February 28, 2018
In today’s threat landscape, it isn’t a question of if you’ll experience an incident, but when. When a security incident strikes, you’ll need a well-prepared staff and with a battle-tested plan. A mature incident response plan keeps everyone on the same page. View our incident response webinar to learn how you can quickly contain the impact of a breach, resolve an incident, and get back to business as quickly as possible.
Devesh Panchwagh, deltarisk.com, February 22, 2018
Last week, Delta Risk hosted a webinar on the topic of “Data Breach Survival Tactics: Building Incident Response Actionable Response Plans.” Delta Risk Solutions Expert, Stephanie Ewing, and Managing Consultant, Ryan Clancy, were the presenters for this live broadcast (view the on-demand version). In response to the poll questions, “Do you have an incident response plan,” and “How often do you test your plan,” more than half the audience (56 percent) confirmed that they do indeed have an incident response plan, and 43 percent of those people test their plan annually. Conversely, 14 percent of poll responders revealed that they don’t test their plan.
Zeljka Zorz, helpnetsecurity.com, February 23, 2018
Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge.
Steve Zurier, darkreading.com, February 21, 2018
More than 60% of CEOs believe malware is the biggest threat to their organization, but just one-third of CISOs, CIOs, and CTOs agree. It’s just one data point in a new study by identity management company Centrify that shows a major disconnect on this and many other security issues between CEOs and their technical officers (TOs), which include CIOs, CTOs and CISOs. CEOs and TOs also diverged on whether they knew if their organization had experienced a breach.
Zeljka Zorz, helpnetsecurity.com, February 21, 2018
Amazon Web Services (AWS) has announced that all customers can now freely check whether their S3 buckets are leaking stored data. “Previously available only to Business and Enterprise support customers, [the S3 bucket permissions check] identifies S3 buckets that are publicly accessible due to ACLs or policies that allow read/write access for any user,” the cloud computing giant noted.
Catherine Shu, techcrunch.com, February 21, 2018
The U.S. Securities and Exchange Commission issued new guidance calling on public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack happens. The statement, which expands on previous guidance issued in 2011, also warns that corporate insiders must not trade shares when they have information about cybersecurity issues that isn’t public yet. While the commission’s five members voted unanimously to approve the guidance, both of its Democratic commissioners said it needs to take more action (the SEC as a group is non-partisan, with no more than three out of its five commissioners allowed to belong to the same party).
Inside Big Data Editorial Team, insidebigdata.com, February 26, 2018
Ultimately data science is enabling the cyber-security sector to move from assumption to facts. For the last decade the cybersecurity sector has been driven by FUD concerns – fear, uncertainty and doubt. Spend on cybersecurity was justified by the rationale that ‘if we don’t have XYZ widget then you only have yourselves to blame when bad stuff happens.” And the bad stuff is only increasing.
Matt McLaughlin, biztechmagazine.com, February 26, 2018
In decades past, chief executives in many organizations considered cybersecurity a secondary issue. As billions in costs piled up in recent years, along with blaring news headlines of massive data breaches and the ouster of top executives from global brands, security took on a new level of importance, becoming a top priority for many organizations. But even that may not be enough.
Enterprise Innovation Editors, enterpriseinnovation.net, February 26, 2018
Malware sophistication is increasing as adversaries begin to weaponize cloud services and evade detection through encryption, used as a tool to conceal command-and-control activity. To reduce adversaries’ time to operate, security professionals said they will increasingly leverage and spend more on tools that use AI and machine learning, according to the 11th Cisco 2018 Annual Cybersecurity Report (ACR). Findings from the Report show 39% of organizations are reliant on automation, 34% are reliant on machine learning, and 32% are highly reliant on AI in their battle against threats and potential threats.
Waqas Amir, hackread.com, February 23, 2018
Dark Web is a strange place where one can conduct all sorts of illegal activities including selling illegal drugs, weapons, social security numbers, documents and stolen data. Recently, the social engineering experts at breach notification website Hacked-DB discovered a massive trove of data containing login credentials of millions of users on the dark web.