It’s not that fixing Critical and High-Severity vulnerabilities is the problem; it’s that the Medium and Low severity vulnerabilities can pose significant risks as well. For any given vulnerability, we need to distinguish between its severity and the risk that results from it being present on a particular system on our network.
Essentially, one-third of analysts’ time is being spent on processing alerts that have unknowingly already been processed, and at present SOC teams are left with little ability to make this distinction resulting in massive manpower drain.
In 2015, it seemed no one was safe from hackers. The year began with Sony reeling from a hack that put the studio and celebrities such as Seth Rogen and James Franco in a web of geopolitics and extortion. Seven months later came the high-profile Ashley Madison hack, which resulted in the release of the email and physical addresses for 37 million users. Cybercriminals stole $1 billion from banks in 30 countries as part of the Carbanak hack. Even the Director of the CIA wasn’t safe – his AOL email account was hacked by someone claiming to be a high school student.
Being adequately prepared to respond to a data breach is an ever-changing game – new threats are emerging, new regulations are being put into place and companies must regularly re-evaluate their response plans to ensure they are applicable to today’s threat landscape. Unfortunately, many companies are not reviewing and updating their plans frequently enough – in fact, only 25 percent of companies say they update their response plans once or twice a year. Not to mention that no matter how well prepared and updated a company’s plan is, an actual live breach response can present unforeseen challenges that cause companies to stumble.
It’s essential that boards understand the organization’s cyber risks in order to successfully oversee overall company performance. CISOs and CSOs who can clearly convey cybersecurity to the board promotes better navigation of the organization in today’s uncertain cybersecurity world.
Ideally a penetration test should simulate a real world attack; in the real world, the attacker will always have some objective beyond “get into the network.” No matter who the attacker is, they are motivated by something that they are trying to accomplish – and getting into the network is only one step in that process for the attacker.
In the 2015 Anthem data breach, the compromise of an adminstrator’s credentials was the initial entry point that caused the breach and exposure of 13.5 million patient records. High-profile, high-impact breaches like this are spurring healthcare enterprises to institute more cybersecurity defenses and to monitor the insider threat.
The Massachusetts Institute of Technology is starting a new research effort to help CISOs better manage cybersecurity within critical infrastructure companies. Exxon Mobil Corp. and Schneider Electric SE are early members of the consortium, according to MIT.
When looking at the cyber technology market over the past 15 years, it is evident that the catalyst for cyber evolution was Y2K. Prior to the Y2K frenzy, “cybersecurity” was masked in the systems engineering function, and external threats consisted of hackers looking to leverage free computing capabilities with very little focus on information/data access or network destruction.
Terrorism is changing. The Center for Cyber & Homeland Security at George Washington University is striving to bring science to the art of security decision-making. What can their research into cyberattacks, terrorism and the evolving threat environment do to help your enterprise? Read about this, sports security, security culture and awareness and more in the July issue.