Attacks/Breaches
7/7/2015
01:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail vvv
50%
50%

Twitter Chat: How To Prepare For A Cyberattack

Join the GTEC and Dark Reading Twitter chat, "Is It Possible to Prepare for a Cyber Attack?" on Wednesday, July 8 from 2-3pm EST, using the #GTECCHAT hashtag.

There's no way prevent a cyberattack. That horse left the barn a long time ago, when traditional perimeter security could no longer deter the bad guys who now merely go straight to the weakest link -- the end user.

But there are ways to prepare for a cyberattack. This seemingly fatalistic mindset is actually now considered a healthy and realistic way to look at your organization's risk of getting hacked. An obvious first step, of course, is embracing best practices, such as running updated and (fully) patched software; a layered, defense-in-depth architecture of security tools; and schooling end users on how to avoid falling for phishing or other attack lures. It's about mitigating and minimizing the damage: stopping the bad guys from sneaking out with data, for example.

And security also now encompasses incident response -- in the aftermath of an attack, what to do, who to contact, and how to report a breach publicly. That requires a written plan, tabletop exercises, executive-level buy-in, and more.

Join Dark Reading (@DarkReading) and GTEC (@GTEC) tomorrow, July 8, from 2-3pm EST, when we will drill down on this topic in a Twitter chat, "Is It Possible to Prepare for a Cyber Attack?" Bring any questions, comments, and experiences in the live online discussion. Please use the hashtag #GTECCHAT to participate in the chat.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
7/8/2015 | 7:25:15 AM
Best practices
Although I agree that for most organisations an eventual attack is inevitable, especially if you reach a certain size, I think the most important lesson is to make sure you are not the lowest hanging fruit. Unless you are being specifically targeted for some reason, chances are hackers are going to go after the easiest organisation of your type.

Just like with a zombie attack - you only really need to outrun your friends - when it comes to hacking the best first step is making sure your security is better than your neighbors. 
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Moderator
7/7/2015 | 4:45:12 PM
Perimeter security can no longer deter the bad guys
I agree that "traditional perimeter security could no longer deter the bad guys," and according to a study by Ponemon Institute, related to the recent spate of high-profile cyber attacks. According to the survey database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security. Ponemon concluded that "This is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification."

I agree that we need "a layered, defense-in-depth architecture of security tools," and "stopping the bad guys from sneaking out with data." We know that less than 14% of breaches are detected by internal security tools according to the annual international breach investigations report from Verizon.

I found great advice in a Gartner report, covering enterprise and cloud, analyzed solutions for Data Protection and Data Access Governance and the title of the report is "Market Guide for Data–Centric Audit and Protection." I recently read another interesting Gartner report, "Big Data Needs a Data-Centric Security Focus," concluding," In order to avoid security chaos, Chief Information Security Officers (CISOs) need to approach big data through a data-centric approach.

We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric.

Ulf Mattsson, CTO Protegrity
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
Companies Blindly Believe They've Locked Down Users' Mobile Use
Dawn Kawamoto, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.