Monthly Archives: September 2017

With Vulnerability Lifecycle Management Your Job Will Be Safer – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver

 

The following heading hit the news recently on September 7, 2017:

Equifax Inc. today revealed a cybersecurity event potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. site application vulnerability to access to particular files. Based on the business’s investigation, the unauthorized access occurred from mid-May through July 2017.

Lessons from Past Debacles

If you like your occupation, value your role, and dream to retain it, then don’t leave the door ajar for attackers. A significant data breach frequently begins with an unpatched vulnerability that is easily exploitable. Then the inescapable happens, the hackers are inside your defenses, the crown jewels have actually left the building, the press releases fly, high-priced specialists and external legal counsel accumulate billable hours, regulators descend, lawsuits are flung, and you have “some serious ‘splainin’ to do”!

We have yet to see if the head splainer in the current Equifax breach will make it through, as he is still in ‘splainin’ mode, asserting the breach started with the exploitation of an application vulnerability.

In such cases the normal rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (specifically the audit and business duty committees). Don’t let this take place to your professional life!

Actions to Take Immediately

There are some common sense actions to take to prevent the inescapable breach disaster resulting from unpatched vulnerabilities:

Take stock – Inventory all data and system assets and map your network topology and attached devices and open ports. Know your network, it’s division, what devices are attached, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they gain access to, the level of sensitivity of those assets, what defenses are layered around those assets, and what checks remain in place along all potential access points.

Improve and toughen up – Execute best practices recommendations for identity and access management, network division, firewall software and IDS setups, operating system and application configurations, database access controls, and data file encryption and tokenization, while streamlining and trimming the number and intricacy of subsystems throughout your business. Anything too complex to handle is too complex to protect. Select setup hardening heaven over breach response hell.

Constantly monitor and scrutinize – Routine audits are necessary but not enough. Continually monitor, track, and assess all pertinent security events and exposed vulnerabilities – have visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any holes in your security event visibility develop an opponent free-fire zone. Establish key performance metrics, monitor them ruthlessly, and drive for unrelenting enhancement.

Don’t accept operational reasons for insufficient security – There are always safe and secure and reliable functional policies, but they might not be pain-free. Not suffering a catastrophic data breach is long down the organizational discomfort scale from the alternative. Functional expedience or running traditional or misaligned priorities are not valid excuses for extenuation of bad cyber practices in an intensifying threat environment. Make your voice heard.

Don’t Dismiss The Equifax Data Breach Take Action Now – Charles Leaver

Written By Michael Levin And Presented By Charles Leaver

 

Equifax, among the 3 major U.S. based credit reporting services simply revealed a significant data breach where cyber criminals have actually taken sensitive info from 143 million United States consumers.

Ways that the Equifax security breach WILL impact you:

– Personal – Your individual and family’s identity details is now at risk and will be targeted!

– Company – Your businesses may be affected and targeted.

– Nationally – Terrorist, Nation States and organized criminal groups could be included or use this data to commit cyber crimes to acquire financial gain.

Safeguarding yourself is not complicated!

Five recommendations to secure yourself right away:

– Register for a credit tracking service and/or lock your credit. The quickest way to be informed that your credit is jeopardized is through a credit monitoring service. Equifax has actually already started the process of setting up free credit tracking for those impacted. Other credit monitoring services are available and should be considered.

– Track all your financial accounts including credit cards and all bank accounts. Guarantee that all notices are switched on. Make sure you are getting instant text and e-mail notices for any modifications in your account or increased balances or transactions.

– Protect your bank and monetary accounts, guarantee that two-factor authentication is switched on for all accounts. Learn more about 2 level authentication and turn it on for all monetary accounts.

– Phishing email messages can be your greatest day-to-day danger! Slow down when managing e-mail messages. Stop immediately clicking on every email link and attachment you get. Instead of clicking on links and attachments in e-mail messages, go independently to the sites outside of the e-mail message. When you receive an e-mail, you were not anticipating from a name you recognize consider calling the sender separately before you click links or attachments.

– Strong passwords – consider altering all your passwords. Establish strong passwords and secure them. Use different passwords for your accounts.

Other Security Thoughts:

– Backup all computers and update operating systems and software routinely.

– Social media security – Sharing too much details on social networks increases the risk that you will be taken advantage of. For instance, informing the world, you are on a trip with pictures opens the danger your house will be broken into.

– Secure your devices – Do not leave your laptop computer, phone or tablet unattended even for a moment. Do not leave anything in your automobile you do not want taken because it’s just a matter of time.

– Internet of things and device management – Understand how all your devices connect to the Internet and what info you are sharing. Inspect security settings for all devices and be sure to include smart watches and physical fitness bands.

The worth of training on security awareness:

– This is another cyber crime, where security awareness training can help to lower risk. Being aware of brand-new cyber crimes and frauds in the news is a basic part of security awareness training. Making sure that staff members, family and friends know this scam will significantly reduce the probability that you will be victimized.

– Sharing new frauds and cyber crimes you find out about in the news with others, is very important to guarantee that individuals you care about do not fall victim to these kinds of criminal activities.