Steps to Better Security: A Simple Cyber Resilience Guide for Business
Mar 04 2022
What Security Engineers Hate About SIEM
SIEM Satisfaction is Mediocre
When CISOs, CIOs, CTOs, security engineers, security analysts and security architects were asked to rank the primary capabilities of a traditional SIEM according to how satisfied they were with those capabilities, an interesting picture emerged. The survey results indicated that every primary capability of traditional SIEM solutions, at best, only somewhat met the majority of usersâ needs. Some capabilities were irrelevant to many users. This tepid level of satisfaction is what drove many security teams to undertake the effort to build their own security monitoring tools.
Data Coverage and Data Use
Less than 25% of the respondents believed that their SIEM covered more than 75% of their security-relevant data. Nearly 17% responded that their existing platform covered less than a quarter of their data.
Furthermore, when asked if they believed their current SIEM platform were capable of handling the volume of security data their organization will generate in the future, a third of the respondents said they expected their existing platform to keep falling behind.
These results underscore the risks security teams (and their organizations) are forced to tolerate due to the cost and overhead required to bring high volumes of security-relevant data into traditional SIEM platforms. Without full visibility into all necessary data, security teams will undoubtedly have blind spots that impede their ability to protect their organizations.
OK, so what can they do instead? Well, a cloud-native architecture capable of ingesting, normalizing and analyzing terabytes of data per day cost-effectively is necessary to keep up.
Moving From Static to Dynamic
Security professionals are well aware of the static nature of traditional SIEM platforms. Many believe they pay too much for the capabilities provided and are concerned about what the future holds.
SIEMs were designed over ten years ago when the world was a very different place. The technology hasnât evolved its approach to keep up with the needs of cloud-scale environments. Adequate security today depends on full visibility into security-relevant data, structured, scalable data lakes, cloud-native workflows and fast detection and response times. Security teams need a modern approach to security monitoring built for the cloud-first world.
Security Information and Event Management (SIEM) ImplementationÂ
Feb 28 2022
Cyber security for construction businesses
Feb 08 2022
3 key elements of a strong cybersecurity program
The world relies on technology. So, a strong cybersecurity program is more important than ever. The challenge of achieving good cyber hygiene can be especially acute for small- and medium-sized businesses. This is particularly true for those with fully remote or hybrid work environments. Add to the mix limited resources and limited talent focused on cybersecurity, and the challenges can seem overwhelming.
Considering this, weâve simplified things down to three key elements of a strong cybersecurity program. You need to know how to assess, remediate, and implement security best practices at scale. In more detail, this means:
- Assessing your organizationâs current cybersecurity program and its prioritization
- Remediating endpoints at scale, bringing them into compliance with security best practices
- Implementing cybersecurity policies and monitoring them to stay in compliance
1. Assess your organizationâs current cybersecurity program
Taking the first step toward better cyber hygiene means understanding where your organization stands today. Conduct an honest assessment of your strengths and weaknesses in order to prioritize where to focus your efforts for your cybersecurity program. The challenge here is finding the right bar to measure yourself against. There are several frameworks that will do the job. Thus, it can be daunting to figure out which one is the right fit, especially if this is the first time youâre doing an assessment. Starting with the CIS Controls and CIS Benchmarks can help take the guesswork out of your assessment and provide peace of mind that youâre covering all of your bases.
Hereâs what makes these two sets of best practices especially useful:
- They tell you the âwhatâ and the âhowâ: Many frameworks tell you what you should do, but not how to do it. CIS best practices give you both.
- They are comprehensive and consensus-based: CIS best practices are developed in collaboration with a global community of cybersecurity experts. Theyâre also data-driven as explained in the CIS Community Defense Model.
- They are mapped to other industry regulatory frameworks: CIS best practices have been mapped or referenced by several other industry regulatory requirements, including: NIST, FINRA, PCI DSS, FedRAMP, DISA STIGs, and many others. This means you can get the proverbial âtwo birds with one stoneâ by assessing against CIS best practices.
The CIS Controls are a prioritized and prescriptive set of safeguards that mitigate the most common cyber-attacks against systems and networks. The CIS Benchmarks are more than 100 configuration guidelines across 25+ vendor product families to safeguard systems against todayâs evolving cyber threats. Both are available as free PDF downloads to help you get started.
2. Remediate endpoints at scale with CIS Build Kits
One of the challenges in applying any best practice framework is dedicating the time and resources to do the work. Luckily, CIS offers tools and resources to help automate and track the assessment process. The CIS Controls Self Assessment Tool (CIS CSAT) helps organizations assess the implementation of the CIS Controls. Additionally, the CIS Configuration Assessment Tool (CIS-CAT Pro Assessor) scans target systems for conformance to the CIS Benchmarks. CIS-CAT Pro Assessor allows you to move more quickly toward analyzing results and setting a strategy to remediate your gaps.
CIS resources and tools are designed to help you move toward compliance with best practices by remediating the gaps. Once you understand where your gaps are and how to fix them, you can use CIS Build Kits to achieve compliance at scale. CIS Build Kits are automated, efficient, repeatable, and scalable resources for rapid implementation of CIS Benchmark recommendations. You can apply them via the group policy management console in Windows, or through a shell script in Linux (Unix,*nix) environments.
Interested in trying out a Build Kit? CIS offers sample Build Kits that contain a subset of the recommendations within the CIS Benchmark. They provide you a snapshot of what to expect with the full CIS Build Kit.
3. Implement cybersecurity policies and monitor for compliance
Lastly, creating strong policies and monitoring conformance helps ensure that an organization is working toward a more robust cybersecurity program. Regularly monitoring conformance over time is critical. It helps you avoid configuration drift, and helps identify any new issues quickly. CIS tools can help monitor conformance and identify gaps.
CIS-CAT Pro Dashboard provides an easy-to-use graphical user interface for viewing CIS Benchmark conformance assessment results over time. Similarly, CIS CSAT Pro enables an organization to monitor implementation of the CIS Controls over time.
A strong cybersecurity program with CIS SecureSuite Membership
Any organization can start improving its cyber hygiene by downloading CISâs free best practices, like the PDF versions of the CIS Benchmarks. But itâs important to know that you donât have to go it alone. A cost-effective CIS SecureSuite Membership can be both a solution to your immediate security needs, as well as a long-term resource to help optimize your organizationâs cybersecurity program.
Youâll get access to:
- CIS-CAT Pro Assessor and Dashboard
- CIS CSAT Pro
- CIS Build Kits
- CIS Benchmarks in various formats (Microsoft Word, Microsoft Excel, XCCDF, OVAL, XML) and more
Get the most out of CIS best practices for your cybersecurity program by signing up for a cost-effective CIS SecureSuite Membership.
Learn more about CIS SecureSuite
Building an Effective Cybersecurity Program
Information Security Governance: Framework and Toolset for CISOs and Decision Makers
Feb 07 2022
Critical Infrastructure Attacks Spur Cybersecurity Investment
The attacks on critical industrial systems such as Colonial Pipeline last year pushed industrial cybersecurity to center stage. And with the threat of war between Russia and Ukraine, experts warned nations that a global flare-up of cybersecurity attacks on critical infrastructure could be looming. In late January, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) put critical infrastructure organizations on notice: Take âurgent, near-term stepsâ to mitigate the risk of digital attacks. The alert cited tension in eastern Europe as the catalyst for possible attacks against U.S. digital assets.
Critical Infrastructure Under Attack
Unfortunately, critical systems have long been under significant attack. In fact, an overwhelming 80% of critical infrastructure organizations experienced ransomware attacks last year, according to a survey released today by PollFish on behalf of cyber-physical systems security provider Claroty. The survey, completed in September 2021, gathered responses from full-time information technology and operational technology (OT) security professionals in the United States (500 professionals), Europe (300) and Asia-Pacific (300). The industries surveyed include IT hardware, oil and gas (including pipelines), consumer products, electric energy, pharmaceutical/life sciences/medical devices, transportation, agriculture/food and beverage, heavy industry, water and waste and automotive.
Globally, 80% of respondents reported experiencing an attack and 47% of respondents said the attack impacted their operational technology and industrial control systems environment. A full 90% of respondents that reported their attacks to authorities or shareholders said the impact of those attacks was substantial in 49% of cases.
Attacking Digital Transformation
Cybersecurity Investments
Effectiveness of National Cyber Policy to Strengthen the Security and Resilience of Critical Infrastructure Against Cyber Attacks
Feb 02 2022
10 Steps to Cyber Security
8 Steps to Better Security: A Simple Cyber Resilience Guide for Business
Harden your business against internal and external cybersecurity threats with a single accessible resource.
In 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business, cybersecurity researcher and writer Kim Crawley delivers a grounded and practical roadmap to cyber resilience in any organization. Offering you the lessons she learned while working for major tech companies like Sophos, AT&T, BlackBerry Cylance, Tripwire, and Venafi, Crawley condenses the essence of business cybersecurity into eight steps.
Jan 13 2022
14 CYBER SECURITY PREDICTIONS FOR 2022 AND BEYOND
14 Cyber Security Predictions For 2022 – by Mandiant
Blackout Warfare: Attacking The U.S. Electric Power Grid A Revolution In Military Affairs
Jan 10 2022
Cyber Security in mergers and acquisitions
Guide to Cybersecurity Due Diligence in M&A Transactions
Dec 29 2021
10 Steps to Cyber Security
Cybersecurity Program Development for Business: The Essential Planning Guide
Dec 28 2021
Cyber security small business guide
Cybersecurity Program Development for Business: The Essential Planning Guide
Nov 21 2021
How can a business ensure the security of their supply chain?
10 best practices to evaluate a supplierâs risk
While there are no guarantees that a business can detect a supply chain attack before it happens, there are 10 best practices that a business can consider to help mitigate risk and validate the security of its supply chain.
1. Evaluate the impact each supplier can have on your business if the supplierâs IT infrastructure is compromised. While a full-risk assessment is preferred, smaller organizations might not have the resources to conduct one. At a minimum, however, they should analyze the worst-case scenarios and ask questions such as:
- How would a ransomware attack on this supplierâs systems impact my business?
- How would my business be affected if the supplierâs source code was compromised by a Trojan virus?
- If the supplierâs databases are compromised and data is stolen, how would that impact my business?
2. Evaluate internal IT resources and competencies for each supplier. Do they have a dedicated cybersecurity team led by a security manager or a CISO? It is important to identify the supplierâs security leadership because that is who can answer your questions. If the team is non-existent or poorly staffed with no real leadership, you may want to reconsider engaging with this supplier.
3. Meet with the supplierâs security manager or CISO to discover how they protect their systems and data. This can be a short meeting, phone call, or even an email conversation, depending on the risks identified in step 1.
4. Request evidence to verify what the supplier is claiming. Penetration reports are a useful way to do this. Be sure the scope of the test is appropriate and, whenever possible, request a report on two consecutive tests to verify that the supplier is acting on its findings.
5. If your supplier is a software provider, ask for an independent source code review. In some cases, the supplier may require an NDA to share the full report or may choose not to share it. When this happens, ask for an executive summary.
6. If your supplier is a cloud provider, you can scan the supplierâs networks, perform a Shodan search, or ask the supplier for a report of their own scans. If you plan to scan yourself, obtain a permit from the supplier and ask them to segregate customer addresses from their own so you are not scanning something irrelevant.
7. If the supplier is a software or cloud provider, find out if the supplier is running a bug bounty reward program. These programs help an organization find and fix vulnerabilities before attackers have a chance to exploit them.
8. Ask your suppliers how they are prioritizing their risks. For example, the Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities and assign severity scores so the supplier can prioritize risk responses.
9. Request the supplierâs patching reports. The fact that they have a report demonstrates their commitment to security and managing vulnerabilities. If possible, try to get a report that is produced by an independent entity.
10. Steps 1 through 9 should be repeated annually, depending on the risk to and impact on your business. For a low-impact supplier, this may be performed less often. For a supplier that is mission-critical to the businessâs success and is high risk, the business may want to develop a permanent evaluation process. However, large SaaS and IaaS providers may not be willing to participate in ongoing evaluations.
How can a business ensure the security of their supply chain?
Cyber Security and Supply Chain Management
Nov 18 2021
How Virtualization Helps Secure Connected Cars
Connected cars create opportunities to deliver enhanced customer experiences. At the same time, they also have the potential to provide high cost and revenue benefits. This is true for connected car companies, OEMs, suppliers and insurers (and much, much more).
However, car companies havenât really explored the opportunities to monetize customer data adequately. We can probably attribute this to cybersecurity threats and a mad rush to market. But as the industry evolves and accelerates adoption, we must address these concerns now.
According to Allied Market Research, experts forecast the worldwide connected car market to be worth $225.16 billion by 2027. As we strive to achieve continuous connectivity, whatâs the best approach to secure it? How do we keep drivers and their data safe from threat actors?
Before we dive into the solution, letâs look at some of the connected car challenges.
What Are the Threats to Connected Car Security?
Nov 08 2021
Pakistan government approves new cybersecurity policy, cybercrime agency
The Pakistan Ministry of Information Technology has announced that a new cybersecurity policy and accompanying cybersecurity agency has been approved for the South Asian nation.
The new policy aims to support both public and private institutions, including national information systems and critical infrastructure, replacing a system whereby government institutions have separate security operations.
It comes at a delicate time for Pakistan, which recently accused India of using the Israeli spyware Pegasus to spy on Prime Minister Imran Khan â and designates cyber-attacks on any Pakistani institution as an attack on national sovereignty.
âThe IT ministry and all relevant public and private institutions will be provided all possible assistance and support to ensure that their data, services, ICT products and systems are in line with the requirements of cybersecurity,â said IT minister Syed Aminul Haq, as quoted in local press.
Nov 01 2021
Cybersecurity can drive business transformation instead of holding it back
A security strategy that doesnât offer the flexibility for innovation undermines the key competitive driver in a modern environment. So how do organizations bake trust into their security posture to provide the confidence to innovate and grow?
To achieve a balance between trust and innovation, businesses must rethink their approach by weaving security into every part of their digital fabric. Instead of creating a steel fortress around their digital ecosystem, they must have the flexibility to respond to market opportunities, confident that they can intercept and respond to risks in real-time.
Complexity undermines security ROI
The security market has never garnered more interest, with Gartner estimating spending on cybersecurity to exceed $150 billion by the end of 2021. However, according to a recent IBM study, despite more significant enterprise investment, enterprise security effectiveness has declined by 13%.
Businesses often fail to consider that their increased investment in security technology often creates toolset sprawl, which introduces complexity that degrades their ability to detect and manage threat vectors.
More layers of security seem, in theory, like a good thing â in fact, the average enterprise deploys over 45 unique pieces of security-related technology across its networks. Yet, according to IBM, organizations that deploy over 50 tools are 8% less effective in detecting threats than companies employing fewer toolsets or one provider managing the entire ecosystem.
Security talent is challenging to hire and retain
Cybersecurity: The Insights You Need from Harvard Business Review
Oct 28 2021
The first step to being cybersmart: Just start somewhere
When company leaders and IT staff begin looking at their options around improving their security and discover hundreds of possible solutions, they can become overwhelmed. However, the best thing they can do is just start somewhere. IT and security specialists can get started by simply identifying the most critical risk areas in their business. Once theyâve taken that crucial first step, they can build the next steps around that risk assessment.
Cybersecurity is an ongoing strategic project. The initial goal shouldnât be perfection. Instead, the goal can simply be to be better than yesterday.
Just start with a risk assessment
IT and security specialists can begin by pinpointing their organizationsâ most critical risk areas and then taking the steps to secure them. IT specialists should conduct a full data and asset inventory and assess where the greatest risk lies.
There are two areas that IT specialists should examine:
Oct 06 2021
Arizona governor announces the launch of Command Center to protect state computer systems
The governor of Arizona, Doug Ducey, has announced the launch of a Cyber Command Center to address the thousands of attacks that daily target government computers.
The governor of Arizona, Doug Ducey, has launched a Cyber Command Center to repel the huge amount of attacks that every day hit the computer systems of the state.
The move is the response of the Arizona administration to hundreds of thousands of cyberattacks that hit the state.
At a ceremony Monday at the Department of Public Safetyâs Arizona Counter Terrorism Information Center in Phoenix, Ducey explained that Cyber Command Center has been established to protect the IT infrastructure of the state.
âThe Cyber Command Center brings four state public safety agencies together in one room with one mission: Guard the stateâs computers against attacks and by extension, help protect the over 7 million residents of the Grand Canyon State.â reads a post published by AZCentral.
âWhen we protect your data, we protect you at home as well,â Arizona Department of Homeland Security Director Tim Roemer said in an interview. âWe help you not fall victim to identity theft, for example. Because once your data is compromised, they use that to open up accounts.â
In the case of a severe cyber attack, experts at the center will coordinate the incident response activities.
Sep 03 2021
New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices
Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks.
A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks.
The issues were discovered by the ASSET (Automated Systems SEcuriTy) Research Group from the Singapore University of Technology and Design (SUTD), their name comes from the Norwegian word âBrakâ which translates to âcrashâ.
The BrakTooth flaws impact 13 Bluetooth chipsets from 11 vendors, including Intel, Qualcomm, and Texas Instruments, experts estimated that more than 1,400 commercial products may be impacted.
As of today, the researchers discovered 16 security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm.
âwe disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.â reads the post published by the researchers. âAll the vulnerabilities are already reported to the respective vendors, with several vulnerabilities already patched and the rest being in the process of replication and patching. Moreover, four of the BrakTooth vulnerabilities have received bug bounty from Espressif System and Xiaomi. â
The attack scenario tested by the experts only requires a cheap ESP32 development kit (ESP-WROVER-KIT) with a custom (non-compliant) LMP firmware and a PC to run the PoC tool they developed. The tool communicates with the ESP32 board via serial port (/dev/ttyUSB1) and launches the attacks targeting the BDAddress (<target bdaddr>) using the specific exploit (<exploit_name>).
The ASSET group has released the PoC tool to allow vendors to test their devices against the vulnerabilities
Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology (Special Publication 800-121 Revision 1)
Sep 02 2021
DoJ Launches Cybersecurity Fellowship Program as Threats Rise
The U.S. Department of Justice (DoJ) announced the creation of a cybersecurity fellowship program that will train prosecutors and attorneys to handle emerging national cybersecurity threats.
Fellows in the three-year Cyber Fellowship program will investigate and prosecute state-sponsored cybersecurity threats, transnational criminal groups, infrastructure and ransomware attacks and the use of cryptocurrency and money laundering to finance and profit from cybercrimes.
Cyber Fellowship Program
The program will train selected attorneys to deal with emerging cybercriminal threats and the ability to secure a top-secret security clearance is a prerequisite. All participants will be based in the Washington, D.C. area.
As part of the fellowship, participants will rotate through the multiple departments charged with protecting the country from cybersecurity threats, including the Criminal Division, the National Security Division and the U.S. Attorneysâ Offices.
The program is coordinated through the Criminal Divisionâs Computer Crime and Intellectual Property Section and the creation of the Fellowship is the result of a recommendation from the departmentâs ongoing comprehensive cybersecurity review, which was ordered by Deputy Attorney General Lisa Monaco in May 2021.
Enhancing Efforts Against Cybersecurity Threats
Aug 26 2021
Samsung can remotely disable their TVs worldwide using TV Block
Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide.
This was revealed by the South Korean multinational in a press release issued earlier this month in response to the July South African riots that led to large-scale looting, which also impacted Samsung warehouses and stores.
“TV Block is a remote, security solution that detects if Samsung TV units have been unduly activated, and ensures that the television sets can only be used by the rightful owners with a valid proof of purchase,” Samsung said.
“The aim of the technology is to mitigate against the creation of secondary markets linked to the sale of illegal goods, both in South Africa and beyond its borders. This technology is already pre-loaded on all Samsung TV products.”
As Samsung explains, the goal behind remotely disabling stolen TV sets is to limit looting and “third party purchases,” and ensuring that the TVs can only be used by “rightful owners with a valid proof of purchase.”
Aug 05 2021
U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats
Creation of the Joint Cyber Defense Collaborative follows high-profile cyberattacks on critical U.S. infrastructure
The U.S. government is enlisting the help of tech companies, including Amazon.com Inc., Microsoft Corp. and Google, to bolster the countryâs critical infrastructure defenses against cyber threats after a string of high-profile attacks.
The Department of Homeland Security, on Thursday, is formally unveiling the initiative called the Joint Cyber Defense Collaborative. The effort will initially focus on combating ransomware and cyberattacks on cloud-computing providers, said Jen Easterly, director of the DHSâs Cybersecurity and Infrastructure Security Agency. Ultimately, she said, it aims to improve defense planning and information sharing between government and the private sector.
âThis will uniquely bring people together in peacetime, so that we can plan for how weâre going to respond in wartime,â she said in an interview. Ms. Easterly was sworn in as CISAâs director last month. She was previously a counterterrorism official in the Obama White House, and the commander of the Armyâs first cyber operations unit at the National Security Agency, Americaâs cyberspy agency.
âThis will uniquely bring people together in peacetime, so that we can plan for how weâre going to respond in wartime.ââ Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency
U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats
Department of Homeland Security and Information Sharing: Is It Working?Â
![Department of Homeland Security and Information Sharing: Is It Working? by [United State Army War College, U.S Army U.S Army]](https://m.media-amazon.com/images/I/417d4jwJrTS.jpg)
« Previous Page — Next Page »
