Archive for September, 2017

Chuck Leaver – You Must Take Care Of Vulnerability Lifecycle Management

Written By Dr Al Hartmann And Presented By Chuck Leaver

The following heading struck the news recently on September 7, 2017:

Equifax Inc. today revealed a cyber security incident possibly impacting approximately 143 million U.S. customers. Bad guys made use of a U.S. website application vulnerability to gain access to certain files. Based upon the business’s examination, the unauthorized access happened from mid-May through July 2017.

Lessons from Past Debacles

If you like your career, appreciate your role, and wish to keep it, then do not leave the door open to hackers. A major data breach often begins with an unpatched vulnerability that is easily exploitable. And after that the inescapable happens, the hackers are inside your defenses, the crown jewels have actually left the building, the press launches fly, expensive experts and external legal counsel rack up billable hours, regulators come down, suits are flung, and you have “some major ‘splainin’ to do”!

We are unsure if the head splainer in the present Equifax debacle will survive, as he is still in ‘splainin’ mode, asserting the infiltration started with the exploitation of an application vulnerability.

In such cases the normal rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (specifically the audit and corporate duty committees). Do not let this occur to your career!

Steps to Take Immediately

There are some common sense steps to take to prevent the unavoidable breach catastrophe resulting from unpatched vulnerabilities:

Take inventory – Stock all system and data assets and map your network topology and connected devices and open ports. Know your network, it’s division, what devices are connected, exactly what those devices are running, what vulnerabilities those systems and apps expose, what data assets they access, the sensitivity of those assets, what defenses are layered around those assets, and what checks remain in place along all possible access paths.

Improve and toughen up – Implement best practices recommendations for identity and access management, network segmentation, firewall and IDS configurations, operating system and application setups, database access controls, and data encryption and tokenization, while simplifying and cutting the number and complexity of subsystems across your enterprise. Anything too intricate to handle is too complex to protect. Select setup solidifying heaven over breach response hell.

Constantly monitor and scrutinize – Periodic audits are needed but inadequate. Continually monitor, track, and evaluate all relevant security events and exposed vulnerabilities – create visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any holes in your security event visibility produce an opponent free-fire zone. Develop essential efficiency metrics, monitor them ruthlessly, and drive for ruthless enhancement.

Do not accept functional reasons for inadequate security – There are constantly protected and effective operational policies, however they may not be pain-free. Not suffering a catastrophic data breach is way down the organizational pain scale from the alternative. Operational expedience or operating legacy or misaligned top priorities are not valid excuses for extenuation of poor cyber practices in an intensifying risk environment. Make your voice heard.

Chuck Leaver – Here Is How To Protect Yourself After The Equifax Breach

Written By Michael Levin And Presented By Chuck Leaver

 

Equifax, among the three significant U.S. based credit reporting services just revealed a major data breach where cyber criminals have stolen delicate information from 143 million United States customers.

Ways that the Equifax security infiltration WILL impact you:

– Personal – Your individual and family’s identity info is now at risk and will be targeted!

– Business – Your businesses could be affected and targeted.

– Nationally – Terrorist, Country States and organized crime groups could be involved or utilize this data to commit cybercrime to acquire funds.

Safeguarding yourself is not complicated!

5 recommendations to protect yourself immediately:

– Sign up for a credit monitoring service and/or lock your credit. The quickest way to be informed that your credit is jeopardized is through a credit tracking service. Equifax has currently started the process of setting up complimentary credit monitoring for those impacted. Other credit tracking services are offered and should be thought about.

– Track all your financial accounts including credit cards and all checking accounts. Guarantee that all alerts are switched on. Ensure you are getting instant text and e-mail notices for any modifications in your account or enhanced balances or transactions.

– Secure your bank and monetary accounts, ensure that two level authentication is turned on for all accounts. Find out about two level authentication and turn it on for all monetary accounts.

– Phishing email messages can be your greatest daily risk! Slow down when managing e-mail messages. Stop immediately clicking every email link and attachment you get. Instead of clicking on links and attachments in e-mail messages, go separately to the websites beyond the email message. When you receive an email, you were not expecting from a name you recognize think about getting in touch with the sender separately before you click links or attachments.

– Strong passwords – consider altering all your passwords. Develop strong passwords and protect them. Utilize various passwords for your accounts.

Other Security Considerations:

– Backup all computers and update operating systems and software frequently.

– Social network security – Sharing too much info on social networks increases the risk that you will be preyed on. For example, telling the world, you are on a getaway with images opens the risk your house will be robbed.

– Protect your devices – Don’t leave your laptop, phone or tablet unattended even for a second. Do not leave anything in your automobile you do not want stolen because it’s just a matter of time.

– Internet of things and device management – Understand how all your devices connect to the Internet and what information you are sharing. Inspect security settings for all devices including smart watches and fitness bands.

The worth of training on security awareness:

– This is another crime, where security awareness training can assist to reduce risk. Understanding brand-new criminal activities and rip-offs in the news is an essential part of security awareness training. Making sure that workers, friends and family understand this fraud will greatly minimize the possibility that you will be victimized.

– Sharing new rip-offs and crimes you hear about in the news with others, is very important to ensure that individuals you appreciate do not come down with these kinds of crimes.