls. Gaining greater control of sensitive data is always a good idea, yet many organizations never seem to get around to this. Why? It's really, really hard work. This is another area ripe for more VC investment. Rather than paying Accenture, E&Y, or PWC millions, we need tools that can help automate data discovery and classification – especially as organizations ramp up on data privacy. 31% plan to hire more cybersecurity staff. That's a sound idea, but it is difficult to execute. According to recent research from ESG and the Information Systems Security Association (ISSA), 73% of organizations have been impacted by the cybersecurity skills shortage, and these firms are already competing for talent. My advice to CISOs is to assume they won't have the right skills or an adequate staff size in every area – including bridging the cyber-risk management gap. 31% want to increase security awareness training for employees. Also a great idea, but too many firms treat security awareness training as a “check-box” exercise. To really make an impact, CEOs must become cybersecurity cheerleaders and establish a cybersecurity culture throughout the organizations. 29% will conduct more penetration testing and red teaming exercises. ESG data demonstrates that penetration testing and red teaming are extremely beneficial, but few organizations have the internal skills to do those things well and it can be costly to hire third-party services. I'm bullish on an emerging category I call synthetic cyber-risk assessment (SCRA) from vendors such as AttackIQ, Randori, SafeBreach, and Verodin. It's important to remember that cyber-risk management is job #1 for every CISO. Yes, business executives are willing to spend more money on cybersecurity, but they increasingly want to target this spending on protecting their most critical digital assets and need help measuring ROI on these investments. Therefore, it's no exaggeration to say that bridging the cyber-risk management gap may be the most important task for CISOs in 2019 and beyond. | Guideline | ||
|
2019-02-14 03:00:00 | Beware of phony or misleading malware rescue web pages (lien direct) | Scammers and adware purveyors have long used the helpful nature of the internet to get more victims. In a world where the top search engines try their best to filter out the chaff, scammers still do their best to encourage victims to install unneeded and sometimes malicious software. They often succeed by using scare tactics and misleading information. My recent experience is an example and can serve as a warning to others. | Malware Guideline | ||
|
2018-12-11 11:50:00 | Researchers find over 40,000 stolen logins for government portals (lien direct) | Russian cybersecurity firm Group-IB discovered login credentials for over 40,000 accounts that unlock government services in more than 30 countries. The credentials were harvested via phishing attacks that distributed spyware tools such as Pony Formgrabber, AZORult, and Qbot. It is believed the logins may have already been sold on underground hacking forms.As the researchers pointed out, “Even one compromised government employee's account can lead to the theft of commercial or state secrets.” | Guideline |
To see everything:
Our RSS (filtrered)
