Cyber Security Hub

Preparing For Battle: Building An Incident Response Plan

In this age of rapidly evolving IT and emerging cyber threats, any organization that interfaces with sensitive data needs to detect and respond quickly to security incidents. While outside experts can help, seeking external help only during a critical time of need is a risky strategy.

A well-crafted incident response (IR) plan will help your organization perform at its best by preparing for the worst. That’s because an incident response plan serves as your master blueprint when navigating the challenges of a serious infosec incident.

Download the full ebook, "Preparing For Battle: Building An Incident Response Plan," to learn:

The foundational concepts of crafting an incident response plan prior to an attack.

The design principles for processes that cater to different degrees of escalation in a security event.

Best practices in training your organizational stakeholders to respond efficiently and effectively.

Every single individual within the enterprise is the most important factor in responding to an incident. Start your journey to building a plan that serves as a master blueprint for navigating the challenges of a serious InfoSec incident.

Cyber Security Mid-Year Snapshot 2019

Cyber Security Hub fielded a survey to subscribers in May 2019 to benchmark what has happened so far in the first six months of the year and what is expected in the next six. This mid-year checkpoint is a follow-up to the previously fielded survey that took place in November 2018. Here, we compare the survey responses from both results to reveal what cyber security professionals thought they would focus on for the year, versus what really happened first half of 2019.

With the U.S. Presidential Election around the corner, and the many headlines covering data breaches and cyber attacks among other newsworthy incidents, this mid-year data revealed some interesting insights including:

The overall sentiment remains positive, while threats continue to evolve.

Cyber security budgets have already increased first half of the year, and don't show signs of slowing down.

Data privacy legislation and compliance are becoming the norm for enterprises.

Security awareness and training still continue to be a top priority for enterprises now and going into the new year.

Strengthen Your Security Strategy By Understanding Human Emotion

No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.

Join Perry Carpenter, Chief Evangelist and Strategy Officer for KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by oily car dealers to sophisticated social engineering and online scams. Additionally, we'll look at how to ethically use the very same levers when educating our users.

Key Takeaways:

The perception vs. reality dilemma

Understanding the OODA (Observe, Orient, Decide, Act) loop

How social engineers and scam artists achieve their goals by subverting the OODA loop's different components

How we can defend ourselves and our organizations

A Guide To Protecting The End User

Enterprises are spending more than ever on cyber security solutions and services and are getting less value from it as cyber attacks are still getting through multiple lines of defense and sensitive information keeps falling into the wrong hands (as demonstrated by the data breaches that keep making headlines).

While traditional cyber security models were built for an earlier era — when the prevailing security model was to lock down the perimeter and deal with threats after they got through — the adversary now is constantly growing and evolving requiring organizations to keep up. It’s time for a fundamental rethink.

This guide, “Protecting The End User”, explores how you can focus your strategy on protecting people rather than the old perimeter by outlining the foundational elements of security in the modern era, including:

How to access users’ risk by weighing their vulnerability, attacks and account privileges.

A real-life account of a cloud account compromise that netted millions for attackers – with no malware needed.  

How to mitigate end-user risks through a blueprint for people-centric protection.

Heading into the 2020 U.S. presidential election pre-season, the U.S. government as been — and will continue to be — squarely focused on cyber security and defending against nation-state hacks and influence.

Especially on the heels of the recent government shutdown, the impact on the cyber security community was certainly felt. Democrats are already making election security a campaign issue for the next election pushing their Republication counterparts with the need to be more aggressive on their security stance as well. And so, when speaking on this topic you must first address the big four Nation-States: namely Russia, China, Iran and North Korea.

Download the full report for more on:

Regulatory overview including GDPR and CCPA.

Risk and threat predictions including malicious insiders, MSPs and cloud containers.

How to defend yourself and defend the enterprise.

“To put it all in perspective, the WEF2019 global risk report estimates that cyber attacks will do more damage ... than man-made environmental disasters and infectious disease, about the same amount of damage as ecosystem collapse, and just a little less than natural disasters and water crises in the coming year.” Read the full report and learn how to incorporate the best defense strategy for your needs

Cyber security is a holistic exercise that depends on the efforts of the security team, including CISOs, CSOs, VPs of Information Security, along with other lines of business (LOB). Critical security information must be passed along the proper channels – outward to the employee base and upward to the C-Suite and board of directors. That means everyone must have a knowledge base around cyber security. This doesn’t mean they must be technical wizards, but awareness could be key in preventing a pervasive cyber-attack.

This report examines security awareness efforts, and the advocates in place in the enterprise to see these initiatives through. What is the state of security advocacy? Have awareness campaigns gained traction in the past year?

In this month’s full market report, Security Advocacy: A Must for Today’s Enterprise,you will learn:

The state of security advocacy and why it’s so important now.

How to overcome the challenges surrounding security awareness such as negative perceptions.

Fundamental best practices that will bring immeasurable benefits for the long term.

Be sure to check out the full Market Report, and start your journey to a successful cyber security awareness strategy.

In 2013, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cyber Security, which called for the development of a voluntary, risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable, performance-based, and cost-effective.” The CSF was developed through an international partnership of small and large organizations, including owners and operators of the nation’s critical infrastructure, with leadership by the National Institute of Standards and Technology (NIST). President Trump went one step further and issued EO 13800 in 2017, Strengthening the Cyber Security of Federal Networks and Critical Infrastructure, and made the framework created by Obama’s order part of federal government policy.

There are several books, guides, and consultants available on the topic of technical implementation of the NIST CSF. However, this report serves to educate and inform business leaders (private enterprise, government, and non-profits) about the need for a prioritized, flexible, repeatable, performance-based, and cost-effective framework for critical infrastructure cyber security.

Download the full report “Implementing A Risk-Base Cyber Security Framework”and you will learn:

How to standardize the control framework to drive enterprise value.

How to provide a common language and systematic methodology for managing cyber security risk.

Why the NIST Cyber Security Framework is the go-to standard for security practices and development.

Plus, hear from key analysts and executives providing real-world commentary and examples on NIST CSF clarity, readiness and buy-in for business security leaders.

Even with all the attention phishing scams have received, these cyber attacks are on the rise – and becoming more sophisticated. Email continues to be the go-to method for distributing malware – 92.4% of malware is delivered through email, according to Verizon’s 2018 Data Breach Investigation Report.

Better protection from targeted phishing attacks remains the most critical inbound protection capability of a secure email gateway for 96% of respondents to a Gartner survey.

No industry, it seems, is immune. This white paper will look at why phishing is becoming more prevalent, the different types of phishing, how to identify a phishing email and how you can keep your business safe. Readers will learn:

6 types of phishing attacks that enterprises and individuals should be aware of.

8 ways to identify some of the most common phishing email attacks.

How to reduce the likelihood of a potential attack, as well as how to protect the enterprise from the impact of a successful phishing attack.

Download The Phishing Phenomenon, for more information on how to keep your head above water with this multi-layered approach.

Incident Of The Week: Massive 'Collection #1' Data Breach Exposes 773 Million Emails

Some 773 million email addresses and nearly 22 million passwords have been leaked and distributed in a folder dubbed "Collection #1," on the MEGA cloud service, according to security blogger Troy Hunt.

This translates to more than 87 GB of data, said Hunt, who also works as a regional director at Microsoft. He said he cleaned up the data, which was built up from numerous data breaches, allegedly from thousands of sources dating back to 2008, Mashable reported. Hunt said he then loaded it onto his free breach notification site Have I Been Pwned (HIBP).

The data has since been removed from MEGA.

Hunt said he too, has been a victim of data breaches. "Like many of you reading this, I've been in multiple data breaches before which have resulted in my email addresses and yes, my passwords, circulating in public," Hunt wrote. "Fortunately, only passwords that are no longer in use, but I still feel the same sense of dismay that many people reading this will when I see them pop up again."

The data includes "dehashed" passwords that Hunt said "have been cracked and converted back to plain text." This makes them easy to use instead of them being cryptographically hashed as they often are when sites are breached, according to Forbes.

After receiving a tip from one of his contacts, Hunt found the "data was being socialized" on a popular hacking forum.

This is yet another breach of proportions that were unimaginable only a few years ago, Stan Lowe, global CISO of Zscaler, told SC Magazine.

How To Build A Third-Party Risk Management Program

As businesses have grown from self-contained entities to broader digital ecosystems, they have started outsourcing more and more processes to increase their effectiveness and efficiencies. But they haven’t always paid attention to where their data is going and who has access to it, which is why third-party risk management is becoming increasingly important.

Third-party cyber risk management was the topic of Monday night’s episode 66 of Task Force Radio, and it is “a massive point of exposure that has not been paid attention to [and] has been more of a compliance afterthought, at best,” said Fred Kneip, the CEO of CyberGRX, a third-party risk management firm. Kneip and Scott Schneider, the company’s chief revenue officer, were the guests of host George Rettas, president and CEO of Task Force 7 Radio and Task Force 7 Technologies.

Yet, 60% to 70% of breaches today involve a third party, according to Kneip, so now people are now paying closer attention to the data they outsource.

“We've had conversations with many companies [that] don't even know who [their] third parties are,’’ Kneip said.

Why third-party risk management is important now

Most organizations are starting to realize that third parties “represent the area between potentially the easiest attack vector and the most prehistoric defense mechanism of spreadsheets and share points and other manual processes,’’ said Schneider. This has created a “resource challenge” for almost every company using a growing system of third parties, he said.

9 Cyber Security Priorities For 2019

Latest survey reveals top-of-mind focus areas for cyber security professionals

Cyber Security Hub recently fielded a survey to its subscribers, which revealed 9 top-of-mind challenges, trends and focus areas for cyber security professionals to tackle in 2019.

From enterprise strategy to awareness to hackers to IoT and more — here is a snapshot of the survey results providing a quick glimpse into the state of cyber security.  

Cyber Security is Strategically Important to the Enterprise: Cyber must be integrated into the corporate culture and be operationalized in all facets of the organization. Don’t treat Security and Data Privacy as a business unit or a department.

Awareness and Education Across the Organization: “Security awareness doesn’t have a user manual,” writes LogMeIn product marketing manager Leah Bachmann. There is no magic recipe to get fellow employees smarter on security, though every day is a good day to keep your company and its data more secure using themes, memes, and compassion for human behavior.

Staffing and Skills Training: “By 2021, there will be more unfilled cyber security jobs than the total population of Iowa, and there are currently more job openings for CISSP certification holders than CISSPs,” observes Kayne McGladrey, Director of Security and IT for Pensar Development. However, the biggest issue around staffing in cyber security may be finding people who truly have the passion and skills to be in the specialization.

2018 Cyber Breaches Review: Facebook Tops The List

As data breaches go, 2018 did not disappoint. While the year kicked off with the discovery of the Meltdown and Spectre viruses at the beginning of January, 2018 will be remembered as the year a dark shadow was cast over Facebook for having to announce not one…not two, but three breaches.

On March 17th, British political consulting firm Cambridge Analytica was exposed by the Guardian and The New York Times for harvesting the data of at least 87 million Facebook users without their knowledge after people participated in a quiz app. Cambridge Analytica sold the data to the Trump presidential campaign, which used it to target Facebook users with ads during the 2016 race.

But 87 million didn’t take the quiz—several hundred thousand did, noted Fast Company. The quiz app exposed a flaw in a Facebook API that allowed it to grab data not only from the people who took the quiz, but all their friends as well.

Then Facebook suffered a major data breach that was revealed in September, exposing the data of 50 million user accounts, including when they were born and their relationship status. Last week, the company disclosed the photos of 6.8 million users had been exposed, and Facebook could now face a multi-billion dollar fine for failing to comply with the EU’s GDPR.

Facebook is not having a good week. For the second time in three months, the social media company announced it suffered a data breach, most recently, exposing photos from up to 6.8 million users. As a result, Facebook could be facing a multi-billion dollar fine for failing to comply with the EU’s GDPR.

The Irish Data Protection Commission, which oversees Facebook’s compliance with the European law, told CNN it has launched a “statutory inquiry” into Facebook. The news comes after Facebook announced in September that it suffered its largest ever security breach when hackers accessed the personal information of tens of millions of Facebook users.

The General Data Protection Regulation (GDPR) went into effect last May, and because Facebook’s European headquarters is in Dublin, it is required under the regulation to inform the Irish data regulator of a breach within 72 hours. The bug that exposed the photos occurred over a 12-day period in September, but Facebook didn’t notify the European regulator of the breach until Nov. 22nd, according to the company.

In this first ever Global Password Security Report, the true state of corporate password security around the world is uncovered. Data from more than 43,000 businesses has been analyzed and aggregated to bring IT professionals a password security benchmark.

In this report, not only are password behaviors in the workplace revealed, a benchmark that businesses can use to measure progress when investing in password management has been created. By showing averages for companies big and small, the goal is to help IT professionals understand where their company ranks, and how to make impactful changes.

IT and security professionals can use the benchmark scores presented in this report to understand password hygiene in businesses around the world, and to chart a better course to make significant improvements in password security in their organizations.

Cyber attacks have grown in intensity and frequency in recent years. More enterprises have been tasked with strict defense over their networks. This comes as top-tier companies stave off unyielding cyber crooks who seek to make off which a huge cache.

As more enterprises dig deeper into cyber security – knowing their security framework and different vulnerabilities – the industry has further solidified itself as both indispensable and vital to day-to-day operations. So what’s coming to cyber security in 2019?

Cyber Security Hub’s fielded a survey in October 2018 to our audience. This report combines both quantitative and qualitative data for a look at our readers’ views on these pressing questions and more:

• What is the most dangerous threat vector?

• What is the one area of cyber security that needs to change the most in 2019?

• Will mobile devices pose a greater threat in 2019?

• Where will cyber dollars be allocated in the new year?

Sources: China May Have Sponsored Massive Cyberattack on Marriott

Chinese hackers may have been involved in the massive breachreported last week by Marriott’s Starwood division, according to Reuters. Hacking tools, techniques and procedures used in earlier cyberattacks were discovered by private investigators looking into the breach of the hotel conglomerate’s reservation system.

The personal data of up to 500 million guests was stolen in the hack, which began four years ago.

The revelation suggests the possibility that the attack on Marriott’s reservation system was orchestrated for use in Beijing’s espionage efforts and not for financial purposes, sources told Reuters. However, even while China has emerged as the lead suspect in the attack, other parties had access to the same tools, so it is possible someone else was involved, the news agency said.

A source also told Reuters that it will be difficult to identify who the culprit is because investigators believe multiple hacking groups may have simultaneously infiltrated Starwood’s computer networks since 2014.

A Rapid and Robust Incident Response Plan is Vital

A lot of things can go wrong when you respond to a cyber incident, so it is vital that you have a plan of action in order to mitigate and deal with any damage. As Tim Stiller outlines in his online webinar, How Robust (and Rapid) is Your Incident Response Plan (available to view here) incident response can be a challenge, but to be successful teams need to take an organized and coordinated approach with 6 core steps.

The specific elements of an incident response plan will differ depending on the company and the incident, but all plans must be built on the foundation that your response teams can develop the muscle memory to deal with a threat, no matter its size and scope, in an efficient and timely manner, ensuring that dwell time is kept to a minimum and proactiveness is encouraged.

RECOMMENDED: Threat Intel Tools Take Enterprises Away From ‘Reactive’ Posture During the investigation response phase, your company doesn’t have the time to formulate a plan – your teams should already know who to engage, what technology to use and what steps to take. Without having a playbook or plan in place, your investigation response procedures will fall short and you will miss critical pieces of data that will help you prepare for the next attack.

Here is a rundown of the core pillars of an incident response plan:

Preparation

The first step is preparation and this stage is centered on people, process and technology – and knowing what you have in place already, including contacts lists for internal and external stakeholders.

You should have a list that accounts for systems, software and processes involved in the following key areas of preparation:

Endpoint – This can include any antivirus or HIPS systems you have in place and generally any software solutions.

Network – Network preparation includes email security and perimeter documentation.

Log management – In addition to log retention, this area also pertains to log review and how this interacts with your alerts platform to enable an investigation.

Policy – The policy area includes data collection and preservation.

The core takeaway from the preparation stage is to document what you have in order to become familiar with your capabilities and the value of each individual component. Not only is this a core element of incident response, but it will also give you’re the opportunity to improve processes over time if they’re not working, and it will give you more data adequately map maturity, identify gaps and pain points.

Incident response teams must develop the muscle memory to deal with a threat, no matter its size and scope

In addition, it is imperative to define what the critical business assets are in order to discern a better grasp on the estimated impact of a breach. For example, if you have helpdesk you need to have its uses defined in a holistic document that details the sum of each part of an incident response.