STE WILLIAMS

Image Source: Adobe Stock (Yong Hian Lim)

While plenty of CISOs today find ways to successfully build out effective cybersecurity teams, most industry pundits agree that the process is a bear. One of the biggest complaints is that there just aren’t enough experienced, talented security professionals to fill the roles available – but there is talent for the taking if organizations know where to look for it. Nevertheless, the numbers support the fact that market constraints on security brainpower are a very real factor. Here’s what the most recent data shows.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Article source: https://www.darkreading.com/stats-on-the-cybersecurity-skills-shortage-how-bad-is-it-really/d/d-id/1331504?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

As long as adversaries can spend $1 on a campaign and force us to spend $10 to protect ourselves, enterprises will lose the war on cybercrime. In the Cold War, the US bled the Soviets dry through a military buildup and Reagan’s Star Wars initiative. The Russians and others are now using a similar strategy to financially drain the US public and private sectors in cyberspace.

As the news cycle is inundated with alerts about attacks against our critical infrastructure, cities, and universities, the US Cyber Command has responded with a new “Command Vision.” The document provides a sobering read. My attention was drawn to one quote in particular:

Adversaries continuously operate against us below the threshold of armed conflict. In this “new normal,” our adversaries are extending their influence without resorting to physical aggression. They provoke and intimidate our citizens and enterprises without fear of legal or military consequences.

While Command Vision sets objectives for the military to regain ground, it is clear that the private sector is also in the crosshairs. State-sponsored and criminal organizations have realized there is little chance of real legal or financial consequences for the foreseeable future. Russia, Iran, and North Korea have found our Achilles’ heel. Even worse, they’ve identified our cyber infrastructure as a vulnerability that is cheap to exploit and makes billions.

But what is the Achilles’ heel of cybercriminals? It’s that they’re lazy. They use advanced persistent infrastructure and tend to reuse tactics, techniques, and procedures over and over again.

Rather than building taller silos of data that become even bigger targets for criminals, US public and private sectors must similarly seek to expand their reach with limited resources. By unifying around common means of intelligence exchange and collaboration, US companies can increase their visibility into events in real-time while keeping costs low. Without effective methods to exchange cyber intelligence, enterprises play victim to attackers’ strengths, continuing to build and protect larger data troves with common, single points of failure. As Command Vision states, “We should not wait until an adversary is in our networks or on our systems to act with unified responses across agencies regardless of sector or geography.” The same applies to the private sector.

Since 1998, when President Bill Clinton signed Presidential Decision Directive 63, we have been on a quest to fuse data and collaborate. In 2015, Congress enabled organizations to work with each other more easily through the passage of the Cybersecurity Act. In May 2017, President Donald Trump called out the importance of information sharing in his Executive Order on Strengthening the Cyber Security of the Federal Government and Critical Infrastructure. Only now, with the growing frequency and severity of attacks, is the government and the private sector beginning to understand the requirement of collaboration. The Department of Homeland Security has begun to make more detailed information available to the private sector through their Critical Information Sharing Collaboration Program (CISCP), and TruSTAR has seen our customers eagerly participate in these efforts. This is a start, but far more work is necessary.

Enterprises and sharing organizations like the Columbus Collaboratory, the Cloud Security Alliance, and CyberUSA are starting to connect through common collaboration platforms to enable parties to exchange data about suspicious events while retaining control over their data. Sector-based organizations are adopting such technology as well, including the IT and retail sectors. These platforms go beyond threat intelligence and fuse disparate data sets related to fraud and physical security events. Shared technology infrastructure enables companies to work from the inside out, streamlining workflows and creating collaborative bonds within an organization first and moving on to supply chain partners, peers, and entire sectors such as IT and retail.

What’s Next?
Joshua Cooper Ramo, in his book The Seventh Sense, notes that government’s ability to help secure the Internet will be limited given the light speed of the Internet versus the pace of government’s ability to act. Stopping the madness begins with the private sector today.

Paul Kurtz will be headlining Dark Reading’s Cybersecurity Crash Course, May 1, at Interop ITX. Check out the agenda here.

Related Content:

• 6 Steps for Sharing Threat Intelligence
• Stripping the Attacker Naked
• Active Cyber Defense Is an Opportunity, Not a Threat

Paul Kurtz is the CEO and cofounder of TruSTAR Technology. Prior to TruSTAR, Paul was the CISO and chief strategy officer for CyberPoint International LLC where he built the US government and international business verticals. Prior to CyberPoint, Paul was the managing partner … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/stopping-cyber-madness-why-the-private-sector-must-lead-the-fight-/a/d-id/1331478?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Every minute, nearly 5,000 data records are lost or stolen somewhere around the globe: that’s more than 7.1 million a day.

New data from security firm Gemalto’s annual Breach Level Index calculated more than 2.6 billion data records were compromised in 2017 – either lost, stolen, or left exposed online – an 88% increase from 2016.

The good news is that the number of publicly reported data breaches dropped by 11%, to 1,765 last year. Even so, there were more data records compromised than ever before, many of which (1.9 billion) were the result of human error such as misconfigured databases and negligent handling or disposal of records. Human error-borne incidents rose an eye-popping 580% last year over 2016.

One trend driving the human error problem is the wave of organizations misconfiguring their online server instances, as well as incorrectly assuming the cloud provider handles all of their data security. “They automatically assume since they are going to the cloud, things are secure. Well, they’re not,” says Jason Hart, vice president and CTO for data protection at Gemalto. “You still need to configure it properly, and see that your data is secured. It’s not AWS [Amazon Web Services] that’s the custodian of the data.”

Gemalto’s finding jibes with that of IBM X-Force data from earlier this month, which cited 70% of compromised data records coming at the hands of insider mistakes like networked backup incidents and misconfigured cloud servers. 

Identity theft remained the most common category of data breach, according to Gemalto, accounting for 69% of all data breach incidents and more than 600 million records. That was also 73% higher than in 2016. Outside attackerss were the number one perpetrator in 2017, executing 72% of all breaches, while malicious insider-borne attacks dipped a bit. Meanwhile, the total number of stolen records by insiders increased 117% with 30 million records exposed.

But the total numbers of data breaches and exposed records to come this year and in the near future are likely to be much higher than the ones reported in 2017, mainly due to breach reporting rules in Europe’s General Data Protection Regulation, aka GDPR, and the new Australian Privacy Act, which both take effect this year, notes Hart. “The results we’ve seen seem very low. Once you see these [new regulations] kick in, that’s where you’re going to see the numbers go through the roof this time next year” in the report, he says.

Healthcare suffered the most breaches of any specific industry sector last year, with 27% of them, followed by financial services (12%), education (11%), and government (11%). Government led with the most data records compromised overall (18%), followed by financial services (9.1%) and technology (16%). Interestingly, the number of incidents hitting healthcare dropped 11.3% last year from the year before, but encompassed more compromised data.

The Gemalto 2017 Breach Level Index Report also highlighted the top five largest data breaches of 2017, including Equifax (147.7 million records); River City Media (1.34 billion email addresses), Deep Root Analytics (198 million records); Alteryx (120 million records); and Center for Election Systems at Kennesaw State University (7.5 million records).

Related Content:

• Verizon DBIR: Ransomware Attacks Double for Second Year in a Row
• Ransomware Up for Businesses, Down for Consumers in Q1
• Misconfigured Clouds Compromise 424% More Records in 2017
• 6 Questions to Ask Your Cloud Provider Right Now

Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/26-billion-plus-data-records-breached-last-year/d/d-id/1331514?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Last month, five of Atlanta’s 13 government offices were “hijacked,” as the city’s mayor put it, by ransomware that disrupted far-reaching facets of the city’s digital infrastructure. From the courts to the police department to public works, government activity was essentially frozen as the hackers gave the city a week to pay the ransom – roughly $50,000 worth of bitcoin – or have critical data and processes deleted permanently.

While the event was eye-catching for several reasons, it’s hardly an isolated incident. From Dallas to Denver, hackers leveraging ransomware not unlike the program that hit Atlanta have been able to “hijack” municipal networks largely because these entities were poorly protected.

It didn’t take long for security teams to identify the virus in use – SAMSAM – or recognize and partially thwart the attackers’ tactics. In fact, when word of the event spread around the cybersecurity community, the portal that the Atlanta hackers had opened to receive their ransom – complete with a countdown clock – was flooded with messages from hackers and cybersecurity pros alike, causing the hackers to take the channel down.

But what made Atlanta such an easy target – even for a relatively common form of ransomware – was its incredibly outdated use of technology in the broader sense. Old computers running on non-supported platforms, for instance, are a characteristic of many municipal operations, as most major cities support such a vast IT operation that updating every digital asset is time and cost prohibitive. This means that cyber vulnerabilities run rampant in local government, threatening the physical and intangible structures that hold society together.

Local governments typically have thousands of connected devices and many mobile employees who frequently connect and disconnect from the city’s network. If there aren’t security solutions in place that can secure these types of borderless networks, all it takes is one municipal employee to bring an infected device onto the city’s network to put the personal information of thousands at risk.

Common Sense Tactics Go a Long Way

Security teams working on any network – whether for a municipality or an enterprise – need to first assure that all the operating systems, platforms and devices using it are still receiving regular updates and support. For instance, Microsoft employs end-of-life support cycles for iterations of each of its operating systems. Mainstream support for Windows Vista and Windows 7 both expired years ago, with extended support for Windows 7 set to expire come January 2020, while Vista users were turned off in April 2017.

Because municipalities are notorious for employing technologies long after they were originally marketed, there are no doubt platforms running on most of these networks that haven’t adapted to the increasingly rampant threat landscape.

It’s also important that the cybersecurity tools that teams use to protect their devices deliver equal and effective protection across all the platforms and device types that populate the network. If the secure web gateway product a team uses to vet traffic entering the network doesn’t deliver feature parity for both new and legacy technology, it’s virtually ineffective, as hackers only need to find one vulnerability to get past the network perimeter and wreak widespread havoc.

Most importantly, teams need to be sure they are backing up their data, encrypting their traffic and isolating their encryption keys in environments that outside parties can’t access. This is easier said than done, but by turning to trusted data backup providers and established encryption methodologies like SSL (as opposed to proprietary products/methods that haven’t been proven on the market), you can rest easy knowing these tools receive regular updates and patches in kind.

Chris Park brings more than 13 years of experience in corporate network security to his position as CIO at iboss, where he is responsible for creating and driving the company’s IT strategy. As resident expert in all aspects of iboss solutions and infrastructure, Chris is … View Full Bio

Article source: https://www.darkreading.com/partner-perspectives/avoiding-the-ransomware-mistakes-that-crippled-atlanta/a/d-id/1331518?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

In the past seven years, cybersecurity teams have cut down the time it takes to discover a security intrusion by fourfold. Unfortunately, that improvement in the window between initial attack and discovery of the incident isn’t nearly enough to actually make a difference in blocking the typical intrusion from turning into a full-fledged data breach.

In fact, data from several new industry reports out in the last week show that most organizations would need to make that time to discover at least 100 times faster to actually prevent most successful breaches of data.

First among the latest spate of statistics are the numbers from FireEye/Mandiant’s 2018 M-Trends report. According to the study, the most recently measured dwell time – that is, the time between initial attack and discovery of the incident – equals an average of about 101 days for organizations worldwide.

That’s up by two days since last year, but the good news is that this number is down significantly from 416 days back in 2011. Another positive sign the report relates is that the percentage of incidents discovered internally versus those disclosed by a third party is way up. Approximately 62% of incidents are now discovered internally, which shows organizations are doing work to raise the bar on their detection capabilities, FireEye says.

Nevertheless, these are just silver linings on thunderclouds. Yesterday’s Verizon Data Breach Investigation Report (DBIR) showed that once they’ve compromised their target, the time it takes attackers to breach data is orders of magnitude shorter than the time it takes for victims (or third parties) to discover an attack.

“When breaches are successful, the time to compromise continues to be very short. While we cannot determine how much time is spent in intelligence gathering or other adversary preparations, the time from first action in an event chain to initial compromise of an asset is most often measured in seconds or minutes,” write the authors of this year’s DBIR.

That’s scary, considering discovery time is measured by weeks and months – sometimes even years. The DBIR numbers show that 87% of compromises took minutes or less. Only 3% of compromises were discovered as quickly. Meanwhile, 68% of them took months or years to be discovered. 

Many IT leaders are at least aware of this huge delta between compromise and discovery time. Another study out yesterday from LogRhythm showed a significant lack of confidence among IT decision makers in the ability of their systems and processes to discover all potential breaches -about four in 10 report they lack confidence in the thoroughness of their detection capabilities.

And, here’s the thing: time to discovery is just the start of the journey in responding to a compromise. There’s also the time it takes to respond to, contain, and investigate a threat. According to the LogRhythm study, fewer than one-third of organizations say that even if they detected a major incident they’d be unable to contain it within an hour. And that time to contain compromises is going up. A different study conducted by Ponemon Institute on behalf of IBM Resilient Systems earlier this year shows that 57% of organizations are experiencing longer times to resolve security incidents.

Related content:

• 2.6 Billion-Plus Data Records Breached Last Year
• Verizon DBIR: Ransomware Attacks Double for Second Year in a Row
• 7 Deadly Sins of Web Applications

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/attacker-dwell-time-still-too-long-research-shows/d/d-id/1331519?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple