Vulnerabilities / Threats
5/16/2013
12:49 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Five Things Every Organization Should Know about Detecting And Responding To Targeted Cyberattacks

Most companies continue to try to protect themselves using approaches that are years out of date, according to a new how-to book published by ISACA and written by Ernst & Young

Rolling Meadows, IL, USA (15 May 2013)--The advanced persistent threat (APT) is waging an all-out attack on enterprises' intellectual property. Yet most companies continue to try to protect themselves using approaches that are years out of date. That is one of the conclusions in Responding to Targeted Cyberattacks, a frank new how-to book published by global IT association ISACA and written by Ernst & Young LLP.

The threat landscape has progressed from unsophisticated "script kiddies" to hackers to insiders to today's state-sponsored attacks, where enterprises are attacked because of who they are, what they do and the value of their intellectual property (IP).

"There are no universal solutions to prevent being infiltrated," said James Holley, leader for Ernst & Young LLP's Information Security Incident Response services and co-author of the book. "If sophisticated and well-funded attackers target a specific environment, they will get in. In this rapidly evolving threat landscape, information security professionals need to adopt the mindset that their network is already compromised or soon will be."

In a detailed look at an escalating global problem, the authors highlight five things every organization should know:

1. Advanced threats now target people--people have become your first line of defense.

2. Cyberattacks are a business problem and a people problem, not just a technology problem.

3. User education and awareness are critical to your success.

4. "Prevention" strategies of the past are not enough now – today's strategy needs to be: "Complicate – Detect – Respond – Educate – Govern."

5. Four emerging capabilities are needed to implement the new strategy for dealing with cyberattacks:

Centralized log aggregation and correlation

Ability to conduct forensic analysis across the enterprise

Ability to sweep the enterprise for "indicators of compromise

Ability to inspect memory to detect malicious code

"This book is in response to a need identified by security, risk and assurance professionals--the people on the front lines of keeping attackers in check and protecting an organization's key assets," said Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, president, FORFA AG and member of ISACA's Professional Influence and Advocacy Committee. "There are plenty of books on incident management, but very few that offer an actionable roadmap for preparing, containing and mitigating cyberattacks."

Responding to Targeted Cyberattacks is the second installment in a cybersecurity series from ISACA, a global association of 100,000 information security, assurance, risk and governance professionals. The first, Advanced Persistent Threat Awareness Study Results, was issued in February. The survey of more than 1,500 security professionals found that an overwhelming majority (94 percent) of respondents believe the APT represents a credible threat to national security and economic stability. Additionally, 63% think it is only a matter of time before they are attacked and one in five has already experienced an APT attack.

The book is available at no charge to members of ISACA; non-members can purchase a print or electronic version at www.isaca.org/cyberattacks.

About ISACA

With more than 100,000 constituents in 180 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control&trade (CRISC&trade) designations.

ISACA continually updates and expands the practical guidance and product family based on the COBIT® framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Participate in the Cybersecurity community in the ISACA Knowledge Center: www.isaca.org/knowledge-center

Follow ISACA on Twitter: https://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial

Like ISACA on Facebook: www.facebook.com/ISACAHQ

About Ernst & Young

Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 167,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.

For more information, please visit www.ey.com.

Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.