The number of long-term hacks being uncovered continues to rise unabated, resulting in millions in financial losses, theft of intellectual property, and/or exposure of customer information. With the threat of undetected compromises and stealthy zero-day attacks breaking through even the best controls, cyber risk managers require more than what is being offered by legacy assessment solutions (which typically only address vulnerabilities or configuration management).
We have all enjoyed the personalized experiences that software platforms are providing as they learn more about us, but with this data comes a high burden to protect it. We are seeing the implications of this manifested in broken trust with Facebook and Equifax. Cybersecurity and privacy standards are also confronting organizations today as they race to comply with the May deadlines of GDPR. What is the U.S. doing in parallel to keep up?
Last week, Applebee’s announced it was the victim a Point of Sale (PoS) malware attack, warning customers in 15 states that their PII and credit card information was at risk. The attack is reported to have impacted 167 POS systems in the states of Alabama, Arizona, Florida, Illinois, Indiana, Kansas, Kentucky, Missouri, Mississippi, Nebraska, Ohio, Oklahoma, Pennsylvania, Texas, and Wyoming.
Modern warfare is increasingly fought not with guns and bombs but with weaponized software. State-backed hackers in North Korea are currently setting their sights on critical infrastructure in the United States with the aim of knocking out power in the country, cybersecurity researchers have warned. Securing critical infrastructure is a priority for national security reasons, but the traditional view of security solely as a defensive measure is not enough to protect these systems; a proactive approach to security in tandem with defensive tools is best way forward to prevent catastrophe and keep people and commerce going.
Last week in a Live Webinar we looked at the pitfalls of relying solely on Endpoint Detection (EDR) software for proactive threat hunting and examined some of the common misconceptions about the comprehensiveness of the data collected by many EDR solutions. The intention was not to discredit EDR or to say a forensic state analysis (FSA) approach is better, but to reflect on the different approaches to threat hunting which might be more appropriate for your use case. If you couldn’t join us here’s quick overview of what was covered.