Why Vulnerability Lifecycle Management Is Vital For Your Career Prospects – Chuck Leaver

Written By Dr Al Hartmann And Presented By Chuck Leaver

 

The following headline struck the news last week on September 7, 2017:

Equifax Inc. today announced a cyber security occurrence possibly impacting around 143 million U.S. consumers. Criminals exploited a U.S. site application vulnerability to access to certain files. Based on the business’s examination, the unapproved gain access to occurred from mid-May through July 2017.

Lessons from Past Data Breaches

If you like your job, appreciate your function, and wish to retain it, then do not leave the door ajar for opponents. A significant data breach often begins with an unpatched vulnerability that is easily exploitable. Then the inevitable takes place, the cyber criminals are inside your defenses, the crown jewels have actually left the building, the press releases fly, costly specialists and outside legal counsel rack up billable hours, regulators come down, lawsuits are flung, and you have “some serious ‘splainin’ to do”!

We don’t know yet if the head splainer in the existing Equifax breach will make it through, as he is still in ‘splainin’ mode, asserting the infiltration began with the exploitation of an application vulnerability.

In such cases the usual rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (especially the audit and corporate responsibility committees). Do not let this take place to your professional life!

Actions to Take Immediately

There are some commonsense steps to take to avoid the unavoidable breach catastrophe resulting from unpatched vulnerabilities:

Take stock – Inventory all data and system assets and map your network topology and attached devices and open ports. Know your network, it’s division, what devices are attached, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they gain access to, the sensitivity of those assets, what defenses are layered around those assets, and what checks remain in place along all potential access points.

Streamline and toughen up – Carry out best practices suggestions for identity and access management, network segmentation, firewall and IDS setups, os and application setups, database access controls, and data file encryption and tokenization, while simplifying and cutting the number and intricacy of subsystems throughout your business. Anything too complex to manage is too intricate to secure. Select setup hardening heaven over breach response hell.

Continually monitor and scrutinize – Periodic audits are essential but not enough. Continually monitor, track, and examine all pertinent security events and exposed vulnerabilities – create visibility, occasion capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability direct exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any holes in your security occasion visibility produce an attacker free-fire zone. Develop essential performance metrics, track them ruthlessly, and drive for relentless improvement.

Don’t accept operational excuses for insufficient security – There are constantly safe and secure and reliable functional policies, but they may not be painless. Not suffering a catastrophic data breach is long down the organizational pain scale from the alternative. Functional expedience or running legacy or misaligned concerns are not legitimate excuses for extenuation of poor cyber practices in an escalating risk environment. Make your voice heard.

What You Need To Learn From The Equifax Incident – Chuck Leaver

Written By Michael Levin And Presented By Chuck Leaver

 

Equifax, among the 3 major U.S. based credit reporting services just revealed a major data breach where hackers have stolen sensitive details from 143 million American customers.

Ways that the Equifax security breach WILL impact you:

– Personally – Your individual and household’s identity information is now known to hackers and will be targeted!

– Business – Your organizations might be impacted and targeted.

– Nationally – Terrorist, Nation States and organized crime groups may be involved or use this data to commit cybercrime to obtain financial gain.

Securing yourself is not complicated!

5 suggestions to safeguard yourself right away:

– Register for a credit tracking service and/or lock your credit. The quickest way to be informed that your credit is jeopardized is through a credit tracking service. Equifax has currently started the procedure of setting up totally free credit monitoring for those impacted. Other credit monitoring services are available and need to be thought about.

– Monitor all your financial accounts consisting of charge cards and all checking accounts. Ensure that all notifications are switched on. Make certain you are getting immediate text and email alerts for any modifications in your account or increased balances or transactions.

– Secure your bank and financial accounts, guarantee that two-factor authentication is switched on for all accounts. Learn about 2 factor authentication and turn it on for all monetary accounts.

– Phishing e-mail messages can be your most significant daily danger! Slow down when dealing with e-mail messages. Stop automatically clicking on every email link and attachment you get. Instead of clicking on links and attachments in email messages, go separately to the sites outside of the e-mail message. When you get an email, you were not anticipating from a name you recognize think about getting in touch with the sender independently before you click on links or attachments.

– Strong passwords – consider changing all your passwords. Develop strong passwords and secure them. Utilize different passwords for your accounts.

Other Security Considerations:

– Backup all computers and update operating systems and software applications routinely.

– Social network security – Sharing too much info on social networks increases the danger that you will be taken advantage of. For example, telling the world, you are on holiday with photos opens the danger your house will be robbed.

– Protect your devices – Don’t leave your laptop, phone or tablet unattended even for a moment. Do not leave anything in your car you don’t desire taken due to the fact that it’s simply a matter of time.

– Internet of things and device management – Understand how all your devices link to the Internet and exactly what details you are sharing. Check security settings for all devices including smart watches and physical fitness bands.

The worth of training on security awareness:

– This is another cyber crime, where security awareness training can help to minimize danger. Being aware of new crimes and frauds in the news is a basic part of security awareness training. Ensuring that employees, family and friends are aware of this scam will significantly minimize the possibility that you will be preyed on.

– Sharing new scams and cyber crimes you hear about in the news with others, is necessary to guarantee that the people you appreciate do not succumb to these kinds of cyber crimes.