Attacks/Breaches

7/7/2015
01:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail vvv
50%
50%

Twitter Chat: How To Prepare For A Cyberattack

Join the GTEC and Dark Reading Twitter chat, "Is It Possible to Prepare for a Cyber Attack?" on Wednesday, July 8 from 2-3pm EST, using the #GTECCHAT hashtag.

There's no way prevent a cyberattack. That horse left the barn a long time ago, when traditional perimeter security could no longer deter the bad guys who now merely go straight to the weakest link -- the end user.

But there are ways to prepare for a cyberattack. This seemingly fatalistic mindset is actually now considered a healthy and realistic way to look at your organization's risk of getting hacked. An obvious first step, of course, is embracing best practices, such as running updated and (fully) patched software; a layered, defense-in-depth architecture of security tools; and schooling end users on how to avoid falling for phishing or other attack lures. It's about mitigating and minimizing the damage: stopping the bad guys from sneaking out with data, for example.

And security also now encompasses incident response -- in the aftermath of an attack, what to do, who to contact, and how to report a breach publicly. That requires a written plan, tabletop exercises, executive-level buy-in, and more.

Join Dark Reading (@DarkReading) and GTEC (@GTEC) tomorrow, July 8, from 2-3pm EST, when we will drill down on this topic in a Twitter chat, "Is It Possible to Prepare for a Cyber Attack?" Bring any questions, comments, and experiences in the live online discussion. Please use the hashtag #GTECCHAT to participate in the chat.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
7/8/2015 | 7:25:15 AM
Best practices
Although I agree that for most organisations an eventual attack is inevitable, especially if you reach a certain size, I think the most important lesson is to make sure you are not the lowest hanging fruit. Unless you are being specifically targeted for some reason, chances are hackers are going to go after the easiest organisation of your type.

Just like with a zombie attack - you only really need to outrun your friends - when it comes to hacking the best first step is making sure your security is better than your neighbors. 
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Moderator
7/7/2015 | 4:45:12 PM
Perimeter security can no longer deter the bad guys
I agree that "traditional perimeter security could no longer deter the bad guys," and according to a study by Ponemon Institute, related to the recent spate of high-profile cyber attacks. According to the survey database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security. Ponemon concluded that "This is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification."

I agree that we need "a layered, defense-in-depth architecture of security tools," and "stopping the bad guys from sneaking out with data." We know that less than 14% of breaches are detected by internal security tools according to the annual international breach investigations report from Verizon.

I found great advice in a Gartner report, covering enterprise and cloud, analyzed solutions for Data Protection and Data Access Governance and the title of the report is "Market Guide for Data–Centric Audit and Protection." I recently read another interesting Gartner report, "Big Data Needs a Data-Centric Security Focus," concluding," In order to avoid security chaos, Chief Information Security Officers (CISOs) need to approach big data through a data-centric approach.

We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric.

Ulf Mattsson, CTO Protegrity
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-10743
PUBLISHED: 2019-03-23
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
CVE-2019-9947
PUBLISHED: 2019-03-23
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) follo...
CVE-2019-9948
PUBLISHED: 2019-03-23
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
CVE-2019-9945
PUBLISHED: 2019-03-23
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user...
CVE-2019-9942
PUBLISHED: 2019-03-23
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.