Most people will never have a fire in their home or office, but everyone can remember going through a fire drill at some point. The process of evacuating a building and meeting outside prepares us for the actual conditions we might face in a real fire. Many companies go to great lengths to prepare for disasters like fires and floods, but most remain woefully unprepared to deal with ransomware—despite the fact that ransomware attacks are far more likely. One way to improve your company’s ransomware incident response capability is to gather your employees…

Continue reading

The insider is still one of the most vulnerable elements of cybersecurity and it was the discussion of the recent Modern Workplace webcast on cyber intelligence and the human element.  Insiders are those who are authorized to work on company systems or in company facilities and they include trusted employees and contractors.  Whether it is through human error, social engineering, or intentional action, insiders are the cause of a significant portion of malware infections, data breaches, information theft, and privacy violations. There are some key strategies you can use to…

Continue reading

If we have learned anything over the last few years about data breaches, it is that they are likely to happen.  However, data breach frequency can be reduced and its impact minimized with some key strategies. Both response and prevention efforts are greatly impacted by organizational culture.  Organizational culture is formed over years as certain values and behaviors are reinforced or discouraged through a series of successes and failures.  Security is seen as important and vital to organizational success in positive security cultures while it is ignored or even discouraged…

Continue reading

Ransomware infections are becoming increasingly commonplace, and companies that put a plan together before an incident are much more effective at combatting this pervasive malware. Ransomware response can be broken down into seven steps. Here’s a cheat sheet: Validate The first step is to confirm whether a reported ransomware infection is an actual infection. There are cases where a user reports what they think is ransomware, but it turns out to be adware, phishing, or some other virus. Validation is important because it keeps efforts focused on important issues. But…

Continue reading

The news is crowded with reports from noteworthy companies of cyber-attacks.  Last year was the year of the data breach and this year is the year of ransomware.  Companies large and small, even those with large security budgets and mature security practices, still proved vulnerable to attack.  Every company will suffer a security incident someday, but not all companies are prepared for it, and preparation will determine what impact a security incident will have on your company. Will your company weather the attack and come out stronger for it or…

Continue reading

People are the core of any incident response effort.  You must have the right people to provide the right response.  Incident response teams should include a diverse set of individuals across the organization including executives, information technology, security, public relations, legal and relevant 3rd parties.  Here is what makes a winning incident response team. Winning teams have top level support Top level support is essential in an incident response team, and executives can provide it.  Executives are the ones who will be able to allocate the resources necessary to take…

Continue reading

In 2014, the Identity Theft Resource Center (ITRC) tracked 783 data breaches with 85,611,528 confirmed records exposed. This year appears even more dismal. The ITRC Data Breach Reports1 for July 7, 2015, captured 411 data incidents with 117,678,050 confirmed records at risk. Because data breaches are a common occurrence in today’s information security threat landscape, it’s going to become de rigueur for companies to pump up security preparedness within their incident response plan. “The plan cannot simply be static and gather dust; it requires upkeep. The incident response plan should change as requirements and environments change.” — Edwin Covert, Norse Dark…

Continue reading

Some breaches require notification such as those involving patient data or customer information, but sharing is optional. Of course, notification is just one form of information sharing. For example, February’s executive order encourages private sector companies to share information on cybersecurity threats. There are advantages and disadvantages of sharing information with others, and here to talk about it are two information security influencers and Eric Vanderburg and Bev Robb. Vanderburg will be arguing for information sharing and Robb will discuss potential sharing woes that may arise from government and private-sector…

Continue reading

New and creative security threats may grab headlines, but smart security practitioners know that many attackers still rely on the tried-and-true methods, and they protect themselves from these threats accordingly. The challenge some IT cybersecurity experts face is in maintaining awareness of threats to which users have grown accustomed. Malware has been around for decades now, and in the technology world, a decade is a long time. Despite malware becoming more sophisticated, the average person is used to getting infected — to the point that it's seen as a mere nuisance rather…

Continue reading

As vigorously as many organizations are working to prevent them, data breaches are becoming more of a common occurrence, and the consequences are even bigger for organizations and the individuals whose data they hold in trust. As such, we need to get our terms straight, especially when it comes to the victim. If your wallet were stolen, we would consider you the victim. Organizations that have suffered data breaches have often considered themselves the victim as well. However, the scenario of the stolen wallet is not an apples-to-apples comparison with a data…

Continue reading