Posts

7 Cybersecurity Steps to Combat Hactivist Attacks

7 Steps to Combat Hactivist AttacksComing in somewhere around 20% of all cyber-attacks, hacktivism is on the rise, and nobody is safe. Just ask big names Sony Pictures, JP Morgan Chase and the American Broadcasting Network, all of whom have become victims of these socially motivated crimes. And given the emotionally charged political state in both the US and around the world, it’s only logical to assume this number will continue to climb.

So how can you protect your organization from a potential hacktivist attack? Here are seven proactive measures you can start taking today for a stronger defense tomorrow.

Don’t poke the bear.

Many hacktivist-driven cybersecurity attacks are inadvertently provoked by news that is released by the target, such as a press release, website content or social media post. Be mindful of the types of announcements and news you’re sharing to ensure none of the information contained within could be erroneously perceived as a threat or challenge to your would-be attackers.

Make sure your defense strategy is up to par.

It’s been said time and time again that the best defense is a good offense, and this is certainly true when it comes to cybersecurity – including hacktivism. You should be regularly auditing your monitoring systems and employing the best available automated incident response platform if you want to prevent potential breaches.

Secure your accounts.

Many hacktivism attacks occur when criminals obtain unauthorized access to a company’s systems and accounts, particularly social media profiles. The damage that can be done if someone unsavory were to take over your social accounts could be potentially devastating. Fortify your security measures by using strong passwords and requiring two-factor authentication.

Have a solid IR plan at the ready.

Beyond incident response from a technology standpoint, hacktivism adds a layer of complication in that it requires a more public-facing response than other types of cybersecurity issues. While the hope is you’ll never fall victim, the reality is there’s a good chance you will, so be prepared from a corporate communications/public relations standpoint. The quicker and more confidently you can respond, the less chance of serious fallout occurring.

Be forthcoming with affected parties.

Nobody wants to have to tell another business or group of customers that their sensitive data has been compromised – especially if it’s due to a misstep on your part, but having difficult conversations in light of a hacktivism attack is a necessary evil. In the event of a cybersecurity breach, confirm all the facts as quickly and accurately as possible, then develop a remediation strategy that can be immediately communicated to customers and partners that have been affected. The sooner you work to get things under control, the better.

Learn from your mistakes.

If you have become a victim of a hacktivist attack, you can take a negative situation and turn it into a positive by analyzing how your IR and remediation process actually played out. This can allow you to identify areas where improvements can and should be made and enable the development of best practices for dealing with such incidents in the future.

Be vigilant.

Last but not least, keep your ear to the ground and your fingers on the pulse of what’s happening in the world around you – particularly as your business pertains to things. Being alert and vigilant can help you recognize and proactively protect against potential risks.

Hacktivist attacks are increasing in both number and complexity. If you haven’t yet taken the right steps to strengthen your defense, you could be placing your organization in harm’s way. Check out these top 5 cybersecurity playbooks that you can employ and start automating your way to a safer company.



How to Get Critical Systems Back Online in Minutes




How to Calculate the ROI of Cybersecurity Threat Defense

security-info-watch

Article originally published on Security Info Watch

As any executive knows, keeping a close watch on the bottom line is a critical element of ongoing success. For CIOs, CTOs and CISOs, finding a way to keep costs down while maximizing protection against potential security breaches is a familiar struggle. The difficulty often lies in the paradox that exists when one is essentially investing in something that has not yet occurred. Further complicating matters is the fact that many organizations are employing a complex multitude of systems, applications and defense mechanisms which can make establishing quantifiable return-on-investment (ROI) a prohibitive undertaking.

Yet, the potential financial impact a successful breach can have certainly justifies the upfront and ongoing expense required to adequately prevent one from occurring. One only needs to peruse the headlines to see evidence of how costly a security incident can be – both monetarily as well as reputation-wise. More importantly, it’s becoming increasingly evident that no one is safe from becoming a victim of today’s sophisticated online hackers. Businesses of every shape, size and industry would be wise to take heed and put the appropriate measures in place to keep their networks and sensitive data safe from harm.

So how, then, can one effectively capture the return on this important if not essential investment? Despite the countless news articles and leading experts predicting the steady and ongoing increase in amount and complexity of criminal activity online, many key decision makers still insist on seeing real, measurable results in order to justify the value of having an established, solid threat detection plan in place. The good news is, with the right strategy, calculating and communicating this ROI is entirely possible.

Start with the Basics

Before you can adequately assess ROI, you need to have a clear and documented understanding of all of the costs and benefits associated with your threat defense strategy. First there are the costs involved in the overall cybersecurity plan you have in place (i.e. monitoring systems, incident response software, IT security personnel, etc.). These expenses are easily measurable, but if you’re not contrasting them with the right information, they can easily scare away even the most open-minded board member.

To balance your expenditure properly, the next calculation will likely be a little bit more abstract. That is, you’ll need to identify and capture, as accurately as possible, the costs associated with a security compromise. For instance, the following factors can and often do influence cost:

  • Percentage of incidents that lead to an actual breach
  • Percentage of threats that are major incidents
  • Average cost of a major incident
  • Percentage of threats that result in minor incidents
  • Average cost of a minor incident
  • Average annual growth of security threats and incidents

At an organizational level, there are additional factors that must also be accounted for. Ideally, these numbers would be captured prior to implementing a comprehensive threat management strategy, as this will allow you to more closely measure the additional savings achieved by the new strategy, whether it’s adopting better software, deploying automation technology, or some combination of these.

By way of example, these calculations might look something like this:

  • Average number of incidents per day
  • Number of incidents being addressed daily using current resources
  • Gap between addressed and unaddressed incidents
  • Number of incidents addressed daily using new incident management strategy

The figures obtained from these calculations will allow you to pinpoint or at least approximate the amount of money a potential security breach could cost your organization. With that number in hand, the savings achievable by avoiding those financial implications can be determined.

Delving Deeper

Another important thing to point out is that the ROI of good threat defense stretches far beyond the basics covered above. Recognizing these additional benefits can help strengthen and solidify a case for enhanced incident management. One area upon which many fail to capitalize, particularly in terms of justifying potential savings, is in the incident response realm. Far too often, the focus lies squarely on prevention, when in reality it’s the remediation that can truly quantify the return.

The truth is, when it comes to security breaches, it’s quite often not the actual incident that has the greatest impact, but rather the time it takes to identify, isolate and resolve the issue before it has a chance to cause further damage. This mean time to resolution (MTTR) is where the true value of threat intelligence lies.

According to recent reports, the majority of organizations today find out about a security breach by an external third party, such as their bank or a government body. The time it takes to identify said compromise averages somewhere around 320 days. For breaches that are detected internally, this number drops to around 56 days, which is still a significant amount of time to allow a successful incident – and the hackers behind it – to have a field day with your network, systems and sensitive data.

Complicating matters is the speed with which a compromise can occur. One recent industry report indicates that more than 80 percent of cybersecurity breaches happen in mere minutes. The vast canyon between compromise and detection is alarming to say the least and that’s not even taking into consideration the amount of time it takes to actually recover once a security incident is discovered.

It is estimated that about 60 percent of MTTR is spent determining the root-cause of the actual problem. The rest is spent mitigating damages and working to achieve a complete resolution. When system outages or any type of downtime is included in this process, you should increase the cost of compromise accordingly.

The Value of Reducing MTTR

With the right technology – such as IT automation – a significant savings can be realized in MTTR alone. Calculating this savings involves a two-step process. Start by determining the total yearly cost of incidents by applying the following formula:

Number of Monthly Incidents X Time to Resolve Each Incident X Cost of Personnel Per Hour X 12 months = Annual Cost of Incidents

Keep in mind that the type and severity of incidents will vary, so you may wish to use this formula to determine the cost associated with each incident priority level. In other words, your priority one (P1) incidents will have a different resolution time and associated cost than that of P2 and P3 incidents. Additionally, the costs associated with support personnel may also vary based on level and skillset. For instance, P1 incidents might require the expertise of both L1 and L2 teams, so calculate accordingly.

Once you’ve determined your annual cost of incidents, the second step involves calculating your annual savings. This can be done by using the estimated percentage of reduction in resolution time that your applied technology delivers. The formula looks like this:

Annual Cost of Incidents X Reduced Time to Resolution (%) = Annual Savings

On the conservative end, some experts believe the average reduced time to resolution a good automation tool could potentially deliver hovers somewhere between 50-75 percent. That means if your annual cost of incidents is $350,000 you could potentially be saving anywhere from $175,000 – $245,000 each and every year. There aren’t too many decision makers who wouldn’t appreciate those kinds of numbers.

For the most part, today’s IT executives are fully capable of understanding the importance of investing in cybersecurity. When it comes to convincing others, however, there may be a bit more work involved. Knowing what data to take into consideration and how to transform that data into quantifiable evidence can help you better drive home the value of threat detection as not just an ancillary component of IT, but a fundamental ingredient in the ongoing safety and success of the organization as a whole.

Click here to read original article.

How to Transform Everyday Employees into Cybersecurity Pros

How to Transform Everyday Employees into Cybersecurity ProsWhen it comes to the topic of cybersecurity, the most obvious point of contact is typically the CSO (or IT department equivalent for smaller organizations). But while it’s certainly this individual’s job to spearhead the company’s protection against cyber-attacks, it’s not a responsibility that rests solely on his or her shoulders. To the contrary, considering the fact that 43% of all data breaches are caused internally, it’s becoming more evident than ever before that cybersecurity is a shared, company-wide responsibility.

Simplifying the Complex

One of the biggest hurdles IT professionals face when attempting to get non-technical employees on board with cybersecurity is the fact that it’s highly complex in nature. While this is necessary in order to effectively combat would-be attackers, it can be downright intimidating to the layperson, which can lead to resistance and lack of widespread adoption. Providing training that is easily accessible and engaging is of the utmost importance.

To build such a training program, focus on what the employees need to know in order to keep the organization safe rather than the intricate details of what a potential hack might entail. Avoid delving too deeply into muddled topics or using industry jargon to prevent further confusion.  Use training methods that are engaging, encourage retention and resonate most effectively, such as video and other dynamic eLearning courses.

Bringing Concept to Reality

There are few things that drive home the importance of a particular subject quite like real-life, hands-on experience. One of the keys to getting all employees onboard and committed to corporate-wide cybersecurity is to allow them to practice the appropriate steps in a live, albeit low-stakes environment. Bring training to the next level by having employees actually perform some of the necessary steps for achieving a stronger, safer network, such as creating stronger passwords.

Furthermore, providing real-time “in the moment” feedback can create a more personalized and therefore more effective learning experience that is much more likely to improve performance and drive home the message being delivered. The more employees work on real, actionable cybersecurity activities, the more they will be able to apply these concepts to real life situations.

Arming the Forces

Lastly, letting employees know that their efforts are backed by the best technology available can help reinforce the critical importance of cybersecurity. Monitoring systems and ongoing automated incident response should not be viewed nor treated as mere business expenses but rather an investment in the ongoing protection of sensitive company data.

The right automation and orchestration solution will not only help fortify your organizational defense, but it will also provide those in charge of IT security with valuable data about their existing workforce. This data can then be used to identify areas where additional training and education are needed.

The bottom line is that cybersecurity is not the sole responsibility of one individual or even just one team. To truly establish a strong, impenetrable defense against today’s savvy cyber criminals, everyone must contribute – from the break room to the boardroom and every role in between. The right education and a solid strategy that incorporates cutting-edge automation technology are the keys to success.

Arm your organization with a stronger, more effective defense. Download your free 30 day trial of eyeShare today.





How to Get Critical Systems Back Online in Minutes




5 Tips for Recruiting Top Cybersecurity Talent

5 Tips for Recruiting Top Cybersecurity TalentGiven the current cybersecurity landscape, it’s becoming increasingly evident how important it is for organizations to staff their IT departments with highly skilled individuals who are capable of handling the monumental task of network and data security. Unfortunately, at least for the time being, it’s largely an employee’s market, which means companies are competing fiercely to attract, court and hire from the dwindling pool of qualified candidates. Here are a few suggestions to help tip the scales in your favor.

Leverage Social Networks

Being active on social media is a given for all businesses today, but when it comes to tapping into certain talent bases, it requires a more in-depth and targeted involvement. If you want to find the best security professionals, you have to be present where they are, so look for things like online forums, discussion groups (like on LinkedIn) and anywhere else you can start or join in on conversations about the topic of cybersecurity.

Be Flexible with Your Requirements

Not every individual out there working in the thick of the cybersecurity realm is necessarily decorated with degrees and other impressive credentials. In reality, many of the most skilled and valuable security experts got to where they are today by working their way up and learning the ropes through on-the-job training. If your requirements are too stringent (i.e. only candidates with a bachelor’s or master’s degree need apply), you could very well be weeding out those with much more valuable hands-on experience.

Look In-House

If you are a larger organization, chances are you’ve already got a slew of eager entry-level IT folks waiting in the wings for an opportunity to grow and improve their skills. Investing in these up-and-comers through internal mentorship, education and ongoing training can help circumvent the process of finding and hiring top external talent and provide a leg up in the race for optimum cybersecurity defense.

Showcase Your Assets

One thing top cybersecurity pros look for in a potential employer is the tools and technologies they will ultimately have at their disposal should they choose to accept a job offer. What types of weapons have you invested in to help fortify your defense against cyber-attacks (i.e. advanced monitoring, automated incident response, etc.)? What things really set your company – specifically your IT department – apart from others? Showcase these things in your job listings and discuss them during the interview process.

Don’t Rely On Salary Alone

Sure, money is important in bringing in the big guns, but it’s not the be all and end all. While you’ll likely have to pay more for top cybersecurity talent than other IT roles, you should also be working on a solid benefits program – particularly one that values work-life balance. Demonstrate to your candidates the steps you’ve taken as an organization to ensure that IT workers won’t get burnt out, such as investing in technology that makes their jobs easier and implementing generation vacation plans that encourage time off as needed. These little perks are often what will make all the difference in deciding which offer to accept.

Building a team of highly skilled, well-prepared cybersecurity professionals may be challenging in today’s marketplace, but it’s not impossible. The five tips listed above should help you position your organization as one that offers excellent opportunities and is overall a great place to work.



eBook: 5 Reasons You Should Automate Cyber Security Incident Response




The True Costs of a Cybersecurity Breach

When reference is made to cybersecurity incidents, much of the focus remains on the overall monetary losses. Typically a general statistical figure is used (usually in the hundreds of millions) which represents the financial impact of data breaches across the globe. The problem with these facts and financial figures is that it can be difficult to apply them to one’s own business, which unfortunately leaves many companies vulnerable to continued attacks and at a much greater risk of becoming a victim.

Thankfully, Cisco recently released its Annual Cybersecurity Report, which delves much deeper to reveal the impact that a data breach from different angles; namely from the perspective of how many customers the average business is likely to lose as the result of a security compromise. The following eye-opening stats can help bring the real and growing risk of cyber-attacks into better focus and demonstrate the critical importance of implementing a strong incident response strategy.The True Costs of a Cybersecurity Breach

Consider for a moment that, according to the report, 50% of organizations that have experienced a cybersecurity breach in just the year 2016 alone faced a backlash of public scrutiny and more than 1/3 of them reported that scrutiny resulted in a hit to customer retention. As a result of losing customer trust and subsequent business, these companies realized a revenue loss of more than 20%. Additionally, the report also revealed that some 23% of organizations facing a security breach lost out on future business opportunities.

Often times it’s difficult – especially for smaller to mid-sized companies – to visualize what portion of the astronomical dollar amount that is discussed in relation to security breaches. It seems almost far-fetched to some degree. But when you think about it in terms of how many actual customers your business could potentially lose as the result of inadequate cybersecurity measures, it comes into focus.

This is important to point out because, in reality, no organization is safe from hackers. In fact, more and more cyber criminals are actually targeting smaller businesses because they feel there is a greater likelihood of success. By drilling down to reveal statistics that can be applied to companies of every size and industry, the real risks and subsequent costs of cybersecurity breaches becomes much clearer.

So, what’s the solution? Well, the first step is developing a strategy that covers all of your bases. Many businesses suffer the consequences of a successful attack not because the incident occurred, but because of the amount of time it took to finally identify and address the problem. Cisco’s report indicates that only 56% of cybersecurity alerts are actually investigated. Furthermore, less than half of legitimate incidents are properly remediated.

The problem many organizations face, and the reason these numbers continue to come in at alarming levels, is because of the gap that exists between the frequency and complexity of attacks and the skilled staff to handle them. This is where technology can truly be the differentiator. To give your business the best chance at avoiding a costly breach, there must be a closed-loop process in place that will serve to monitor all incoming alerts and automatically either remediate or escalate to the appropriate party for attention. This type of automated cybersecurity incident response serves to bridge the skills gap while simultaneously addressing the ever-evolving threat environment.

The good news is of the nearly 3,000 chief security officers and security operations leaders from 13 countries surveyed, 90% said they were actively improving on their threat defense processes and technologies.

Will your company be among those strengthening their defenses? Fortify your strategy with a force multiplier – try the Ayehu automation and orchestration platform free for 30 days and position your company on the right side of the statistical scale.





How to Get Critical Systems Back Online in Minutes




5 Cybersecurity Myths That Could Leave Your Organization Vulnerable

5 Cybersecurity Myths That Could Leave Your Organization VulnerableWhen it comes to protecting your organization from the ever-increasing, relentless onslaught of cybersecurity threats, it can be easy to wander down the wrong path. In many instances, well-intentioned but overworked and understaffed IT teams end up inadvertently placing their company at risk due to misinformation or false truths. Take a look at five of the biggest myths surrounding the topic of cybersecurity and see if you might be more vulnerable than you realize.

Myth #1 – External threats are the most dangerous.

Truth: Obviously there is a very real and very serious problem with cyber criminals today, but what many organizations fail to recognize is that internal parties are often the weakest link, whether it’s an employee who falls for a phishing email or a consultant who isn’t careful enough with network access. If you want to develop the strongest defense possible, your cybersecurity incident response plan must incorporate training, checks and balances that will keep everyone inside your company vigilant.

Myth #2 – Our patch management is sufficient enough.

Truth: You may feel your security team is at the top of their game, and they very well may be. The problem is, software and application vendors issue patches for vulnerabilities that are known. Unfortunately, there are a good number of vulnerabilities that either haven’t yet been discovered or haven’t yet been disclosed. In other words, it’s important to understand and acknowledge that despite your best efforts, you may be exposed without even realizing it. So, while patch management is certainly important, it cannot be the only component of your strategy.

Myth #3 – It’s all about prevention.

Truth: While it’s certainly critical to put the right measures in place to prevent incoming threats from being successful, it’s equally important to recognize that preventing every single attack simply isn’t possible. This is where many organizations get into trouble. They focus 100% of their efforts on monitoring and neglect the all-important step of remediation. The strongest cybersecurity incident response strategies include steps to quickly pinpoint, isolate and eradicated those attacks that manage to slip through undetected.

Myth #4 – We haven’t been compromised.

Truth: We touched on this in the previous point, but it’s so critical that it deserves its own section. The bulk of the damage that occurs due to cybersecurity incidents occurs not at the initial point of attack, but rather in the length of time it takes to realize the attack occurred. This can take days, weeks or even months. All the while, the hackers are free to wreak havoc within your network. Furthermore, in many cases, successful compromises are not even detected by the victim, but by an outside party. Being vigilant and leveraging automation technology to keep round-the-clock watch is essential.

Myth #5 – If and when we become compromised, we’ll be able to tell.

Truth: The average data breach can take up to six months before it is detected. Imagine how much damage could be done in that amount of time. That’s like giving free reign to criminals and allowing them to destroy systems, compromise applications, access and steal sensitive data and any host of other unsavory activities. Never assume that you’ll easily know when a breach occurs. Instead, operate under the assumption that you already have been and use technology to your fullest advantage to bridge the gap between human capability and the real and present dangers at hand.

Have you fallen victim to any of the above myths and misconceptions? If so, you could be inadvertently placing your organization at unnecessary risk of a serious and costly data breach. Protect your sensitive information and keep your network as safe as possible by incorporating automation technology into your cybersecurity incident response strategy. Try it free for 30 days.

Click here to download your trial.





How to Get Critical Systems Back Online in Minutes




Top 10 Cybersecurity Stories of 2016

There’s no doubt that 2016 was an eventful year, particularly on the cybersecurity front. Resourceful hackers found newer, better and more invasive ways to access the sensitive information they were after and ransomware continued to be a lucrative venture. Meanwhile, security professionals fought an uphill battle leveraging every tool and technology available to them in order to remain one step ahead of their attackers. In case you missed it, our friends over at Computer Weekly and TechTarget rounded up the ten biggest stories of the year. They were as follows: 1. C-suite executives confused about cyber-attacks … In a study that polled more than 700 executives, IBM discovered that key business leaders remain confused about the topic of cybersecurity. Despite the fact that 68 percent list security as a major concern and 75 percent believe having a comprehensive incident response plan in place is important, the reality is many execs don’t know who their true adversaries are or how to combat them. The study also highlighted the importance of key executives taking a more active role and being more engaged with CISOs. → Read more 2. National Cyber Security Centre to be UK authority on information security… The UK’s National Cyber Security Centre (NCSC) will focus on the financial sector as a top priority. The NCSC was announced as part of the government’s National Cyber Security plan for the next five years. It will ultimately become host to a “cyber force” ready to handle cyber incidents in the UK and ensure “faster and more effective responses to major attacks”. The centre will also be a unified source of advice and support for the economy, replacing the current array of bodies with a single point of contact. One of the NCSC’s first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cybersecurity more effectively. → Read more 3. Hunters: a whole breed of enterprise cyber defenders … Security leaders agree that the days of relying on security system alerts to scramble first responders to cyber-attacks are past. In the face of increasing volumes of attacks, defenders need technologies that take care of the bulk of the low-level stuff so that they can concentrate on those slipping through the net. Enter the “hunters,” a rare breed of information security analysts who sniff out traces of cyber attackers and go in pursuit, relentlessly tracking and hunting down their quarry. → Read more 4. Security should be driven by business (says Corvid’s Andrew Nanson)… According to Andrew Nanson, chief technology officer of Corvid and former cyber security adviser to Nato and the UK’s intelligence and defence agencies, information security systems driven by products are no good for business. Instead, he believes Information security should be business-driven and investments assessed for their effectiveness and business value. → Read more 5. Darktrace says business needs AI defense against AI attacks… According to Emily Orton, director of UK information security startup Darktrace, the world is entering a new era of cyber-attacks in which the integrity of data is at risk. Cyber attackers are turning to machine learning to create smarter attacks and defenders will require similar technology to detect them. There has also been an increased usage of artificial intelligence (AI) by attackers to enable highly customized attacks that can be detected only if the defenders are also using AI. → Read more 6. IoT security window is closing rapidly… According to Intel's IoT security manager, Lorie Wigle, the window of opportunity for addressing security risks in internet of things devices is closing rapidly. Industry players need to address the security of IoT devices urgently before it is too late. Equally important is the need to ensure that security can be “operationalized” in the sense that these devices must be capable of being updated and upgraded when necessary. → Read more 7. Sage data breach highlights risk of insider threats… UK-based accounting software firm Sage issued a warning to customers in the UK and Ireland, noting a recent data breach that may have compromised personal details and bank account information of employees at nearly 300 UK firms. The breach, which occurred due to unauthorized access using an internal log-in, brings to light the critical importance of addressing the risk of insider threats. → Read more 8. No endgame for cybersecurity… Two of the most valuable lessons in cybersecurity are to know your enemy and not to rely on users to be secure. According to industry veteran Mikko Hypponen, there really is no endgame when it comes to cybersecurity. Cyber attackers are continually evolving their techniques and capabilities to steal and monetize data in new ways, which means the goalposts are continually moving. Security professionals must continuously adapt at the same rate. → Read more 9. UK firms could face £122bn in data breach fines in 2018… UK businesses could face up to £122bn in penalties for data breaches when new EU legislation comes into effect in 2018, the Payment Card Industry Security Standards Council (PCI SSC) has warned. As such, The PCI Security Standards Council is urging firms to act now to avoid exponentially increased penalties under new EU data protection regulations. → Read more 10. Breaches should be on the decline by now, says infosec veteran John Walker… According to security veteran John Walker, data breaches should now be declining. A focus on the board, governance and compliance is distracting many infosec leaders from the real objective of securing data. Walker also defines a good information security leader as someone who is willing to speak out and say things no one else is willing to say, which he admits can be painful at times. → Read more What was your biggest cybersecurity takeaway from 2016? Please share in the comments below. And don’t forget to download your free trial of Ayehu security automation and orchestration platform to avoid becoming a cybersecurity victim in 2017!There’s no doubt that 2016 was an eventful year, particularly on the cybersecurity front. Resourceful hackers found newer, better and more invasive ways to access the sensitive information they were after and ransomware continued to be a lucrative venture. Meanwhile, security professionals fought an uphill battle leveraging every tool and technology available to them in order to remain one step ahead of their attackers. In case you missed it, our friends over at Computer Weekly and TechTarget rounded up the ten biggest stories of the year. They were as follows:

  1. C-suite executives confused about cyber-attacks …

In a study that polled more than 700 executives, IBM discovered that key business leaders remain confused about the topic of cybersecurity. Despite the fact that 68 percent list security as a major concern and 75 percent believe having a comprehensive incident response plan in place is important, the reality is many execs don’t know who their true adversaries are or how to combat them. The study also highlighted the importance of key executives taking a more active role and being more engaged with CISOs. → Read more

  1. National Cyber Security Centre to be UK authority on information security…

The UK’s National Cyber Security Centre (NCSC) will focus on the financial sector as a top priority. The NCSC was announced as part of the government’s National Cyber Security plan for the next five years. It will ultimately become host to a “cyber force” ready to handle cyber incidents in the UK and ensure “faster and more effective responses to major attacks”. The centre will also be a unified source of advice and support for the economy, replacing the current array of bodies with a single point of contact. One of the NCSC’s first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cybersecurity more effectively. → Read more

  1. Hunters: a whole breed of enterprise cyber defenders …

Security leaders agree that the days of relying on security system alerts to scramble first responders to cyber-attacks are past. In the face of increasing volumes of attacks, defenders need technologies that take care of the bulk of the low-level stuff so that they can concentrate on those slipping through the net. Enter the “hunters,” a rare breed of information security analysts who sniff out traces of cyber attackers and go in pursuit, relentlessly tracking and hunting down their quarry. → Read more

  1. Security should be driven by business (says Corvid’s Andrew Nanson)…

According to Andrew Nanson, chief technology officer of Corvid and former cyber security adviser to Nato and the UK’s intelligence and defence agencies, information security systems driven by products are no good for business. Instead, he believes Information security should be business-driven and investments assessed for their effectiveness and business value. → Read more

  1. Darktrace says business needs AI defense against AI attacks…

According to Emily Orton, director of UK information security startup Darktrace, the world is entering a new era of cyber-attacks in which the integrity of data is at risk. Cyber attackers are turning to machine learning to create smarter attacks and defenders will require similar technology to detect them. There has also been an increased usage of artificial intelligence (AI) by attackers to enable highly customized attacks that can be detected only if the defenders are also using AI. → Read more

  1. IoT security window is closing rapidly…

According to Intel’s IoT security manager, Lorie Wigle, the window of opportunity for addressing security risks in internet of things devices is closing rapidly. Industry players need to address the security of IoT devices urgently before it is too late. Equally important is the need to ensure that security can be “operationalized” in the sense that these devices must be capable of being updated and upgraded when necessary. → Read more

  1. Sage data breach highlights risk of insider threats…

UK-based accounting software firm Sage issued a warning to customers in the UK and Ireland, noting a recent data breach that may have compromised personal details and bank account information of employees at nearly 300 UK firms. The breach, which occurred due to unauthorized access using an internal log-in, brings to light the critical importance of addressing the risk of insider threats. → Read more

  1. No endgame for cybersecurity…

Two of the most valuable lessons in cybersecurity are to know your enemy and not to rely on users to be secure. According to industry veteran Mikko Hypponen, there really is no endgame when it comes to cybersecurity. Cyber attackers are continually evolving their techniques and capabilities to steal and monetize data in new ways, which means the goalposts are continually moving. Security professionals must continuously adapt at the same rate. → Read more

  1. UK firms could face £122bn in data breach fines in 2018…

UK businesses could face up to £122bn in penalties for data breaches when new EU legislation comes into effect in 2018, the Payment Card Industry Security Standards Council (PCI SSC) has warned. As such, The PCI Security Standards Council is urging firms to act now to avoid exponentially increased penalties under new EU data protection regulations. → Read more

  1. Breaches should be on the decline by now, says infosec veteran John Walker

According to security veteran John Walker, data breaches should now be declining. A focus on the board, governance and compliance is distracting many infosec leaders from the real objective of securing data. Walker also defines a good information security leader as someone who is willing to speak out and say things no one else is willing to say, which he admits can be painful at times. → Read more

What was your biggest cybersecurity takeaway from 2016? Please share in the comments below. And don’t forget to download your free trial of Ayehu security automation and orchestration platform to avoid becoming a cybersecurity victim in 2017!



How to Get Critical Systems Back Online in Minutes




5 More Cybersecurity Predictions for 2017 – Part 2

5 More Cybersecurity Predictions for 2017 – Part 2Yesterday we shared five of our predictions for how we believe cybersecurity will play out over the next 12 months. Today we’re putting together a handful more that we feel deserve honorable mention. Planning ahead is a huge part of keeping your organization protected from cyber threats and potential breaches. By having an idea what to expect, you can better strategize your defense so that you’re ready to take on anything that comes your way. With that said, here are five more cybersecurity predictions for 2017.

  1. Open source vulnerabilities. Over the past decade or more, open source has become a much more widely used development tool, even being embraced by such big names as Google and Facebook. But as this adoption continues to grow, we can expect the threat of hackers to also increase, as these criminals have discovered that applications are a potential point of entry for many organizations’ networks. Companies – especially those embracing the IoT – must do a better job of managing and keeping code secure and staying up to date on all patches. Otherwise, they will likely be targeted in 2017.
  2. Over-trust in insurance. Despite spending a ton of money and investing endless time and resources into fortifying cybersecurity defenses, many companies continue to experience breaches. As such, there has been a marked shift toward purchasing insurance in an attempt to mitigate potential damages. It should be known, however, that while many insurers will certainly issue policies, they won’t necessarily be dishing out money for claims very easily. Some will cut back or eliminate their cyber liability coverage altogether. The best way to limit damages from cyber-attacks is to invest in technology that will improve detection and incident response/remediation.
  3. Threats increase in volume and complexity. With the rise of advanced persistent threats (APTs), it’s hard for some to fathom how these risks could possibly increase, but all indications are that this will, indeed, be the case over the coming months. Even small businesses won’t be safe against the onslaught of incoming cyber-attacks. To prevent potential breaches, companies must employ advanced cybersecurity technology, such as automation, that can effectively match what the hackers are using and provide round-the-clock protection without the need for human intervention.
  4. Ransomware continues to grow. In 2016, the world saw a massive increase in viruses dubbed ransomware, which is basically a malware that infiltrates and locks up critical files, applications and systems unless and until the victim pays a “ransom.” Unfortunately, experts are predicting that these threats will only continue to grow and get worse in the New Year. The best way to defend against these inevitable attacks is to employ the use of cybersecurity playbooks, which automatically pinpoint, isolate and eradicate the problem. And, of course, always backing up critical data is also strongly recommended.
  5. Cybersecurity will become a competitive advantage. More widespread adoption of cybersecurity technology and best practices will be driven by the fact that organizations of every size and industry can no longer ignore the impact and likelihood of cyber-attacks. Likewise, consumers and business leaders also recognize the critical importance of data security when choosing B2C and B2B commerce relationships. Those that are forward-thinking and make cybersecurity a top priority will ultimately be the ones that emerge victorious over others in their respective marketplaces. In other words, 2017 will be a starting point in which data protection will become a competitive selling point.

Are you doing enough to protect your organization against these and other potential security threats? Download your free 30 day trial of the Ayehu security automation and orchestration platform and fortify your defense before it’s too late.



How to Get Critical Systems Back Online in Minutes




5 Cybersecurity Predictions for 2017 – Part 1

5 Cybersecurity Predictions for 2017 – Part 1It’s virtually impossible to accurately predict everything that can and probably will happen in the realm of cybersecurity over the next year. Today’s hackers are a whole new breed. They are constantly scheming, plotting, looking for new vulnerabilities to exploit and improving their tactics to achieve their desired results. But while these sophisticated criminals will certainly give security experts a run for their money, there are a few things we believe we can expect to occur over the next six to twelve months. In the first of a two part series, here are five cybersecurity predictions to keep in mind as we head into 2017.

  1. IoT security takes a front row seat. As more and more organizations and individuals alike are adopting smart, connected technology, more doors will be opened for potential security breaches. That means everything from consumer devices, like smart watches, to the plethora of intuitive devices being used throughout offices across the globe will become even more of a focal point for hackers in 2017. Cybersecurity pros will need to pay close attention to keeping these ports of entry safeguarded.
  2. A move to greater cloud adoption. In years past, organizations that were most vulnerable to cyber-attacks, such as those in the financial industry, have been leery about adopting cloud technology. But as newer, stronger and more enhanced compliance, regulations and security features have been rolled out, more of these institutions and companies will begin making the shift. Additionally, more organizations will begin allowing the increased use of connected devices within their networks in conjunction with cloud solutions. As such, a renewed focus on developing and implementing stronger cybersecurity methods to address the increase in vulnerabilities will be equally important.
  3. Greater government involvement. In the US as well as other major countries around the world, it’s become abundantly clear that the topic of cybersecurity isn’t just about corporate network breaches and consumer data protection. In the wake of the fact that cyber criminals are now leveraging the internet to further their own political or social agendas (think power grid outages and water system interferences). As a result, world governments are cracking down and instituting stricter and more complex regulations surrounding cybersecurity. These changes will also affect businesses, so leaders should take note.
  4. A steady growth in insider threats. It’s no secret that one of the weakest links in corporate security lies with the employees and other “insiders,” like contractors and consultants. Unfortunately, despite this relatively widespread awareness, successful security breaches through tactics like phishing schemes and ransomware continue to rise. To combat this, organizations must reframe how they approach cybersecurity, acknowledging that the threat often lies within and investing in the appropriate safeguard measures, like employee training and automated incident response.
  5. Addressing the skills gap. While there have been recent strives made in terms of identifying cybersecurity as a critical role for up-and-coming IT scholars to focus their studies on, until these professionals officially become available, the skills gap will remain. As such, organizations must find a way to bridge this gap, whether it’s the lack of qualified experts on the market or the lack of resources necessary to employ such experts. Expect to see increased reliance on MSSPs and/or greater internal adoption of automation to help lighten this load over the coming months.

Are you prepared for these predictions? Will your organization remain secure over the coming year? Stay tuned for part two as we reveal five more cybersecurity trends that we believe will occur over the next 12 months.



eBook: 5 Reasons You Should Automate Cyber Security Incident Response




Cybersecurity Tips: 5 Ways to Guard Against Insider Threats

Cybersecurity Tips: 5 Ways to Guard Against Insider ThreatsWhen it comes to the topic of cybersecurity, most of the talk around the industry is about protecting networks and sensitive data from external forces. In reality, the threat from within an organization is equally dangerous. In fact, according to a recent report from Intel, 43 percent of all security incidents (and subsequent data loss) were caused by insiders. That means that nearly half of the risk your company is subject to will come from employees. Are you doing enough to protect against this? Here are five things you can start doing today to create stronger internal security protocols and mitigate risk.

Educate and train employees.

Do your employees truly understand what’s at stake when it comes to protecting the organization’s sensitive data? According to recent statistics, probably not. In fact, Forrester research revealed that 49 percent of knowledge workers are either unaware of or don’t understand the cybersecurity policies of the companies for which they work. And since half of all internal security breaches are caused by accident, this is a key area to focus your efforts.

Make it clear to employees that they are the first line of defense and arm them with the information and support they need to adequately fulfill this responsibility. Educating and training employees can greatly reduce the risk of vulnerabilities due to human error. Even things as simple as creating secure passwords and remembering to log out of the network whenever they leave their workstation can significantly reduce potential exposure.

Test and audit regularly.

Don’t just assume that because you’ve established and communicated clear cybersecurity protocols and educated your employees that there’s no more risk to worry about. A recent study by Forrester indicates that some 42 percent of cyberattacks are initiated by interaction with an internal party, such as a phishing, ransomware and other malware infiltration launched via a malicious email attachment. Unfortunately, cyber criminals are becoming savvier by the day, perfecting their craft by creating material that appears authentic.

Avoid becoming a victim by keeping employees well-versed and up to date on the many different tactics that hackers use and educating them on what to watch for. Then, follow up by performing regular spot-tests and audits to ensure compliance and identify areas where additional training may be warranted. Have employees take pop quizzes on security protocol, conduct routine workplace checks, and perform regular simulated email attacks.

Don’t forget third party associates.

Permanent employees aren’t the only “insiders” that can wreak havoc on an organization’s cybersecurity. Chances are there are a good number of external parties who have some type of access to the inner workings of your company, whether it’s temporary workers, contractors, consultants, vendors or someone else. These third parties effectively widen the attack surface and open additional avenues for cyber criminals to find and exploit vulnerabilities to gain unauthorized network access.

The recent publicized attacks on such big-name corporations as Home Depot and Dairy Queen were ultimately traced back to exposures that occurred with third-party suppliers. This risk can be mitigated by developing and/or strengthening security alliances with all business partners. By working together, sharing experiences and best practices, everyone will become a stronger fortification against all those attackers out there lurking in the wings, waiting to pounce on any opportunity they see.

Fight fire with fire.

You’ve probably already invested in safeguards like network access controls, firewalls, encryption and SIEM technology, but as recent history has proven, this simply isn’t always enough to keep the enemy at bay. Remember – insider accidents are responsible for half of the breaches caused by employees. That means that opening a suspicious email or clicking on a malicious link could provide hackers the foot in the door they need to access your network, systems and data.

Double down on your cybersecurity by incorporating advanced automation technology. This can serve as a force multiplier for your existing incident response strategy so that even those instances where a threat is able to penetrate the hedge of protection you’ve got in place, it can be quickly detected and isolated, thereby mitigating the damage that could potentially be done. An automation and orchestration platform like this will allow you to effective fight fire with fire for a much stronger defense.

Plan ahead for crisis management.

With the relentless number and increasing complexity of incoming attacks, the question is no longer will an organization be targeted, but when. That’s why it’s critical to have an existing plan in place that can be activated the moment a breach is discovered. Start by establishing a crisis management team that includes top leadership from each department (remember – cyber-attacks can occur anywhere, not just in IT).

Your crisis management plan should include details about what actions should be taken, how and when based on various if/then scenarios. It’s also good practice to determine in advance the level of transparency you are comfortable with following a breach. For instance, who should be informed and what information should be passed along pertaining to the incident. It’s also important to communicate with employees so they’re aware of how they should respond should they be questioned about the breach.

With insider threats making up nearly half of all successful cybersecurity breaches, the importance of protecting your organization from the inside out has never been more evident. The steps above should help you fortify your defense – both internally and externally – to keep your network and data safe from potential harm.



eBook: 5 Reasons You Should Automate Cyber Security Incident Response