Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
August 1-6, 2020
Las Vegas, NV, USA
Black Hat Asia
September 29 - October 2, 2020
Singapore
Black Hat Europe
November 9-12, 2020
London UK
10/22/2018
12:00 PM
Matthias Maier, Security Evangelist, Splunk
Matthias Maier, Security Evangelist, Splunk
Event Updates
50%
50%

What Keeps the CISO Awake at Night

How to keep your CISO sleeping soundly

How to keep your CISO sleeping soundly

One of the CISO's biggest fears is waking up to find their organization in the headlines reporting a security failure - which they do not have under control. Have you ever considered how prepared you are to respond to the question “what have you done about it”? Replace YOURCOMPANY with your organization’s name in the examples below, and consider your answers to the questions that follow:

Headline: Business comes to a halt as all workstations at YOURCOMPANY are encrypted with the latest ransomware

This scenario still happens every day, all it requires is a new zero-day vulnerability, and some hapless users who click on an email attachment. Would you be able to:

- Refer to a crisis plan to restore your machines?

- Identify the patterns of the vulnerability/malware?

- Identify patient zero?

- Ensure re-infections aren’t spreading?

Headline: Leaked HR and Payroll information sparks equal pay outrage at YOURCOMPANY

This might not “just” be a personal data breach, but a potential cause of internal tensions if payroll information of all employees became publicly available. Would you be able to:

- Identify how the attacker gained access?

- Understand which users or privileges were used?

- Stop the access for affected user accounts, in case exfiltration is still happening?

Headline: Undetected for two years, YOURCOMPANY hosts Command and Control Server for large scale botnet on careers webpage

You may think this one is unlikely as command and control servers are mostly hosted on unknown net-new servers, or websites that have vulnerabilities. However, every registration page your company owns where someone can sign up, upload and download data (such as a CV to your careers page), can be utilized as a command and control server. Would you be able to:

- Look for newly registered users?

- Monitor the standard deviations from the usual frequency or count of logins per user, or the volume of distinct source IP’s by individual users?

Headline: Energy and AWS costs explode due to unnoticed duo malware at YOURCOMPANY

Crypto-jacking for cyber criminals is an attractive way to monetize the infected hosts they have taken over, or cloud environments they have gained access to. Abusing the processing power for crypto mining, if done in a strategically, can stay unnoticed for some time, and often detected when it’s too late. Would you be able to run an investigation by putting a security lens on traditional IT-Operations metrics, such as CPU utilization?

Remember, it's not the headlines that CISOs fear, it's not being prepared enough to respond with "we have this under control". So, whether or not it makes the news, would you be able answer these six questions in the face of a security breach?

Most of the answers will be hidden in your machine data, and harnessing all machine data will allow your team to be prepared. Take the first steps in facing your CISO’s fears; start to centralize your machine data and learn more about the four easy ways central logging improves your security posture.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16192
PUBLISHED: 2020-08-05
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
CVE-2020-17364
PUBLISHED: 2020-08-05
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
CVE-2020-4481
PUBLISHED: 2020-08-05
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.
CVE-2020-5608
PUBLISHED: 2020-08-05
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered c...
CVE-2020-5609
PUBLISHED: 2020-08-05
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to cre...