Monthly Archives: September 2017

Charles Leaver – Dismiss Vulnerability Lifecycle Management At Your Peril

Published by:

Written By Dr Al Hartmann And Presented By Charles Leaver

 

The following heading hit the news last week on September 7, 2017:

Equifax Inc. today revealed a cyber security occurrence potentially impacting around 143 million U.S. consumers. Lawbreakers exploited a U.S. site application vulnerability to gain access to certain files. Based upon the business’s investigation, the unauthorized gain access to occurred from the middle of May through July 2017.

Lessons from Past Data Breaches

If you like your occupation, appreciate your role, and dream to maintain it, then don’t leave the door open up to enemies. A major data breach frequently begins with an unpatched vulnerability that is readily exploitable. Then the inevitable occurs, the hackers are inside your defenses, the crown jewels have actually left the building, the press releases fly, costly consultants and outside legal counsel rack up billable hours, regulators come down, lawsuits are flung, and you have “some serious ‘splainin’ to do”!

We are unsure if the head splainer in the present Equifax breach will endure, as he is still in ‘splainin’ mode, asserting the breach started with the exploitation of an application vulnerability.

In such cases the typical rhumba line of resignations is – CISO first, followed by CIO, followed by CEO, followed by the board of directors shakeup (particularly the audit and corporate duty committees). Do not let this happen to your career!

Steps to Take Now

There are some commonsense steps to take to avert the unavoidable breach disaster arising from unpatched vulnerabilities:

Take stock – Inventory all data and system assets and map your network topology and attached devices and open ports. Know your network, it’s segmentation, what devices are connected, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they gain access to, the level of sensitivity of those assets, what defenses are layered around those assets, and exactly what checks are in place along all prospective access points.

Improve and toughen up – Implement best practices suggestions for identity and access management, network division, firewall software and IDS setups, os and application setups, database access controls, and data file encryption and tokenization, while streamlining and cutting the number and intricacy of subsystems across your business. Anything too complex to manage is too intricate to secure. Choose configuration hardening paradise over breach response hell.

Continuously monitor and scrutinize – Periodic audits are necessary but inadequate. Continuously monitor, track, and evaluate all relevant security occasions and exposed vulnerabilities – create visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command provided, every networking contact, every database transaction, and every delicate data access. Any holes in your security event visibility produce an attacker free-fire zone. Develop key efficiency metrics, track them ruthlessly, and drive for relentless improvement.

Don’t accept functional excuses for insufficient security – There are always safe and effective operational policies, but they may not be painless. Not suffering a devastating data breach is way down the organizational discomfort scale from the alternative. Functional expedience or running traditional or misaligned priorities are not valid reasons for extenuation of bad cyber practices in an intensifying threat environment. Lay down the law.

Charles Leaver – What You Need To Do After The Equifax Security Breach

Published by:

Written By Michael Levin And Presented By Charles Leaver

Equifax, among the three significant U.S. based credit reporting services just revealed a significant data breach where hackers have actually stolen delicate info from 143 million American customers.

Ways that the Equifax security infiltration WILL affect you:

– Personal – Your personal and family’s identity details is now known to hackers and will be targeted!

– Business – Your organizations may be affected and targeted.

– Nationally – Terrorist, Nation States and organized crime groups could be included or use this data to commit cybercrime to get financial gain.

Securing yourself is not complicated!

5 suggestions to protect yourself immediately:

– Sign up for a credit monitoring service and/or lock your credit. The quickest way to be notified that your credit is compromised is through a credit tracking service. Equifax has actually currently started the procedure of establishing free credit monitoring for those impacted. Other credit tracking services are readily available and need to be considered.

– Monitor all your financial accounts consisting of charge cards and all checking accounts. Make sure that all notices are turned on. Ensure you are receiving instant text and e-mail alerts for any modifications in your account or enhanced transactions or balances.

– Safeguard your bank and financial accounts, ensure that two-factor authentication is turned on for all accounts. Learn about 2 level authentication and turn it on for all financial accounts.

– Phishing e-mail messages can be your biggest everyday danger! Slow down when managing e-mail messages. Stop immediately clicking on every email link and attachment you get. Instead of clicking links and attachments in e-mail messages, go independently to the sites beyond the e-mail message. When you get an email, you were not anticipating from a name you acknowledge consider contacting the sender separately before you click on links or attachments.

– Strong passwords – consider changing all your passwords. Develop strong passwords and secure them. Utilize various passwords for your accounts.

Other Security Considerations:

– Backup all computers and update operating systems and software applications routinely.

– Social media security – Sharing excessive details on social media increases the danger that you will be taken advantage of. For instance, telling the world, you are on vacation with pictures opens the threat your house will be robbed.

– Secure your devices – Do not leave your laptop, phone or tablet unattended even for a second. Don’t leave anything in your vehicle you do not desire taken since it’s just a matter of time.

– Internet of things and device management – Understand how all your devices link to the Web and what information you are sharing. Examine security settings for all devices and be sure to include smart watches and fitness bands.

The value of training on security awareness:

– This is another cyber crime, where security awareness training can help to lower danger. Being aware of brand-new cyber crimes and scams in the news is a basic part of security awareness training. Ensuring that employees, family and friends know this fraud will greatly minimize the probability that you will be taken advantage of.

– Sharing new rip-offs and crimes you find out about in the news with others, is very important to ensure that the people you appreciate do not fall victim to these types of criminal activities.