Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How Many People Does It Take to Defend a Network?
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
5/22/2017 | 8:20:01 PM
Virtual "We're Closed" signs?
I wonder if the solution for a lot of small enterprises may eventually become a full shutdown of all system during non-peak hours.  Think of it like "Sorry, We're Closed" 2.0.

Obviously, this would only work in certain contexts, and bear with it its own costs, but at a certain point, those costs may be substantially smaller for some companies compared with the cost of risk mitigation and/or the actual risk of a breach.

Right now, though, usually it's the other way around, and the risk is cost-justified in the long run -- but that formula/those numbers could change for for smaller businesses.
LindsayCybSafe
50%
50%
LindsayCybSafe,
User Rank: Strategist
5/22/2017 | 4:44:28 AM
CISO? Sysadmins? EVERYONE is responsible for cyber security ...
Skills shortage is obviously a concern, but those skills might be closer than you think - dare I say, there may be diamonds in the rough sitting in your office right now. 

Regardless of sourcing specific cyber skills, and easy-win to creating basic breach detection skills can come thorugh education and up to date threat identification techniques. 

'Cybsafe' for those in the UK is certainly a good option, if you want GCHQ-accreditation and certification for the workforce.

Cheers Josh!


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23478
PUBLISHED: 2021-09-22
Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.
CVE-2020-23481
PUBLISHED: 2021-09-22
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
CVE-2020-23469
PUBLISHED: 2021-09-22
gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin.
CVE-2021-21991
PUBLISHED: 2021-09-22
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server...
CVE-2021-21992
PUBLISHED: 2021-09-22
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service ...