Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Stripping the Attacker Naked
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
4/11/2018 | 12:48:40 PM
Re: Not Worth Reading
As an alternative to the "crown jewels" analogy, consider this: "Data is the life's blood of the modern enterprise".  If you accept that, just what part of your organization's life's blood isn't worth protecting?  How much of a leak is acceptable?  Which parts do you need to keep uncontaminated?  When is it Ok for any of it not to get to where it's needed? 

As to why Information System architects aren't ready, willing or best suited to take point in protecting data assets: the metrics for job performance are skewed toward finding new, better and faster ways to exploit an organization's data.  What stakeholders have failed to realize is that their people aren't the only ones good at doing that!  The scattered debris field left by all the (well rewarded), shortcuts, design-as-you-go, secure-it-later, data-ecology strip-mining and hope-it-holds patching is a godsend to those who realize what can be made from the bits and pieces. 
MartinDionCH
50%
50%
MartinDionCH,
User Rank: Author
4/10/2018 | 2:59:12 PM
Re: Not Worth Reading
Thanks Brian for your feedback! Two things, editorial guidelines limits the article lenght and this article is not claiming to be about cyber security strategy at large. I generally agree with your comment but cyber is not limited to data protection. From my viewpoint, its about enterprise resilience, hence crown jewels are broader than data. I also think that although IT have an important role, that security personnel must lead the charge and facilitate the transversal conversation. Finally, its important to focus on what is both the most valuable and vulnerable right now since most enterprise dont have the luxury of securing everything, its just sound risk management practices. Best regards Martin
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
4/10/2018 | 1:29:03 PM
Re: Not Worth Reading
@Martin: Nothing wrong with suggesting strategy or doctrine, rather than implementation tactics.  Too little thought goes into creating a sustainable, orchestrated, holistic and heuristic approach to cybersecurity, in many organizations.  Putting tactics first, you can win lots of battles, yet still lose the war. 

"First, security personnel must identify the "crown jewels" — the vital data needing protection."

I do have an issue with the "crown jewels" analogy - as it suggests that most (of the now vast amounts of), data that enterprises collect, share, store, transmit or process doesn't require protection. It's impossible to know to what use some entity, at some point in the future, might make of "ordinary" data, especially in combination with data collected from other sources. 

Also, I would not task "security personnel" with identifying or evaluating data assets, or establishing the need-to-know access mechanisms - that's a job for the information system's architects. 
MartinDionCH
50%
50%
MartinDionCH,
User Rank: Author
4/9/2018 | 2:21:28 PM
Re: Not Worth Reading
I am sorry you feel this way, if you are looking for implementation guidelines, may I suggest you read my other post? As well, you must understand that I do appreciate your feedback and to ensure I do better next time, it would be important for me to understand what you would expect or even to get specific questions so we could interact constructively. Best regards, Martin.
ANON1251724318124
50%
50%
ANON1251724318124,
User Rank: Apprentice
4/9/2018 | 1:14:09 PM
Not Worth Reading
There are no insights here just conjecture.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40526
PUBLISHED: 2021-10-25
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead t...
CVE-2021-40527
PUBLISHED: 2021-10-25
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile applic...
CVE-2021-40371
PUBLISHED: 2021-10-25
Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.
CVE-2021-21703
PUBLISHED: 2021-10-25
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the ma...
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...