A data breach has occurred or worse your organization has been hit with ransomware, what do you do next? Learn how Tabletop exercises create muscle memory.
Anything that’s difficult takes time to master, or at least become competent, and it requires constant training and being pushed in situations which will sharpen your reflexes. This is the predominant reason why we perform cybersecurity tabletops in order to improve our reaction time regarding security incidents and breaches. During these situations there’s much more than the technical aspect that needs to be considered and if the entire organization isn’t moving in tandem, mistakes will be made. Organizations as a whole need to live this experience, even if it’s just a tabletop, in order to understand the ramifications of where you might have blinders on from a maturity standpoint. This consistent role playing, aimed to force all levels of participant’s out of their comfort zone, is used to create that tempered muscle memory on how to react to incidents without question.
We’ve all heard it before, “Just patch all the things and you’ll be perfectly fine” and there’s a lot of truth to this statement; it’s also extremely shortsighted. If you’re working in a large enterprise or an organization that uses unique equipment for business functions it’s almost impossible to follow the “patch all the things” mantra. Mostly, because there aren’t available patches or the systems have become unsupported. At CCSI we work with some of the world’s largest organizations and in doing so we’ve noticed that patching isn’t always an option, even though we recommended it as a priority, to some systems on the network. Here are few areas we recommend when patching isn’t an option.
We recently held our second annual CISO roundtable that brought in the attendance of fifteen CISO’s for a candid conversation regarding their concerns, challenges and advice on protecting their organization. Last year’s roundtable showed that Long Island has a security community that’s hungry to learn and grow from each other. This was also evident from the attendance at the first BSides Long Island, which was held in January. It was no surprise that our second roundtable was just as lively and informative as these two events. Throughout the agenda for the night the topics covered ranged from continued challenges, improvement, and future considerations. We’ll briefly touch on a few throughout this blog so the extended community can learn from their wisdom and insights.
The two-year transitional period implemented by the New York State Department of Financial Services (NYS DFS) regarding their Cybersecurity framework, 23 NYCRR 500, finished this past March 1, 2019. This doesn’t mean the work ends here, but essentially it’s just getting started. The state of New York allowed institutions, or covered entities, a 24 month break in period before having to adhere to all phases per year. The training wheels are off and all phases will have to be obtained yearly moving forward.
Malicious actors are consistently and persistently looking for new avenues to compromise sensitive data and they’ve found one such entry through legal firms.
Legal firms play a unique role within the economy by being at the center of personal and business-related transactions. Legal firms are involved with large enterprises, governments, small businesses and individual cases. The data maintained by legal firms is both sensitive and valuable and attackers have taken notice. Legal firms are under a barrage of attacks due to the data and relationships they maintain. Many of these firms are focusing on user endpoints when it comes to reducing their risk.
This months podcast features Matthew Pascucci, cybersecurity practice manager at CCSI, speaking with guest CISO Patricia Smith from Cox Automotive, on vulnerability management in the Cloud. Does vulnerability management change depending on deployment model? How to you measure cloud vulnerability metrics? Patricia Smith and Matthew Pascucci touch upon these and more in this podcast episode.
There is a massive need for cybersecurity professionals today and the need is only growing. We’ve seen estimates of anywhere between 2-3 million vacant jobs over the next three years. The demand is definitely bullish and showing no signs of stopping. With this being said, breaking into an industry is always a difficult thing to do and nothing should be assumed, even with the massive demand of unfilled positions. Here are a few areas I’d suggest if you’re looking to not only get into security, but become successful.
Effectively connect people, process and technology to minimize MTTD and MTTR
There’s a reason it’s said that what gets measured gets managed. In order to successfully achieve a goal, you have to be able to measure progress. It’s the only way to know if you’re heading in the right direction.
That’s why any security operations team worth their salt will be paying close attention to both their mean time to detect (MTTD) and mean time to respond (MTTR) metrics when it comes to resolving incidents.
The average dwell time for attackers still sits somewhere within the ranges of 100 – 140 days and frankly, we can do better. Security operations teams need to be fanatical when it comes to lowering these metrics within their organizations.
Significantly reducing dwell time, MTTD and MTTR starts with an understanding of attacks. From there, you need multiple groups working together in harmony enabled by technology to automate and orchestrate incident response processes.