With the Center for Internet Security (CIS) set to launch version 7 of the CIS Controls (formerly the SANS Critical Security Controls) this March 19th, it’s a great time to review your cybersecurity posture and make sure you’re keeping pace. The latest update is expected to make minor changes that reflect the changing security landscape. While prioritization of the controls may change, it’s unlikely that many of the core controls will change substantively.
Many regulations state that companies must take reasonable measures to protect sensitive data, for example, personal information such as Social Security numbers, medical information, and payment card data. But even with that mandate, information is still being stolen through data breaches. Last year in the state of California, 178 reported breaches put over 24 million records at risk, affecting nearly 60% of Californians.
Led by the Center for Internet Security (CIS), an international community of experts regularly publishes a list of recommended security controls (CIS Critical Security Controls) that outline specific actions organizations can take to improve their cyber defenses. Implementing the controls protects organizations from internal and external cyber threats.
According to a 2013 Clearswift survey, 58% of all security incidents can be attributed to insiders. Below is a look at how two of the controls guard effectively against the paradigmatic internal threat: the insider who has turned against his or her own organization.
We’ve been having a lot of conversations recently with banks and financial organizations about not only meeting GLBA and PCI-DSS requirements, but also making sure they are prepared for the FFIEC examinations. On the heels of the release of the FFIEC Cybersecurity Assessment Tool this summer, financial organizations are recognizing shortcomings and gaps with their current security processes and systems and looking for ways to correct the issues within constraints of limited budgets, time, and other resources.
Compliance management has historically focused on reactive security monitoring (SIEM and Log Management) to meet regulatory mandates. SIEM and Log Management do not proactively identify weaknesses in your network defenses; they only notify you after an event has occurred. As a result, companies continue to experience an increasing number of breaches even though they are in compliance with regulations at the time of a breach.
Implementing IT Asset Management can help your organization reduce its exposure to cyber risk. Hackers are always looking for the easiest way to infiltrate your network and IT Asset Management can help close the holes that let hackers in. While every network faces unknown risks, IT Asset Management can help you mitigate known risks.
IT Asset Management can provide detailed information on the lifecycle of your devices, including what devices are known and authorized on your network and what software those devices are running.
Here are two ways IT asset tracking can help you improve your security:
Most security monitoring practices focus primarily on reactive security, alerting security teams when a possible attack has been detecting on their network so that they can react to it and try to stop the intruders before any damage is done. The problem with this method is that the longer it takes to detect an attack, the more it will cost to fix it. The longer the attacker is inside your network, the more of a chance it has to find sensitive information.
JP Morgan Chase, a major American financial institution, disclosed a cyber breach back in September. The breach affected 76 million households and 7 million small businesses. The hackers used some of the same offshore servers to hack both the bank and the website of the JP Morgan Corporate Challenge. The IT team at JP Morgan was able to uncover the hack by chance, after studying the Corporate Challenge website breach.
“Theft of information assets, disruption of services and wrongful disclosure are believed to be the most serious cyber security threats to an organization’s information assets. The most serious consequences from a cyber attack or intrusion are the loss of intellectual property, productivity decline and lost revenue." - Ponemon Institute, 2013(1)
With attacks reported against many banks and major corporations, DDoS (Distributed Denial-of Service) attacks seem to be a hot topic these days. This begs the question of what can be done to protect organizations from the damaging impacts caused by sustained service outages on critical resources -- and, increasingly, to protect the organization from the data theft and other secondary motives of DDoS attacks used as smokescreens to draw critical security resources away from true targets.