Subscribe: CSOONLINE.com - Preparedness
http://www.csoonline.com/feed/topic/43408
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
article full  article  click idg  click  contributor network  full click  full  idg contributor  read article  read  response 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CSOONLINE.com - Preparedness

CSO Online Disaster Recovery





Published: Sat, 21 Apr 2018 14:34:24 -0700

Last Build Date: Sat, 21 Apr 2018 14:34:24 -0700

 



Two incident response phases most organizations get wrong

Thu, 19 Apr 2018 03:00:00 -0700


Media Files:
https://images.idgesg.net/images/article/2018/03/security-incident-responders_life-preservers-100753419-large.3x2.jpg




Customers describe the impact of the Allscripts ransomware attack

Tue, 17 Apr 2018 03:00:00 -0700

A ransomware attack against a SaaS provider hurts customers, but when it's a healthcare company that’s hit, patients suffer. Such was the case with January's attack against Allscripts, one of the largest electronic health record and practice management technology vendors.

By all accounts, Allscripts did a lot right. They had an incident response plan in place. They got outside help. They recovered their systems. They communicated with customers.

(image) Getty Images

Register now to download the PDF of this series.

To read this article in full, please click here


Media Files:
https://images.idgesg.net/images/article/2018/03/customer-feedback_frustrated-man_speech-bubbles_social-media-100753383-large.3x2.jpg




Ransomware, healthcare and incident response: Lessons from the Allscripts attack

Mon, 16 Apr 2018 03:00:00 -0700

On January 18, 2018, at around 2:00 a.m. EST, the security operations center (SOC) at electronic health record (EHR) and practice management software provider Allscripts detected abnormal activity.

Four hours later, at 6:00 a.m. EST, the SOC started their investigation and determined the abnormal activity was in fact a full-blown ransomware incident due to SamSam, a family of ransomware that is known to target healthcare organizations. A short time later, teams from Microsoft, Mandiant and Cisco were called in to help.

(image) Getty Images

Register now to download the PDF of this series.

To read this article in full, please click here


Media Files:
https://images.idgesg.net/images/article/2018/04/allscripts_health-care_ransomware_bitcoin-100753861-large.3x2.jpg




IDG Contributor Network: Underwriting cyber exposure – the business case for certifying

Thu, 12 Apr 2018 07:58:00 -0700

Last week I attended an event hosted by the IT Sector Coordinating Council (IT-SCC) where the Minister-Counsellor for Digital Economy Policy for the Delegation of European Union to the United States of America highlighted the European Union’s (EU) near term goals and objectives for cybersecurity and policy were highlighted. As many of you know, in a little over a month, the General Data Protection Regulation (GDPR) will go into effect.  While a lot of hype is being marketed in a variety of media outlets, including this forum, what the EU is looking to accomplish is not limited to the GDPR.

If you are not familiar with the European Union Agency for Network and Information Security (ENISA), it is worthy of your review. ENISA works with Member States and the private sector to deliver advice and solutions on technology related matters that impact products and services that have inherent cyber risk exposure and includes the development of National Cyber Security Strategies.

To read this article in full, please click here


Media Files:
https://images.idgesg.net/images/article/2017/09/thinkstockphotos-517706418-100735124-large.3x2.jpg




IDG Contributor Network: Alternative communications planning and cybersecurity incident response

Mon, 09 Apr 2018 06:31:00 -0700

There seems to be no end in sight for ransomware and malware attacks after the spike in high-profile incidents last summer. This includes the Wannacry ransomware strike in May 2017; PetWrap/NotPetya attacks in June; the identification of “BlackOasis” through an Adobe Flash vulnerability in October; the explosive revelations of the Equifax breach; wireless security protocols that need to be patched; the Meltdown and Spectre bugs in processor chips; and most recently the Cisco Adaptive Security Appliance vulnerability, among others.

Many companies are now rightfully revisiting their incident response (IR) protocols to prepare themselves for future attacks. More and more regulatory requirements dictate that organizations must have a written IR plan. While an IR plan is just one piece of a larger, more complex cybersecurity program, it is nevertheless a critical component and one that many regulators are closely scrutinizing. Apart from the legal, reputational and regulatory risk, ransomware attacks can disable entire global businesses for several days making IR plans business critical.

To read this article in full, please click here


Media Files:
https://images.idgesg.net/images/article/2017/10/communication_understanding_executives_phone_diversity-100737989-large.3x2.jpg




IDG Contributor Network: Incident management for SMBs

Wed, 28 Mar 2018 12:16:00 -0700

SMBs are a regular target of cybercriminals and the impact of a cyberattack can be crippling. In fact, research shows that 43 percent of cyberattacks target small businesses, and 60 percent of small companies go out of business within six months of a cyberattack. How can SMBs prepare for a cyber-incident and survive to tell the tale?

The key is to be proactive and establish – and practice – a security/risk management program to train the organization to prepare for the worst.

I’m a realist. I know this is easier said than done. Businesses are focused on revenue and implementing cyber security is hard to justify when your organization’s priorities are to stay solvent and focus resources on critical operations. My counter to this argument is that companies put a stick in the ground and start somewhere by applying cyber basics, or easy to perform steps, to help protect their assets, data, and employees.

To read this article in full, please click here


Media Files:
https://images.idgesg.net/images/article/2018/02/security_threats_hackers_malware_spyware_phishing_virus_thinkstock_905222206-100749995-large.3x2.jpg




SamSam group deletes Atlanta's contact portal after the address goes public

Tue, 27 Mar 2018 05:00:00 -0700

An image shared with local media during the early stages of a SamSam ransomware infection in Atlanta exposed the contact portal assigned to the city by the group responsible. In addition, the image exposed wallet used by the attackers to collect ransom payments.

When questioned about their actions via the exposed portal, the SamSam group first demanded payment in exchange for answers, and later deleted the contact form entirely, calling the questions and other comments spam.


Media Files:
https://images.idgesg.net/images/article/2018/01/computer_keyboard_delete_trash-100745570-large.3x2.jpg




IDG Contributor Network: 9 policies and procedures you need to know about if you’re starting a new security program

Fri, 16 Mar 2018 06:00:00 -0700

Building and managing a security program is an effort that most organizations grow into overtime. I have worked with startups who had no rules for how assets or networks were used by employees. I also have worked at established organizations where every aspect of IT and cybersecurity was heavily managed. The goal is to find a middle ground where companies can responsibly manage the risk that comes with the types of technologies that they choose to deploy.

In establishing the foundation for a security program, companies will usually first designate an employee to be responsible for cybersecurity. It will be this employee who will begin the process of creating a plan to manage their company’s risk through security technologies, auditable work processes, and documented policies and procedures.

To read this article in full, please click here


Media Files:
https://images.idgesg.net/images/article/2018/03/blue-padlock-in-circle_pixels_digital-security_padlock-100751588-large.3x2.jpg




IDG Contributor Network: Maslow’s hierarchy of needs for incident response

Wed, 07 Mar 2018 11:00:00 -0800

Advanced threats that utilize lateral spread techniques are becoming more commonplace. This has important implications for incident management that we can liken to Maslow’s Hierarchy of Needs for incident response.

The lateral movement of malware made headlines in May 2017 when the WannaCry variant of ransomware was released, infecting more than 200,000 machines in upwards of 150 countries. It was able to spread rapidly laterally using the EternalBlue exploit.  While the damage stemming from WannaCry was less than originally feared, this emerging method of spreading malware was concerning and for good reason.  

To read this article in full, please click here


Media Files:
https://images.techhive.com/images/article/2016/08/hacker-hack-attacke-cyber-malware-keyboard-100678048-primary.idge.jpg




IDG Contributor Network: What happens if... disaster recovery for the smart city and beyond

Tue, 20 Feb 2018 07:15:00 -0800

Crisis planning is integral to many cities across the planet and we see it in use when natural disasters strike. When the magnitude 9 earthquake hit Japan in 2011, previous disaster planning kicked in. But the response has been criticized because of the predictive limitations that informed the disaster recovery attempts. Other criticisms highlighted too much emphasis on using ‘hazard maps’ which were inaccurate. If our starting points are off point, then our disaster recovery will also be lacking.

In our smart cities, which are intrinsically dependent on data, disaster recovery has to include data as a critical infrastructure in its own right or as my previous article outlined—the data superstructure.

To read this article in full, please click here


Media Files:
https://images.idgesg.net/images/article/2018/02/crisis_survival_strategy_disaster_preparedness_readiness_recovery_continuity_plan_thinkstock_169937251-100749338-large.3x2.jpg




IDG Contributor Network: Lessons from Hawaii – how prepared should we be?

Tue, 16 Jan 2018 08:05:00 -0800

If you’ve paid attention the news recently you heard about the accidental missile warning that went out in Hawaii. I can’t imagine the terror that must have resulted from that mistake. There are certain things that just are never funny, this is one of them. I don’t see us ever looking back with fond memories on that event.

But there are some lessons for us. I really started to think about what would I do if I was in this sort of situation? How could I prepare for such an event? I realized that I have no idea what I would have done. This is the sort of thing you just can’t be ready for.

My mind eventually wandered to cybersecurity and how we could learn a lesson from this event and I kept thinking about how could you possibly prepare for this. Emergency preparation requires a certain level of understanding, and the reactions must be simple, but they can have enormous results in such a situation. I realized I lack the proper level of understanding for that type of emergency.

To read this article in full, please click here


Media Files:
https://images.techhive.com/images/article/2017/05/2_problems_panic_running_evacuation-100722534-large.3x2.jpg




IDG Contributor Network: Board cybersecurity field trips

Fri, 12 Jan 2018 08:53:00 -0800

The annual Consumer Electronics Show shifted from geek heaven to a decidedly more serious tone this year as entire Boards of Directors from companies around the country descend on the Strip to learn about cybersecurity, hacking and more.  Hopefully, in breaking from Sin City’s popular tag line, what happens in Vegas will protect a myriad of companies back home.

What happens in Vegas?

The Wall Street Journal reported this week that corporate Board members were taking field trips to the Consumer Electronics Show (CES) in Las Vegas to learn more about cybersecurity.  Coordinated by the National Association of Corporate Directors, members are being treated to specialized programs on technology ranging from a couple of hours to a couple of days.  Though not the kind of party Sin City normally sees, it nonetheless suggests this is a perfect time for CISO’s and other security professionals to get more familiar with their Boards.

To read this article in full, please click here


Media Files:
https://images.idgesg.net/images/article/2018/01/las_vegas_nighttime-100745749-large.3x2.jpg




IDG Contributor Network: Why we continue to fail: lessons learned from the Atlanta Airport fiasco

Tue, 02 Jan 2018 07:40:00 -0800

The recent Atlanta airport FIASCO paints a clear picture of how to screw up EVERYTHING! As an information security professional (with more than 15 years’ experience on the battlefield, literally), I was dumbfounded by the lack of adherence to the most basic best business practices related to business continuity and disaster recovery operations.

Five basic failures happened that make the Atlanta airport a softer target for future attack.

1. Lack of a coherent, acceptable, and tested business continuity/disaster recovery plan

It would appear that airport and city officials only planned for a best-case scenario. They co-located or used same channel connections to both primary and alternate power sources. While air traffic control was able to issue a ground stop and divert flights, those already on the ground were stuck for hours on the tarmac or at the gate. It took at least five hours before passengers stranded on the tarmac deplaned. 

To read this article in full, please click here


Media Files:
https://images.techhive.com/images/article/2017/03/thinkstockphotos-531083745-100713208-large.3x2.jpg




IDG Contributor Network: Why staging a fake attack is only real thing to keep you secure

Thu, 21 Dec 2017 07:23:00 -0800

Being a Northern Californian, you can imagine that the Napa County wildfires in October and November impacted me. Granted that, while I did not suffer the monetary or psychological loss those directly affected by this disaster endured, being just 50 miles of the southern tip of the wildfire for weeks does teach you a thing or two.

For instance, gathering our most “important” stuff, keeping it in an accessible location for a quick exit, sleeping lightly at night, getting N95 masks, keeping our dog inside all day…these were some of precautionary measures I took. And I guarantee you, no mock drill or random alert would have caused me to act the way I did once our family was under direct threat from a powerful and unpredictable predator.

To read this article in full, please click here


Media Files:
https://images.techhive.com/images/article/2017/05/fire_chino_hills_california-100720576-large.3x2.jpg




Why incident response is the best cybersecurity ROI

Mon, 18 Dec 2017 07:36:00 -0800

Most organizations will suffer one or more major security incidents in which an attacker has administrative control over the IT systems that enable business processes and storing critical data, according to the Microsoft Incident Response Reference Guide.

Business leaders and IT executives aren’t expected to entirely prevent cyber attacks, but they’re expected to react immediately and manage the fallout. Poor incident response — including, but not limited to, delayed response — has caused incalculable damages and reputational harm to Yahoo, Equifax, and most recently Uber, to name a few.

To read this article in full, please click here


Media Files:
https://images.techhive.com/images/article/2017/04/human-weak-link-cybersecurity_primary-100718848-large.3x2.jpg




IDG Contributor Network: 5 trends from 2017 that will still matter in 2018

Fri, 15 Dec 2017 06:54:00 -0800

A whirlwind. A train wreck. A dumpster fire. However you decide to label 2017, one thing is clear – a lot of stuff went down this year that will forever change the way we approach cybersecurity. You can no longer turn a blind eye towards things like planning and communications. There aren’t excuses anymore for keeping cybersecurity locked in the IT department, away from other measures of business risk.

2017 taught us a lot of lessons, but rather than focusing on the flashy headlines, here are five specific trends that rose above the noise and will still be relevant in 2018.

Cyber communications cannot be ignored

If there is a single takeaway that defined 2017, it’s that anyone who doesn’t include cyber communications as a core element of cybersecurity program is setting themselves up for failure. When one of the biggest costs of a data breach is the damage to your company’s reputation, the way you talk to everyone matters – before, during and after.

To read this article in full, please click here


Media Files:
https://images.techhive.com/images/article/2016/10/7_response-100689417-large.3x2.jpg




IDG Contributor Network: Reliability vs. redundancy: aren’t they the same thing?

Fri, 08 Dec 2017 04:15:00 -0800

Nearly all businesses are moving data and applications (apps) from their own data centers and systems to cloud based software-as-a-service (SaaS) for a variety of reasons. For many, assumptions made during the move will expose them to increased risks. While SaaS solutions provide reliability, most do not provide the same protection as a business received using a separate off-site backup with a long retention period.

Every business has critical information it is storing on behalf of a client or a regulatory agency, where a loss could prove catastrophic. Imagine your Certified Public Accountant (CPA) calling you on April 14th saying your tax return and all the supporting documentation you provided were gone. Data entrusted to a business by its customers cannot be lost without significant direct short term and indirect long-term impacts.

To read this article in full, please click here


Media Files:
https://images.techhive.com/images/article/2017/01/rescue_recovery_data_binary_sea_ocean-100703200-large.3x2.jpeg




IDG Contributor Network: Rethinking response: the benefits of seeking external support

Thu, 16 Nov 2017 04:04:00 -0800

Despite our best efforts, we can’t prevent each and every security event, incident, or breach. And when these situations do occur, many of us rely solely on our organization’s internal teams and resources. Indeed, most response tactics remain not just largely internal but also largely unchanged in recent years. Given the complex cyber and physical risks we are now facing, however, more organizations are seeking external support from not just forensics firms but also from leading industry experts. Here’s why your organization should, too:

Access greater insights and resources

Regardless of whether traditional forensics efforts are conducted externally, they aim to help us answer the question “what happened?” And although determining the “what” following any event, incident, or breach is critically necessary – all too often, we stop there. In some cases, the resulting damages could be far more widespread or complex than initial forensics efforts might reveal. Figuring out where to look for damages and when to stop looking can further complicate any response strategy. But by supplementing forensics with support from industry experts, we can gain additional visibility into the not just the “what” and the “where” but also the “why?” the “who?” the “when?” the “how?” and, most importantly, the “how can we help prevent this from happening again?”   

To read this article in full, please click here


Media Files:
https://images.techhive.com/images/article/2016/10/data-breach-primary-100690291-large.3x2.jpg




IDG Contributor Network: 5 rules for smarter cyber communications

Thu, 12 Oct 2017 07:02:00 -0700

With the Equifax data breach continuing to make headlines, we're seeing yet further proof that the way you communicate in the aftermath of an incident plays a significant role in determining its ultimate impact. Executives responsible for cybersecurity need to understand how a good cyber communications function works, and they need to make it a regular part of any conversation related to information security or risk management.

While it may seem like this is the last thing a CSO should be thinking about, recent incidents prove that the stakes are way too high for communications planning and response to be delegated entirely to someone outside the security team. To put it another way—when things really go wrong, whose job is on the line, and who gets the bonus trip to DC? Hint: There aren’t many CMOs taking early retirement or being called to testify before Congress.

To read this article in full, please click here


Media Files:
https://images.techhive.com/images/article/2014/08/digital-marketing-100390326-primary.idge.jpg




IDG Contributor Network: Equifax: A teaching opportunity

Tue, 03 Oct 2017 07:17:00 -0700

The dust hasn’t settled and the lawsuits are just getting filed, but already there is a wealth of learning opportunity from the Equifax debacle.

To start with, every security professional knows that you will be breached eventually, so you really, really need a good response plan.  Hopefully you have exercised your plan and everyone knows exactly what to do when the breach happens.  We all learned that from the Target and Home Depot breaches, right?

If you want to know what constitutes a good response plan, just look at what Equifax did and do the exact opposite.

I don’t know how Equifax could have screwed this up any more than they did.  It is truly a feat to behold. 

To read this article in full, please click here


Media Files:
https://images.idgesg.net/images/article/2017/08/lock_circuit_board_bullet_hole_computer_security_breach_thinkstock_473158924_3x2-100732430-large.3x2.jpg