Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
May 4-7, 2021
Virtual Event
Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
Black Hat Europe
November 8-11, 2021
Virtual Event
10/22/2018
12:00 PM
Matthias Maier, Security Evangelist, Splunk
Matthias Maier, Security Evangelist, Splunk
Event Updates
50%
50%

What Keeps the CISO Awake at Night

How to keep your CISO sleeping soundly

How to keep your CISO sleeping soundly

One of the CISO's biggest fears is waking up to find their organization in the headlines reporting a security failure - which they do not have under control. Have you ever considered how prepared you are to respond to the question “what have you done about it”? Replace YOURCOMPANY with your organization’s name in the examples below, and consider your answers to the questions that follow:

Headline: Business comes to a halt as all workstations at YOURCOMPANY are encrypted with the latest ransomware

This scenario still happens every day, all it requires is a new zero-day vulnerability, and some hapless users who click on an email attachment. Would you be able to:

- Refer to a crisis plan to restore your machines?

- Identify the patterns of the vulnerability/malware?

- Identify patient zero?

- Ensure re-infections aren’t spreading?

Headline: Leaked HR and Payroll information sparks equal pay outrage at YOURCOMPANY

This might not “just” be a personal data breach, but a potential cause of internal tensions if payroll information of all employees became publicly available. Would you be able to:

- Identify how the attacker gained access?

- Understand which users or privileges were used?

- Stop the access for affected user accounts, in case exfiltration is still happening?

Headline: Undetected for two years, YOURCOMPANY hosts Command and Control Server for large scale botnet on careers webpage

You may think this one is unlikely as command and control servers are mostly hosted on unknown net-new servers, or websites that have vulnerabilities. However, every registration page your company owns where someone can sign up, upload and download data (such as a CV to your careers page), can be utilized as a command and control server. Would you be able to:

- Look for newly registered users?

- Monitor the standard deviations from the usual frequency or count of logins per user, or the volume of distinct source IP’s by individual users?

Headline: Energy and AWS costs explode due to unnoticed duo malware at YOURCOMPANY

Crypto-jacking for cyber criminals is an attractive way to monetize the infected hosts they have taken over, or cloud environments they have gained access to. Abusing the processing power for crypto mining, if done in a strategically, can stay unnoticed for some time, and often detected when it’s too late. Would you be able to run an investigation by putting a security lens on traditional IT-Operations metrics, such as CPU utilization?

Remember, it's not the headlines that CISOs fear, it's not being prepared enough to respond with "we have this under control". So, whether or not it makes the news, would you be able answer these six questions in the face of a security breach?

Most of the answers will be hidden in your machine data, and harnessing all machine data will allow your team to be prepared. Take the first steps in facing your CISO’s fears; start to centralize your machine data and learn more about the four easy ways central logging improves your security posture.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...