Security News

What is an incident in the world of cybersecurity? NIST provides the following definition: "A computer security incident is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices." Examples of cybersecurity incident are a phishing attempt, a brute-force attack against a service the company runs and a compromise of a server. These teams also vary a lot in their staffing, the smallest CSIRTs structures being made of a couple of people, some even only being involved part-time, to structures made of dozens of employees with a capability to deal with incidents 24/7.The 6 steps to successful security incident handling.

Cyber insurance premiums are increasing and so is infosec's determination to get a slice of that pie: Cloudflare is partnering with Mandiant, Secureworks, and Crowdstrike in a "Rapid referral" partnership for under-attack companies. The move was announced today as Cloudflare claimed that insurance premiums "Have increased upwards of 50 per cent," with price hikes mainly hitting "The small and medium enterprises that find themselves as the common target for these cyber attacks."

The report assesses the services developed and currently used by CSIRTs across the Member States, analyzes the trends in relation to sector-specific CSIRTs and issues recommendations to strengthen the incident response capabilities in the health sector. National CSIRTs are the entities in charge of incident response in the health sector.

Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR. The COVID-19 pandemic has highlighted the pressing need for security organizations to implement a structured, detailed and well-practiced incident-response plan. To that end, let's discuss the key building blocks to building and testing an effective incident-response plan.

With nearly 50% of organisations with over 2,000 employees still yet to deal with security monitoring and implementation of incident response capabilities, we need to ask ourselves why? It's hard to deploy disparate and multiple complex systems to get true SOAR. It's hard to find the staff to resource both the engineering and the security operations, all bringing with it a high cost and management burden making it difficult for large organisations, let alone smaller organisations, to reach this level of security maturity.

Around half of organizations polled for Kroll's The State of Incident Response 2021 report said that their teams lack clarity around when to engage legal counsel about a potential incident. The multi-layered nature of incident response demands input from resources across an organization, particularly legal.

Regardless of industry, information security incidents have become more of a targeted threat for businesses, increasing in amount and efficacy, according to the 2021 Data Security Report from GetApp. Of all the security incidents identified by over 900 surveyed employees at U.S. businesses, the three most threatening incidents were: increasingly severe ransomware attacks, more effective phishing schemes, and rampant reusing of passwords.

A strong incident-response plan can help a company recover quickly and reduce incident costs. When did the incident take place? Who discovered it? At what point did the security and IT teams intervene? Along with these steps, it is crucial to identify the type and nature of the incident and confirm that it is an actual incident.

The coronavirus pandemic presented the perfect opportunity for security teams to evaluate the state of their incident-response process. According to a survey conducted by Red Canary, Kroll and VMware in partnership with Wakefield Research, 45 percent of security leaders said their security spending will either stay the same, if not decrease over the next twelve months.

You need to analyze many potential entry points, attack paths, and data exfiltration tactics to reveal the scope of what took place-all while the culprits are potentially taking steps to cover their tracks. The attacker might then use stolen user credentials to move laterally throughout the network, finally launching a DCShadow attack that uses replication permissions to imitate a domain controller and make changes to Active Directory.