What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-06-25 19:30:34 | Ohio using AI to cull old laws and streamline regulations (lien direct) | An AI tool developed by Deloitte is helping Ohio eliminate redundant and unnecessary regulations and rules that cost businesses and taxpayers time and money. | Tool | Deloitte | |
 |
2020-06-15 11:00:00 | Cybersecurity in education: Securing schools as they transition to online learning (lien direct) | This blog was written by an independent guest blogger. Whether they were prepared for it or not, schools around the world have been forced to adopt an online learning model for students thanks to the COVID-19 pandemic. One of the biggest concerns educators need to have in this situation is exactly how to create a fully secure remote learning environment in order to keep sensitive information for both the schools and individual students safe from hackers. Data breaches cause real-world damage and tarnish the credibility of the organizations that fall prey to them (including schools and educational institutions). As schools across the globe turn digital due to students studying from home, they are also becoming more vulnerable targets to cyberattacks. Schools are finding themselves outmatched as these threats intensify. Parents likewise need to learn about and ensure safe cybersecurity practices for their kids, and would therefore also benefit from learning about the security methods that we are about to cover. In this article, we’ll discuss how school technology leaders can develop the necessary strategies to protect against and mitigate breaches by procuring technology and developing risk management policies and planning for incidents before they occur. Why Are Schools At Risk of Cyber Attacks? In the face of the COVID-19 pandemic, the focus and attention of most of the cybersecurity community have been on protecting government institutions, the airline industry, and the healthcare industry from hackers. This is good, but educational institutions are at just as much risk from malicious hackers as the above industries and organizations are as well. If anything, this risk has only increased significantly due to the record numbers of students who are now attending school via online learning platforms, video conferences, and e-learning environments. In the United States, the Federal Bureau of Investigation has warned extensively about the greatly increased cybersecurity risks of teleconferencing and online classrooms. The FBI specifically cites examples of malicious cybercriminals delivering threatening content to Zoom classroom calls (colloquially referred to as Zoom-bombing), which has even resulted in numerous school districts pulling out of Zoom and seeking alternative platforms. This highlights a larger issue of schools and school districts using technology that has either not been properly vetted or that educators and students are not prepared to use safely. In other words, even as school districts turn to alternative teleconferencing options besides Zoom, they can still be a major risk of falling prey to hackers and cybercriminals. This leads us to our next question: what exactly can school districts and educational inst | Malware Vulnerability Guideline | Deloitte | |
|
2020-06-02 13:58:48 | Deloitte launches model to help organizations reboot workspaces (lien direct) | The approach is employee-centric and evaluates each company's physical and virtual circumstances, the firm says. | Deloitte | ||
 |
2020-05-22 10:23:12 | Unemployment claimants suffer data breach (lien direct) | The social security numbers and home addresses of thousands of unemployment applicants inadvertently were exposed this week in three states that had contracted with Deloitte to build unemployment portals. In Ohio, Illinois and Colorado, thousands who applied for Pandemic Unemployment Assistance, or PUA, a type of unemployment newly available to the self-employed and gig workers, […] | Data Breach | Deloitte | ★★★★ |
|
2020-05-21 17:09:32 | "Kinetic" tech leaders needed to reinvent the enterprise (lien direct) | The C-suite recognizes CIOs must become the chief architects of innovation and business change, according to a Deloitte survey. | Deloitte | ||
|
2020-05-19 18:27:31 | Businesses are reopening but don\'t expect pre-crisis operating levels until 2021 (lien direct) | 75% of CFOs believe their company can sufficiently manage the risks of on-site work, according to Deloitte's Q2 CFO Signals survey. | Deloitte | ||
|
2020-05-13 18:23:34 | Nearly 60% of CFOs don\'t expect a return to near-normal operations in 2020 (lien direct) | The retail/wholesale sectors are particularly pessimistic, followed by manufacturing and services, according to a recent poll by Deloitte. | Deloitte | ||
|
2020-04-09 20:16:10 | Deloitte highlights top 9 challenges for enterprises during COVID-19 crisis (lien direct) | Now's the time for organizations large and small to return to the basics with cyber hygiene protocols, the firm's cyber risk services leader says. | Guideline | Deloitte | |
|
2020-03-23 13:50:50 | 3 ways to revamp the hiring process for cybersecurity jobs (lien direct) | Deloitte expert recommends using tactics to compete for the pool of security pros, including offering new incentives like student loan repayment. | Deloitte | ||
|
2020-03-11 12:30:08 | Local governments: Don\'t pay ransoms to hackers (lien direct) | A Deloitte survey about ransomware also recommends that local governments use air-gapped system backups. | Ransomware | Deloitte | |
 |
2020-03-11 05:54:00 | Deloitte: 8 things municipal governments can do about ransomware (lien direct) | The IT systems of the City of Durham and Durham County in North Carolina have been shuttered since a successful ransomware attack struck the municipalities on the evening of March 6. Although details are still sketchy, the North Carolina Bureau of Investigation indicated the attackers used Russian-made malware known as Ryuk. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware | Deloitte | |
|
2020-01-27 19:55:29 | Software developers can create better programs with AI (lien direct) | Artificial intelligence is making the design, development, and deployment of software faster, better, and cheaper, according to Deloitte. | Deloitte | ||
|
2020-01-20 11:00:16 | Leaders like the idea of Industry 4.0 more than reality (lien direct) | Deloitte survey shows executives would rather avoid disruption than cause it but they are putting a new priority on employee training. | Deloitte | ||
|
2019-11-29 10:00:09 | How businesses plan to accelerate growth in 2020 (lien direct) | Further adoption of cloud computing and artificial intelligence will be on the agenda. But another factor may be edge computing, in which data is processed locally, says Deloitte analyst Paul Sallomi. | Deloitte | ||
 |
2019-11-07 17:41:58 | NBlog Nov 7 - super management systems (lien direct) |  ISO 22301, already an excellent standard on business continuity, has just been revised and republished. Advisera has a useful page of info about ISO 22301 here.There's quite a bit of common ground between business continuity and information risk and security, especially as most organizations are highly dependent on their information, IT systems and processes. The most significant risks are often the same, hence it makes sense to manage both aspects competently and consistently. The ISO 'management system' structured approach is effective from the governance and management perspective. Aligning/coordinating the infosec and business continuity management systems has several valuable benefits since they are complementary. Extending that thought, it occurs to me that most if not all other areas of management also have information risk and security implications:Physical site security and facilities management (e.g. reliable power and cooling for the servers);IT and information management (dataflows, information architecture, information systems and networks and processes, intellectual property, innovation, creativity);Change management (ranging from version control through projects and initiatives up to strategic changes);Incident management (see below);Risk management (as a whole, not just information risks);Privacy management; |
Deloitte | ||
|
2019-11-07 15:53:30 | Software companies continue the winning streak on Deloitte\'s Fast 500 list (lien direct) | Tech firms hold 343 spots with SaaS and enterprise software leading the way while biotech/pharma firms make up the second most prevalent sector. | Guideline | Deloitte | |
|
2019-10-24 14:39:20 | Top 5 ways organizations can secure their IoT devices (lien direct) | Connected devices are increasingly being targeted by hackers and cybercriminals. Deloitte shares five tips on how companies can better protect their IoT devices. | Deloitte | ||
 |
2019-10-18 13:25:14 | Bypassing LLMNR/NBT-NS honeypot (lien direct) | AbstractMITRE ATT&CK™ [https://attack.mitre.org/] “is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations” which recommends the Conveigh honeypot [https://github.com/Kevin-Robertson/Conveigh] for detection of the LLMNR/NBT-NS Poisoning and Relay | Threat Guideline | Deloitte | ★★ |
|
2019-10-15 15:46:28 | How to market your business for the digital age: 7 key trends (lien direct) | With the rise of digital tech, preserving human connection is more important than ever, Deloitte found. | Deloitte | ||
|
2019-09-23 13:00:00 | How to justify your cybersecurity budget in 2019 (lien direct) |
It’s less expensive to prevent cyber attacks than it is to repair the damage when they happen. Companies and institutions across industries lose money from cyber attacks all the time. There are the more obvious ways like piracy, data breaches, and litigation. There are also ways that accountants can’t quite put a dollar figure on, such as reputational damage that makes customers and clientele less likely to want to buy a company’s products and services in the future.
Everything is digital these days, both on premises and in the cloud. So cybersecurity staff and security measures are things you have to spend money on. But how should your company determine how much money to budget for security? And how should your company determine how to spend it?
Photo by Fabian Blank on Unsplash
What is a typical cybersecurity budget?
While there is no one-size-fits-all answer when trying to decide what a “typical budget” looks like for cybersecurity operations, there are a few studies that have been done that can provide some insight.
A recent study by Deloitte and the Financial Services Information Sharing and Analysis Center found that financial services on average spend 10% of their IT budgets on cybersecurity. That’s approximately 0.2% to 0.9% of company revenue or $1,300 to $3,000 spent per full time employee. For a bigger picture benchmark, consider that Microsoft CEO Satya Nadella recently revealed in a statement that the tech behemoth “will invest more than $1 billion each year in cybersecurity for the foreseeable future”. Finally, it’s worth noting that the 2019 U.S. President’s budget allocated $15 billion in spending on cybersecurity, about 0.3% of the entire fiscal budget ($4.746 trillion).
And while none of these figures can clarify what a “typical” budget should look like for the average business or organization, they can at least provide a benchmark for how larger tech firms, financial service companies and governments are allocating cybersecurity spend as a percentage of overall budget.
Considerations for your cybersecurity budget
There are so many different variables and factors involved when it comes to determining your cybersecurity budget. I’ll offer you some tips which can be used as a starting point to help your company decide.
I asked Kate Brew, from AT&T Cybersecurity, to send a tweet to get views from various industry decision makers. The question was “Cybersecurity budgets come in many sizes. How does your company determine yours?” Here are some responses, which should illustrate what typical cybersecurity budgets are. Some of the responses were a bit tongue-in-cheek:
“They keep me far away from budget/financial decisions at my company but I’d like to think a d20 is involved somehow...” (I love Dungeons and Dragons references!)
“Yeah. They most often range in size from ‘miniscule,’ to ‘barely visible to the unaided eye.’”
“Pick a number and subtract that number from itself. That& |
Threat Studies | Deloitte | |
|
2019-09-10 13:59:03 | How to best handle legacy models during a digital transformation (lien direct) | Legacy models are one of the biggest obstacles in achieving digital transformation. Here's how to maneuver the task, from the CIO of Deloitte. | Deloitte | ||
 |
2019-08-24 11:10:05 | Vulnerability Found in SimpleMDM Apple Device Management Solution (lien direct) | An XML external entity (XXE) vulnerability has been found and patched in the SimpleMDM Apple device management solution, but the researcher who found the flaw and the vendor disagree on its impact. SimpleMDM is an increasingly popular mobile device management (MDM) solution used by companies such as FedEx, Deloitte and the Discovery Channel. | Vulnerability | FedEx Deloitte | |
|
2019-08-01 12:30:00 | For mid-sized enterprises to win the cybersecurity race, the game needs to change (lien direct) | Why does AT&T Cybersecurity get me so excited on behalf of the mid-sized enterprises that make up the bulk of business around the globe? Well, one example I like to share is from a bicycle manufacturer I had the pleasure of visiting a few years ago. As a cycling enthusiast myself, I know these manufacturers are true experts, with deep knowledge and passion for the businesses they run and technology they develop. Unsurprisingly, they were dismayed about the need to also become experts in cybersecurity. Even if they were experts, it still might not help. Could they really afford to follow the security blueprint defined by global banks and other elite security teams? According to a Deloitte survey, large enterprises spend thousands per employee and up to hundreds of millions of dollars per annum on cybersecurity, often deploying dozens or even hundreds of expensive and sophisticated security solutions along the way. For our bike manufacturer, it’s impossible to wade through all of the solutions on offer from the thousands of cybersecurity vendors out there. Their business is at risk through no fault of their own and the “solution” to mitigating that risk is beyond reasonable allocation of resources. Mind you, it’s not just the bicycle company in this race. There’s the contract manufacturer that actually assembles the bikes, the advertising agency that promotes them, the distributors that get them into stores and perhaps 20 other major partners and subcontractors who support the core business. And this is just one major bicycle brand! There are millions of other mid-sized enterprises around the globe with the exact same problem. Every business, including the Fortune 500, would relish the opportunity to be more efficient in cybersecurity and to put more money back into the business. But for mid-sized companies, who don’t have the same resources to protect themselves, it’s a matter of survival. Our bicycle brand should be focused on engineering the perfect machine to break a 36mph Tour de France stage speed, not on cybersecurity. This shouldn’t be something that soaks up resources and diverts attention from the core business. That’s precisely why AlienVault automated threat detection and streamlined response, and why we continue to focus on making security more accessible as AT&T Cybersecurity. What gets me excited for customers like the bicycle manufacturer is the ability to do all that and more, on a much grander scale, because of what AT&T brings to the table. With a core mission of connecting people where they live and work for more than 140 years, security is in AT&T’s DNA. Ever since there was something of value carried over a network, AT&T has been a leader—including what is now called cybersecurity. Serving more than 3 million companies globally from the smallest business to nearly all the Fortune 1000 has given AT&T unrivaled visibility into the threats and needs of business customers. And as a trusted advisor that provides countless integrated business solutions around the globe, AT&T has assembled a broad portfolio of nearly all of the leading security vendors to help in the mission. We now have the opportunity to integrate AT&T’s unparalleled threat intelligence, AlienVault’s proven strengths in automation, and the world’s best cybersecurity solutions into one unified platform that eliminates cost and complexity for millions of companies both large and small. The bicycle manufacturer can choose to use the platform to manage security themselves, outsource the work completely, or utilize a collaborative model that utilizes collective expertise and capabilities. This is enabled through the AT&T consulting and managed services teams or through | Threat Guideline | Deloitte | |
|
2019-08-01 12:00:00 | Top 10 IoT security risks for businesses (lien direct) | Organizations must adopt a security-by-design approach to best combat threats created by the Internet of Things, according to Deloitte. | Deloitte | ||
|
2019-03-14 15:53:02 | 7 tech capabilities your business needs to hit digital transformation success (lien direct) | Data mastery is among the factors vital for companies seeking successful digital transformations, according to a Deloitte report. | Deloitte | ||
|
2019-03-08 14:42:04 | Why companies ignore cybersecurity in digital transformations (lien direct) | At RSA 2019, Emily Mossburg of Deloitte explained the challenges companies face when it comes to cybersecurity. | Deloitte | ★★★★★ | |
|
2019-03-07 15:50:02 | Organizations Not Positioned for Success in Tackling Cyber Demands: Deloitte (lien direct) | Report Shows Major Disconnect Between Cybersecurity and Cyber Everywhere in Digital Transformation | Deloitte | ||
|
2019-01-22 14:44:03 | 4 ways leaders can prepare for the coming Fourth Industrial Revolution (lien direct) | Successful leaders of Industry 4.0 must be committed to doing good and aggressive in developing their workforce, according to a Deloitte report. | Guideline | Deloitte | ★★★★ |
|
2019-01-15 15:02:03 | The future of business tech: 6 trends that will define the next two decades (lien direct) | AI-driven organizations and a serverless world are two major tech trends of the future, according to Deloitte's 10th annual report. | Deloitte | ||
|
2019-01-15 14:17:00 | Why vendor security practices are causing heartburn for enterprise pros (lien direct) | High dependencies on external vendors with unclear security policies is a concern among IT professionals, according to a Deloitte report. | Deloitte | ★★★★★ | |
 |
2019-01-11 18:00:00 | Security Experts Believe Skills Gap Can Be Bridged – Deloitte Disruption Index (lien direct) | Business leaders’ confidence in the digital skills of new entrants to the workplace has improved in the last six months, according to the latest Digital Disruption Index by Big Four accountant Deloitte. A growing number of business leaders think that school leavers and graduates have the right digital skills and experience, according to the new report. Experts … The ISBuzz Post: This Post Security Experts Believe Skills Gap Can Be Bridged – Deloitte Disruption Index | Guideline | Deloitte | |
|
2019-01-07 06:05:00 | IDG Contributor Network: Managing identity and access management in uncertain times (lien direct) | If we remember one thing from 2018, it is that we are all victims now through one breach or another. Every day, we hear more news about another data breach affecting millions of users with significant financial and reputational consequences to its victims. With massive breaches like Equifax, Facebook, Deloitte, Quora and Yahoo, it is clear that breach notification services and multi-factor authentication (MFA) are not enough to prevent the next data breach headline from appearing in tomorrow's newspapers.Organizations have started thinking holistically, and rightly so, about risk and approaches to security using frameworks such as CARTA, Zero Trust, NIST SP 800 and IDSA. These frameworks offer progressive thinking and valuable approaches to modern identity strategy, but there is no one size fits all. These frameworks are akin to buying furniture from IKEA; assembly required, but with a lot more complexity and a lot more at stake. | Data Breach | Equifax Deloitte Yahoo | |
|
2018-12-13 14:08:00 | 5 ways businesses can use data science tools without hiring a data scientist (lien direct) | Companies that fail to apply data science will be at a competitive disadvantage, according to Deloitte. Here's how to take advantage of new tools, staffing models, and training strategies. | Deloitte | ★★★ | |
|
2018-12-13 13:01:01 | Context Appoints Dave Spence As Director Of Response. (lien direct) | Dave Spence has been appointed Director of Response at leading cyber security consultancy, Context Information Security. Before joining Context, Dave spent the past 10 years at Deloitte advising clients and Boards about how to best manage their technical and business cyber risks and most recently running the UK Cyber Defence team including incident response, red […] | Guideline | Deloitte | |
|
2018-12-07 15:05:01 | 7 tips for CXOs to combat cybersecurity risks in 2019 and beyond (lien direct) | This year alone saw more than 600 data breaches, yet only 25% of organizations are planning to defend against attacks, according to Deloitte. | Deloitte | ||
|
2018-11-19 14:40:04 | 71% of consumers will shop Black Friday and Cyber Monday deals. Is your business ready? (lien direct) | Customers predict they'll spend an average of $420 between Thanksgiving and Cyber Monday, according to Deloitte. | Deloitte | ★★★ | |
|
2018-10-19 01:17:00 | Cyber Wargames A Tactic Few Organisations Use To Promote Cyber Awareness – Deloitte Survey (lien direct) | It has been revealed that nearly half (46 percent) of executive-level and C-level respondents say their organisations have experienced a cybersecurity incident over the past year. With more than 1500 executives surveyed, the Deloitte poll found forty-nine percent of respondents admitting that their organisation does not conduct cyber wargaming exercises, with more than one-third (34 percent) indicating that they do not … The ISBuzz Post: This Post Cyber Wargames A Tactic Few Organisations Use To Promote Cyber Awareness – Deloitte Survey | Deloitte | ||
 |
2018-10-16 15:36:05 | ThreatList: Half of Execs Feel Unprepared to Respond to a Cyber-Incident (lien direct) | Deloitte estimates cybercrime costs to reach $6 trillion annually -- but companies still lag in preparedness. | Deloitte | ||
|
2018-09-20 14:52:05 | Why gig workers in finance will grow 88% in the next three years (lien direct) | CFOs reported use of freelance workers will skyrocket in the next few years, according to a recent Deloitte survey. Here's what the future of finance looks like. | Deloitte | ||
|
2018-08-07 14:16:02 | US falls behind China in race to 5G, hurting businesses and risking economic benefits (lien direct) | A new report from Deloitte reveals the state of 5G adoption across the world, and how the US is lagging behind. | Deloitte | ||
|
2018-08-07 13:41:00 | 5 job categories AI will disrupt, and how mid-market companies are responding (lien direct) | Reskilling workers and redesigning jobs are two priorities for organizations augmenting the workforce with tech, according to a Deloitte report. | Deloitte | ||
|
2018-08-07 13:13:02 | One third of mid-market companies have no IT governance strategy: 6 tips to fix gaps (lien direct) | A lack of resources, funds, and understanding of the importance of IT governance holds companies back, according to a Deloitte report. | Deloitte | ||
|
2018-07-26 13:14:04 | 4 ways wearables can benefit your workforce (lien direct) | Smart watches, smart glasses, and exoskeletons can augment workers' abilities and increase productivity, according to a Deloitte report. | Deloitte | ★★ | |
|
2018-07-13 15:10:03 | Deloitte collaboration could make it easier to migrate SAP apps to Google Cloud (lien direct) | Deloitte, Google Cloud, and SAP have joined forces to help customers build out more comprehensive cloud strategies. | Deloitte | ||
|
2018-07-08 12:50:05 | (Déjà vu) NIST Framework Components (lien direct) | As part of Tulin’s CyberSec Series, Tulin highlights three components of NIST Framework i.e., Core, Impementation Tiers and Profiling. Tulin SevginCyber Risk Management Lead, Senior Consultant Tulin is a strategic thinker and cyber risk management specialist with experience in public and private sectors. Tulin has held senior positions with Commonwealth Bank, Westpac, Optiver and Deloitte. Whilst … The ISBuzz Post: This Post NIST Framework Components | Guideline | Deloitte | ★★ |
|
2018-06-27 14:34:03 | Deloitte\'s 5 vectors of progress prove IoT is a solid investment (lien direct) | Considerable improvements in technology are bolstering the Internet of Things (IoT), according to Deloitte, and business leaders should take notice. | Guideline | Deloitte | ★★★ |
|
2018-06-23 14:00:02 | (Déjà vu) Tulin\'s CyberSec Talk – Cyber Security Management Best Practices (lien direct) | In this video Tulin highlight the best practices to develop successful cyber security managment program. Tulin SevginCyber Risk Management Lead, Senior Consultant Tulin is a strategic thinker and cyber risk management specialist with experience in public and private sectors. Tulin has held senior positions with Commonwealth Bank, Westpac, Optiver and Deloitte. Whilst Tulin's working experience … The ISBuzz Post: This Post Tulin’s CyberSec Talk – Cyber Security Management Best Practices | Guideline | Deloitte | |
|
2018-03-29 12:10:04 | (Déjà vu) The CNN Factor Adds More Complexity to Security Operations (lien direct) | >Security Teams Need the Ability to Collaborate and Coordinate to Make Better Use of the Talent and Data They Already Have We all know that security teams are drowning in a sea of alerts, largely driven by a defense-in-depth strategy with layers of protection that aren't integrated and create a massive amount of logs and events. If you need further evidence, Cisco's 2018 Annual Cybersecurity Report (PDF) found that among organizations using 50+ vendors, 55 percent say orchestrating security alerts is very challenging and for those with 21-50 vendors, 43 percent are struggling. The result? On average, 44 percent of alerts are not investigated and of those investigated and deemed legitimate, nearly half (49 percent) go un-remediated! Compound that reality with the “CNN Factor” – global cyberattacks that garner widespread interest and trigger calls from management – and you've got a situation that is quickly becoming untenable. It isn't sufficient for security teams to prevent, detect and respond to attacks. Security teams also must be able to proactively investigate and understand what the latest, large-scale cyber campaign means to their organization. Yet Cisco's study finds, “One reason [alerts go un-remediated] appears to be the lack of headcount and trained personnel who can facilitate the demand to investigate all alerts.” So how can security teams handle the fallout from the headlines along with their daily list of “to-dos?” They need a force multiplier – the ability to collaborate and coordinate to make better use of the talent and data they already have. This will not only help them respond more effectively and efficiently to alerts, but also address the inevitable flurry of questions every time a large-scale attack happens and take action as needed. Collaborate. It isn't just security tools that are siloed, security teams typically operate in silos as well and that includes all the members of your threat intelligence program – threat intelligence analysts, security operations centers (SOCs) and incident handlers, to name a few. When one team member researches an event or alert and doesn't find information that is relevant to them, they tend to put that information aside and move on to the next task. But what if someone else in threat operations, conducting a separate investigation, could have benefitted from that work? Without the ability to collaborate as part of the workflow, key commonalities are missed so investigations take longer or hit a dead end. What's needed is a single, shared environment that fuses together threat data, evidence and users, so that all team members involved in the inve | Guideline | Deloitte | |
|
2018-03-14 15:42:02 | The Value of Threat Intelligence is Clear, But Are You Capturing It All? (lien direct) | Take Relevance Into Account When Analyzing Threat Data Parents are nervous. High school seniors are nervous. It's that time of year again when college decision letters and emails start to arrive. We all know there's tremendous value in education, and a college degree is a pre-requisite for many career paths. But which school is the best fit? Will your child get the most value possible from his or her college experience? For each student, what defines and drives value from the college experience is different. It may be studying in an environment where they feel comfortable and can thrive; attending a university that offers a major in a field they want to pursue; having an opportunity to play the sport they love and excel in; or any number and combination of factors. Likewise, we all know there is tremendous value in threat intelligence, and various factors come into play to create value. The recent SANS 2018 Cyber Threat Intelligence Survey (PDF) finds 81% of cybersecurity professionals affirm that threat intelligence is providing value and helping them do their jobs better. The millions of threat-focused data points available, the many sources of global threat data we subscribe to, and the internal threat and event data from our layers of defense and SIEMs provide a significant amount of threat intelligence. But are we capturing all the value we can to truly strengthen our defenses and accelerate detection and response? As I've said before, not all threat intelligence is equal. Threat intelligence that is of value to your organization, may not be of value to another. How do you get the most value from your threat intelligence? It comes down to relevance, and that's determined by your industry/geography, your environment and your skills/capabilities. Industry/Geography. Threat data focused on attacks and vulnerabilities specific to your industry and geography is much more relevant than generic data that includes threats that target a specific sector and/or region you are not in. External threat feeds such as those from national/governmental Computer Emergency Response Teams (CERTs) and Information Sharing and Analysis Centers (ISACs) organized by industry, can prove useful. Complementing the data in your central repository with data from these types of sources can help reduce noise and allow you to focus on threats occurring locally in your sector. Environment. Depending on your environment or infrastructure, some indicators are more relevant than others. For example, if your workforce is highly distributed and endpoint protection is key, hashes are important because they enable you to detect malicious files on those devices. On the network, domain names and IPs are more relevant indicators allowing you to track suspicious traffic. To get the most value from your threat intelligence, you need tools that aggregate indicators in a c | Guideline | Deloitte | |
 |
2018-03-09 08:00:03 | RGPD : J -100 où en sommes-nous ? (lien direct) |  Le 15 novembre dernier, Mailjet, leader européen du pilotage d'emails marketing et transactionnels et ses partenaires (Taj-Deloitte, Les Echos, Generali, AFNOR et PeopleDoc) organisaient le premier grand événement dédié au RGPD (Règlement Général sur la Protection des Données) à Paris. |
Guideline | Deloitte |
To see everything:
Our RSS (filtrered)
