Cybersecurity Blog: The Cyber Scene is evolving, are you?

Security teams are struggling to keep up. With cyber threats and security mandates growing at a rapid pace, how do you keep your team’s morale and motivation strong? And, how do you ensure your strategy to protect your company’s assets are sound and your efforts continue in the right (read “effective”) direction?

Read more

WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware targeting Microsoft Windows operating system. On Friday May 12, 2017 a widespread attack using this ransomware was launched affecting IT organizations worldwide. The ransomware encrypts files changing the extensions to: .wnry, .wcry, .wncry and .wncrypt.  The malware then presents a window to the user with a ransom demand.

Read more

The remark “never a dull moment” is rarely an expression used to indicate joy.  Instead, it’s a semi-sarcastic way of lamenting unwelcome excitement.  While no one wants to have a boring job, spending one’s time fighting ransomware outbreaks that disrupt business operations and put one’s job at risk are not the kinds of exhilarating challenges that most Chief Information Security Officers (CISO) pine for.  The recent WannaCry outbreak has all the hallmarks of this unwelcome excitement.  The ransomware infects computers by exploiting a vulnerability that Microsoft patched two months ago.  It propagates through a network port that every enterprise should be locking down.  It exhibits malicious behavior that should be relatively easy to detect and mitigate.  By some accounts, it was arguably a poorly executed attack that did a mediocre job of accomplishing what appears to be its most important objective - extracting money from its victims. 

Read more

The word “prevention” is broadly applied in cybersecurity. It can refer to the responsibility of a technology stack to block, an analyst team to detect, or a security team to respond. Historically security prevention budgets have been dedicated to point solutions installed to keep the bad guys out. As organizations mature their cybersecurity programs they are looking for ways to leverage intel gained at the detection and response stages to enhance prevention efforts across the board.

According to RSA sponsored research, the trend in security budget spend has been moving away from a historic split of 80% prevention, 15% detection and 5% response to a more equal allocation of funds – 33% for each initiative.

Read more

We recently had Anthony Morrone, DuPont’s Chief Information Security Officer (CISO), speak about the challenges he faces preparing for the merger of his company and Dow Chemical. The union of the two chemical giants, and subsequent creation of three independent technology and innovation-based science companies, will be one for the history books. Preparing for this event is no small endeavor.

According to Morrone, who will be responsible for the security of two of the three independent spin-offs, the typical approach to support a new company is to clone your existing structure. But for DuPont, which has 17 different domains, cloning the security structure and systems poses some sizable challenges and a significant capital expense Morrone wants to avoid. His plan? Integrate a cyber security as a service (CSaaS) model into his security design. (Watch the on-demand broadcast for the full case study.)

Read more

While the market may be focusing less on perimeter security, enterprises can improve overall cybersecurity and save time by taking a few simple steps for their perimeter networks.

It’s not easy being a Chief Information Security Officer (CISO) these days. While the regular drumbeat of news of cyber attacks has meant that board members and the executive suite now actually know the name of their CISO, more attention and budget isn’t always a good thing. That’s because there isn’t always a consensus on where that money should be spent. Some cybersecurity market segments, like endpoint detection and response (EDR) technologies, have more than a dozen players all spending millions on sales and marketing. Many CISOs have stopped answering their phones for any caller they don’t recognize due to the onslaught of sales calls. While NIST and other standards organizations have done a fairly good job of defining the basic table stakes for cybersecurity, most large enterprises still struggle with thwarting attacks even with all the right boxes checked.

Read more

Managing the risks presented by insider threats is, in large part, founded on historical counterintelligence precepts. In this webcast, I discussed three counterintelligence practices for the digital age and how these proven maxims may be translated into controls to enhance your cybersecurity posture.

  1. Be offensive: While today’s threats are ever evolving, one constant is the human element as a primary threat vector. Rather than merely responding to events after-the-fact, get ahead of a potential incident by identifying human threat indicators -- and offer risk treatments before threats materialize to better secure company resources and intellectual property.
  2. Own the street: Historically, physical surveillance kept watch over nefarious activities on our streets, and today we must have the same vigilance of the digital highway. Look to enhance your organization’s situational awareness to defend your assets, personnel, and reputation better.
  3. Don’t ignore analysis: The best insider threat programs have not only sophisticated technology, an established governance structure, and awareness and reporting programs, but also the means to discern the importance of each of these components’ results. It is only through appropriate analysis that data becomes operationalized information. Enhance your risk management operations with on-site teams to meet your analytical requirements from initial operating capability through optimization.
Read more

When it comes to people, processes, and technology, the weakest link is human behavior.

In the wake of various high-profile leaks, human-enabled data breaches, and theft of corporate assets over the last several years, the insider threat topic has received much attention.

Read more

An adversary has successfully carried out a cyber-attack, the proverbial stuff has hit the fan, and it’s all hands on deck to figure out what happened. Unfortunately, it’s not until this type of incident response happens that organizations perform any type of analysis. The silver lining is that these situations can provide invaluable understanding of the threats facing an environment; however, they’re costly, both in terms of time and effort and impact to the business.

Unbeknownst to most organizations, just as much (and likely much more) insight can be gained from identifying and analyzing the attacks that fail. Analyzing what happened and what could have happened means defenders can gain a better understanding of how an adversary operates, and then use that knowledge to defend against that adversary and others like them.

So why aren’t more organizations doing this type of valuable analysis?

Read more

As I noted in my earlier blog post, there is growing concern about the cybersecurity risks with the Internet of Things (IoT), particularly their effects on third parties as the recent Mirai botnet attack demonstrated.  At this year’s RSA Conference in San Francisco, IoT cybersecurity was one of the most discussed topics ranging from policy to the latest exploits. I was fortunate to serve on a panel discussing IoT and ransomware in front of a packed room.  While hype is undoubtedly a factor, the massive interest certainly demonstrates the huge market forces at work that are still in their infancy.  As Bruce Schneier noted in his RSAC talk, the social, economic, and safety implications of the Internet of Things means that government regulations are not far behind. In fact, Bruce even advocates for the establishment of a government agency to address it while acknowledging that he currently cannot provide the details for how such an agency would operate, what regulations would be needed, or how such regulations would be enforced. 

Read more