Tag Archive for: management

Ransomware incidents now make up majority of British government’s crisis management COBRA meetings

/in


Ransomware incidents in the United Kingdom are now so impactful that the majority of the British government’s recent crisis management COBRA meetings have been convened in response to them rather than other emergencies.

The need to regularly hold cross-departmental COBRA meetings reveals how little progress Westminster has made to address the risks ransomware poses to the country, according to multiple sources with knowledge of the government’s response, speaking to The Record on the condition of anonymity because they were not authorized to openly discuss the matter.

They noted that despite the repeated warnings of the National Cyber Security Centre’s (NCSC) chief executive Lindy Cameron describing ransomware as the most acute threat facing the country, there did not appear to be a proportionate level of ministerial interest. Successive Home Secretaries have instead prioritized the issue of small boat crossings of migrants in the English Channel.

The gatherings — officially known as a meeting of the Civil Contingencies Committee, which takes place in the Cabinet Office Briefing Room (COBR) — have historically been convened in response to terror attacks, but are now increasingly focused on cybersecurity incidents affecting critical services.

According to the NCSC’s annual review, the U.K. was impacted by 18 ransomware incidents this year which “required a nationally coordinated response” including attacks affecting the South Staffordshire Water utilities company and the National Health Service software supplier Advanced. The increased focus on these incidents at COBRA meetings has not previously been reported.

Former Home Secretary Priti Patel MP welcoming G7 Interior Ministers in 2021. Image: U.K. Government

Ransomware ‘sprints’

The surge in COBRA meetings follows a cross-Whitehall “sprint” — a project management term — on ransomware which concluded last December. Its intention was to come up with recommendations to deal with the issue that would be signed off on in advance of the G7 meeting of interior ministers at the end of 2021. However a year on from the conclusion of that “sprint” the government has still delivered no actionable…

Source…

Asset risk management: Getting the basics right

/in


In this interview with Help Net Security, Yossi Appleboum, CEO at Sepio, talks about asset risk management challenges for different industries and where it’s heading.

asset risk management challenges

Cyberattacks show no signs of slowing down. What do organizations need to do to boost their asset risk management?

They need to understand what’s in their environment. You can’t do anything to manage risk if you don’t know what assets you have and their associated risk posture. Increased spending on cybersecurity tools is a waste if those tools cannot see every asset in your infrastructure. And, unfortunately, that is where a lot of enterprises fall short. So, the number one thing enterprises need to do is get back to basics and focus on what builds the foundation to robust asset risk management – and that is visibility and understanding of risk.

What are the most common threats plaguing the financial sector, and how can asset visibility mitigate the risks?

The first threat that comes to mind is ransomware. The finance industry, by nature, has access to substantial amounts of money, and disruptions to financial services can have a tremendous impact on society and the economy. These two factors make financial institutions the perfect target for a ransomware attack as the tolerance for downtime is low and the funds needed to pay the ransom are there. Ransomware can get introduced to the environment through IT assets, and asset visibility mitigates the risks by accounting for anomalies that could indicate a possible threat.

Social engineering is another threat faced by the financial sector. The thousands of employees that work for large financial corporations each act as a gateway into the organization through simple methods of manipulation. A bad actor can convince a member of staff to bring in an unwanted asset by means of bribery or blackmail or have them unknowingly do so by enticing them with free handouts. Who can refuse a free iPhone charger? Asset visibility mitigates the risks by accounting for these novel connections, which security teams can subsequently investigate.

What about healthcare institutions? How are they vulnerable, and what must they do to ensure service continuity and avoid…

Source…

Newly Introduced HackerOne Assets Goes Beyond Attack Surface Management To Close Security Gaps

/in


SAN FRANCISCO, October 13, 2022: HackerOne, the leader in Attack Resistance Management, today announced the general availability of its HackerOne Assets product. Assets combines the core capabilities of Attack Surface Management (ASM) with the expertise and reconnaissance skills of ethical hackers to bring visibility, tracking, and risk prioritization to an organization’s digital asset landscape. Research from ESG
revealed that 69% of organizations have experienced a cyberattack through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. Assets form a key part of HackerOne’s Attack Resistance Management portfolio that aims to discover unknown assets and vulnerabilities and close organizations’ security gaps.

With Assets, customers can manage both the discovery and testing of assets in a single platform. The solution blends security expertise with asset discovery, continuous assessment, and process improvements to reduce risk. HackerOne’s community of ethical hackers enrich the asset and scan data and analyze it themselves, ensuring that newly found assets are tested for risk and mapped according to their metadata. Once the assets have been identified and ranked for risk, security teams can use these insights to initiate pentests on newly discovered assets and add assets to their bug bounty scope.

“HackerOne Assets solves for the inefficiencies in traditional ASM scanning” explained Ashish Warty, SVP of Engineering at HackerOne. “It’s impossible for security teams to see their entire attack surface, while cloud transformation, agile product cycles, and mergers and acquisitions keep the threat landscape growing. By combining attack surface management with the creative power of the ethical hacking community, Assets reduces manual work, increases the accuracy of scanning results, and speeds up time to remediation by prioritizing based on real world risk.”

“Having in-depth visibility of our attack surface is a core part of our security strategy,” said Roy Davis, Lead Security Engineer at Zoom. “With HackerOne Assets and the insights it brings from the hacking community, our security team has been able to effectively prioritize those…

Source…

2022 FAIR Conference to Explore Scaling Risk Management Practices to Tackle Growing Cyber Threats

/in


Get instant alerts when news breaks on your stocks. Claim your 1-week free trial to StreetInsider Premium here.

Hybrid in-person and virtual event on Sept. 27-28 in Washington, D.C., and online

Media Passes: To access FAIRCON22 event sessions in person or online, contact Luke Bader, director, membership and programs, FAIR Institute, [email protected]; or Eskenzi PR: Avery MacGregor, [email protected], 978.290.2970; or Cathy Morley Foster, [email protected], 925.708.7893.

RESTON, Va., Sept. 26, 2022 (GLOBE NEWSWIRE) —  What: As financial stakes in cybersecurity grow higher, FAIR Institute, the non-profit professional organization that advances measuring and managing risk, is doubling down to help businesses and organizations protect their most valuable assets with its 2022 FAIR Conference (FAIRCON22). The annual event, this year themed, “Scale: Risk Management to the Next Level,” will bring together thought leaders in cyber and operational risk management to discuss best FAIR™ (Factor Analysis of Information Risk) practices to develop increased value and alignment with business goals.

When: This premiere global risk management conference will be held in-person at the Mandarin Oriental Hotel, Washington, D.C., and virtually Tuesday, Sept. 27, and Wednesday, Sept. 28. Program line-up features dynamic keynote addresses, interactive C-suite panels, and expert case study sessions.

Who: Open to professionals in risk management and offers beginner and advanced session tracks.

  • Speakers: Jack Jones, chairman, FAIR Institute; Mark Tomallo, senior vice president, CISO, Victoria’s Secret; Mary Elizabeth Faulkner, CISO, Thrivent Financial; Jeff Norem, Deputy CISO, Freddie Mac; Matthew Tolbert, senior cybersecurity specialist, supervision and regulation, Federal Reserve Bank of Cleveland; and James Lam, public and private board director; National Association of Corporate Directors (NACD) certified director and D100 honoree; ERM consultant, author, and speaker; and Derek Johnson senior reporter, SC Media; among others.
  • In-person and Virtual: “This year, we are pleased to welcome attendees back in person and to virtual events for FAIRCON22. The conference focus is on ‘Scale,’ demonstrating how to…

Source…