Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/7/2015
01:40 PM
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Twitter Chat: How To Prepare For A Cyberattack

Join the GTEC and Dark Reading Twitter chat, "Is It Possible to Prepare for a Cyber Attack?" on Wednesday, July 8 from 2-3pm EST, using the #GTECCHAT hashtag.

There's no way prevent a cyberattack. That horse left the barn a long time ago, when traditional perimeter security could no longer deter the bad guys who now merely go straight to the weakest link -- the end user.

But there are ways to prepare for a cyberattack. This seemingly fatalistic mindset is actually now considered a healthy and realistic way to look at your organization's risk of getting hacked. An obvious first step, of course, is embracing best practices, such as running updated and (fully) patched software; a layered, defense-in-depth architecture of security tools; and schooling end users on how to avoid falling for phishing or other attack lures. It's about mitigating and minimizing the damage: stopping the bad guys from sneaking out with data, for example.

And security also now encompasses incident response -- in the aftermath of an attack, what to do, who to contact, and how to report a breach publicly. That requires a written plan, tabletop exercises, executive-level buy-in, and more.

Join Dark Reading (@DarkReading) and GTEC (@GTEC) tomorrow, July 8, from 2-3pm EST, when we will drill down on this topic in a Twitter chat, "Is It Possible to Prepare for a Cyber Attack?" Bring any questions, comments, and experiences in the live online discussion. Please use the hashtag #GTECCHAT to participate in the chat.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
7/8/2015 | 7:25:15 AM
Best practices
Although I agree that for most organisations an eventual attack is inevitable, especially if you reach a certain size, I think the most important lesson is to make sure you are not the lowest hanging fruit. Unless you are being specifically targeted for some reason, chances are hackers are going to go after the easiest organisation of your type.

Just like with a zombie attack - you only really need to outrun your friends - when it comes to hacking the best first step is making sure your security is better than your neighbors. 
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Moderator
7/7/2015 | 4:45:12 PM
Perimeter security can no longer deter the bad guys
I agree that "traditional perimeter security could no longer deter the bad guys," and according to a study by Ponemon Institute, related to the recent spate of high-profile cyber attacks. According to the survey database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security. Ponemon concluded that "This is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification."

I agree that we need "a layered, defense-in-depth architecture of security tools," and "stopping the bad guys from sneaking out with data." We know that less than 14% of breaches are detected by internal security tools according to the annual international breach investigations report from Verizon.

I found great advice in a Gartner report, covering enterprise and cloud, analyzed solutions for Data Protection and Data Access Governance and the title of the report is "Market Guide for Data–Centric Audit and Protection." I recently read another interesting Gartner report, "Big Data Needs a Data-Centric Security Focus," concluding," In order to avoid security chaos, Chief Information Security Officers (CISOs) need to approach big data through a data-centric approach.

We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric.

Ulf Mattsson, CTO Protegrity
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3035
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
CVE-2021-3036
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
CVE-2021-3037
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
CVE-2021-3038
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
CVE-2021-3506
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...