Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
10/22/2018
12:00 PM
Matthias Maier, Security Evangelist, Splunk
Matthias Maier, Security Evangelist, Splunk
Event Updates
50%
50%

What Keeps the CISO Awake at Night

How to keep your CISO sleeping soundly

How to keep your CISO sleeping soundly

One of the CISO's biggest fears is waking up to find their organization in the headlines reporting a security failure - which they do not have under control. Have you ever considered how prepared you are to respond to the question “what have you done about it”? Replace YOURCOMPANY with your organization’s name in the examples below, and consider your answers to the questions that follow:

Headline: Business comes to a halt as all workstations at YOURCOMPANY are encrypted with the latest ransomware

This scenario still happens every day, all it requires is a new zero-day vulnerability, and some hapless users who click on an email attachment. Would you be able to:

- Refer to a crisis plan to restore your machines?

- Identify the patterns of the vulnerability/malware?

- Identify patient zero?

- Ensure re-infections aren’t spreading?

Headline: Leaked HR and Payroll information sparks equal pay outrage at YOURCOMPANY

This might not “just” be a personal data breach, but a potential cause of internal tensions if payroll information of all employees became publicly available. Would you be able to:

- Identify how the attacker gained access?

- Understand which users or privileges were used?

- Stop the access for affected user accounts, in case exfiltration is still happening?

Headline: Undetected for two years, YOURCOMPANY hosts Command and Control Server for large scale botnet on careers webpage

You may think this one is unlikely as command and control servers are mostly hosted on unknown net-new servers, or websites that have vulnerabilities. However, every registration page your company owns where someone can sign up, upload and download data (such as a CV to your careers page), can be utilized as a command and control server. Would you be able to:

- Look for newly registered users?

- Monitor the standard deviations from the usual frequency or count of logins per user, or the volume of distinct source IP’s by individual users?

Headline: Energy and AWS costs explode due to unnoticed duo malware at YOURCOMPANY

Crypto-jacking for cyber criminals is an attractive way to monetize the infected hosts they have taken over, or cloud environments they have gained access to. Abusing the processing power for crypto mining, if done in a strategically, can stay unnoticed for some time, and often detected when it’s too late. Would you be able to run an investigation by putting a security lens on traditional IT-Operations metrics, such as CPU utilization?

Remember, it's not the headlines that CISOs fear, it's not being prepared enough to respond with "we have this under control". So, whether or not it makes the news, would you be able answer these six questions in the face of a security breach?

Most of the answers will be hidden in your machine data, and harnessing all machine data will allow your team to be prepared. Take the first steps in facing your CISO’s fears; start to centralize your machine data and learn more about the four easy ways central logging improves your security posture.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26587
PUBLISHED: 2021-09-27
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software upda...
CVE-2021-36878
PUBLISHED: 2021-09-27
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.
CVE-2021-37539
PUBLISHED: 2021-09-27
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
CVE-2021-33907
PUBLISHED: 2021-09-27
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context.
CVE-2021-34408
PUBLISHED: 2021-09-27
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable direct...