Tag: lessons-learned
-
6 hard-earned tips for leading through a cyberattack, from CSOs who’ve been there
by
in SecurityNews
Tags: attack, awareness, breach, business, cisco, ciso, control, cyber, cyberattack, cybersecurity, data, group, incident response, infosec, infrastructure, lessons-learned, military, open-source, phishing, phone, privacy, programming, ransomware, security-incident, service, skills, software, strategy, threat, training, updateDevelop muscle memory, and patience, through simulations: Authority under crisis is meaningless if you can’t establish followership. And this goes beyond the incident response team: CISOs must communicate with the entire organization, a commonly misunderstood imperative, says Pablo Riboldi, CISO of nearshore talent provider BairesDev.”I find that employee involvement tends to be overlooked during cyberattacks.…
-
Public-private partnerships: A catalyst for industry growth and maturity
by
in SecurityNews
Tags: ceo, crypto, cyber, cybercrime, cybersecurity, data, defense, fortinet, framework, government, guide, infrastructure, intelligence, interpol, lessons-learned, mitre, resilience, software, threat, vulnerabilitySuccessful partnerships offer a blueprint for effective collaboration Numerous cybersecurity-focused partnerships are underway, involving successful collaboration across all sectors. These examples can help take public-private partnership efforts from abstract ideas to impactful execution and provide valuable insights and lessons learned.One example is the work being done by the Cyber Threat Alliance (CTA) and its members.…
-
Suite 404: Training executives for cyberattack response in a playful way
by
in SecurityNewsSimulation of a cyber attack in the form of a classic board game. HillThe simulation itself consists of three game phases. In the first phase, seemingly everyday incidents are analyzed to determine the extent to which they have a negative impact on our hotel business. The four categories of service, reputation, sales, and cybersecurity must…
-
Ransomware Recovery Lessons Learned From Arnold Clark
by
in SecurityNewsDisruptive Data-Stealing Attackers Hit Vehicle Retail Giant Right Before Christmas. Cyber resilience lessons learned: In the wake of a disruptive ransomware attack, the head of automotive retail giant Arnold Clark said continually practicing and refining the organization’s resilience plan has driven its response time down from at least 12 hours, to just one or two.…
-
How to create an effective incident response plan
by
in SecurityNews
Tags: access, advisory, attack, backup, breach, business, ceo, ciso, communications, corporate, cyber, cybersecurity, email, endpoint, exploit, finance, governance, guide, incident, incident response, insurance, law, lessons-learned, malicious, monitoring, network, office, phone, ransomware, risk, security-incident, service, strategy, supply-chain, technology, threat, updateEstablish a comprehensive post-incident communications strategy: Another key element that can make or break an incident response strategy is communications. Without clear communications among the major stakeholders of the business, a company might experience much longer downtimes or the loss of vital processes for extended periods.”How are you going to go about communicating? With whom?…
-
DEF CON 32 Manufacturing Lessons Learned, Lessons Taught
by
in SecurityNewsAuthors/Presenters: Tim Chase Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/def-con-32-manufacturing-lessons-learned-lessons-taught/
-
CISO success story: How LA County trains (and retrains) workers to fight phishing
by
in SecurityNews
Tags: ai, awareness, breach, business, chatgpt, cio, ciso, cloud, compliance, computing, control, corporate, cybersecurity, data, dos, election, email, endpoint, government, hacker, healthcare, incident response, jobs, law, lessons-learned, malicious, marketplace, network, phishing, privacy, regulation, risk, risk-management, service, software, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability(The following interview has been edited for clarity and length.)At first glance, LA County’s reporting structure who reports to whom seems, well, fairly complex.We have a federated model: I report to the county CIO. Each department acts as an independent business and has its own department CIO and information security officer. Their job is to…
-
World Economic Forum Annual Meeting 2025: Takeaways, reflections, and learnings for the future
by
in SecurityNews
Tags: attack, best-practice, ceo, cyber, cyberattack, cybercrime, cybersecurity, finance, fortinet, group, intelligence, international, law, lessons-learned, mitigation, open-source, organized, risk, strategy, tactics, technology, threatIncreasingly sophisticated threat actors in the evolving cybersecurity landscape In a world where cybercriminals often operate with a level of efficiency mirroring that of Fortune 500 companies, it is essential that we look to ways we can better collaborate to counter them. Unfortunately, there is still a lot of room for improvement; in 2023, 87%…
-
312% Surge in Breach Notices That Could Have Been Prevented
by
in SecurityNewsIdentity Theft Resource Center’s Lee on Lessons Learned From 2024 Mega-Breaches. Six mega cybersecurity incidents led to a record 1.7 billion data breach notices going out to victims in 2024 – a dramatic 312% increase over the previous year. Identity Theft Resource Center President James E. Lee says the increase exposes industry-wide failures in basic…
-
Biden Signs New Cybersecurity Order
by
in SecurityNewsPresident Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details: The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents”, namely, the security…
-
New Paper: “Future of SOC: Transform the ‘How’” (Paper 5)
by
in SecurityNewsAfter a long, long, long writing effort “¦ eh “¦ break, we are ready with our 5th Deloitte and Google Cloud Future of the SOC paper “Future of SOC: Transform the ‘How’.” As a reminder (and I promise you do need it; it has been years”¦), the previous 4 papers are: “New Paper: “Future of the SOC: Evolution or…
-
Reflecting on Y2K: Lessons for the Next Tech Crisis and AI Safety
by
in SecurityNewsJoin us as we reminisce about Y2K, the panic, the preparations, and the lessons learned 25 years later. We also discuss the implications for future technology like AI and potential cybersecurity crises. Plus, in our ‘Aware Much’ segment, Scott shares tips on protecting your data if your phone is stolen. Happy New Year and welcome……
-
Cybersecurity Snapshot: What Looms on Cyberland’s Horizon? Here’s What Tenable Experts Predict for 2025
by
in SecurityNews
Tags: access, ai, attack, best-practice, breach, business, cisa, ciso, cloud, computer, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, data-breach, exploit, flaw, guide, hacker, ibm, incident response, intelligence, lessons-learned, monitoring, office, resilience, risk, service, software, strategy, threat, tool, training, update, vulnerability, vulnerability-management, zero-trustWondering what cybersecurity trends will have the most impact in 2025? Check out six predictions from Tenable experts about cyber issues that should be on your radar screen in the new year, including AI security, data protection, cloud security… and much more! 1 – Data protection will become even more critical as AI usage surges…
-
Navigating the Cyber Threat Landscape: Lessons Learned What’s Ahead
by
in SecurityNewsA look at the cyber threat landscape of 2024, including major breaches and trends. An expert weighs in on key lessons and what to expect in 2025. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/cyber-threat-landscape-lessons-learned-whats-ahead/
-
Cybersecurity Snapshot: CISA Hands Down Cloud Security Directive, While Threat from North Korean IT Workers Gets the Spotlight
by
in SecurityNews
Tags: access, ai, authentication, best-practice, business, china, cisa, cisco, cloud, computer, control, cyber, cybersecurity, data, data-breach, email, extortion, finance, framework, fraud, google, government, guide, hacker, identity, incident, incident response, infrastructure, intelligence, international, Internet, jobs, korea, kubernetes, law, lessons-learned, linux, login, malicious, microsoft, mobile, monitoring, network, north-korea, office, password, regulation, risk, risk-management, russia, service, software, tactics, technology, threat, tool, updateCheck out the new cloud security requirements for federal agencies. Plus, beware of North Korean government operatives posing as remote IT pros. Also, learn how water plants can protect their HMIs against cyberattacks. And get the latest on the U.S. cyber incident response framework; the CIS Benchmarks; and local and state governments’ cyber challenges. Dive…
-
Builder.ai Database Misconfiguration Exposes 1.29 TB of Unsecured Records
by
in SecurityNewsCybersecurity researcher Jeremiah Fowler discovered a 1.2TB database containing over 3 million records of Builder.ai, a London-based AI software and app development company. Discover the risks, lessons learned, and best practices for data security. First seen on hackread.com Jump to article: hackread.com/builder-ai-database-misconfiguration-expose-tb-records/
-
LW ROUNDTABLE: Lessons learned from the headline-grabbing cybersecurity incidents of 2024
by
in SecurityNewsIt’s all too clear that the cybersecurity community, once more, is facing elevated challenges as well as opportunities. Part one of a four-part series The world’s reliance on interconnected digital infrastructure continues to deepen, even as the threats facing it… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/lw-roundtable-lessons-learned-from-the-headline-grabbing-cybersecurity-incidents-of-2024/
-
Analyzing Tokenizer Part 2: Omen + Tokenizer
by
in SecurityNews“I have not failed. I’ve just found 10,000 ways that won’t work” – Thomas Edison Introduction: This is a continuation of a deep dive into John the Ripper’s new Tokenizer attack. Instruction on how to configure and run the original version of Tokenizer can be found [Here]. As a warning, those instructions need to be updated…
-
Walking the Walk: How Tenable Embraces Its >>Secure by Design<< Pledge to CISA
by
in SecurityNews
Tags: access, application-security, attack, authentication, best-practice, business, cisa, cloud, conference, container, control, credentials, cve, cvss, cyber, cybersecurity, data, data-breach, defense, exploit, Hardware, identity, infrastructure, injection, Internet, leak, lessons-learned, mfa, open-source, passkey, password, phishing, risk, saas, service, siem, software, sql, strategy, supply-chain, theft, threat, tool, update, vulnerability, vulnerability-managementAs a cybersecurity leader, Tenable was proud to be one of the original signatories of CISA’s “Secure by Design” pledge earlier this year. Our embrace of this pledge underscores our commitment to security-first principles and reaffirms our dedication to shipping robust, secure products that our users can trust. Read on to learn how we’re standing…
-
Five backup lessons learned from the UnitedHealth ransomware attack
by
in SecurityNewsThe ransomware attack on UnitedHealth earlier this year is quickly becoming the healthcare industry’s version of”¯Colonial Pipeline, prompting congressional testimony, lawmaker … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/backup-strategies/
-
Countering multidimensional threats: lessons learned from the 2024 election
by
in SecurityNewsIn 2024, election officials and law enforcement shared intelligence closely to counter complex threats. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/countering-multidimensional-threats-lessons-learned-from-the-2024-election/733107/
-
Ten Lessons Learned from The Mother of All Breaches Data Leak
by
in SecurityNewsWhat a year after the Mother of All Breaches data leak has taught us on cybersecurity, data protection, and more. It’s almost been a year since the “Mother of All Breaches” (MOAB), widely known as one of the largest and most impactful data breaches in cybersecurity history, exposed massive volumes of sensitive data. We’ve put……
-
DEF CON 32 AppSec Village Lessons Learned from Building and Defending LLM Applications
by
in SecurityNewsDEF CON 32 – Lessons Learned from Building and Defending LLM Applications Authors/Presenters:Javan Rasokat Our sincere appreciation to DEF CON, and th… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/def-con-32-appsec-village-lessons-learned-from-building-and-defending-llm-applications/
-
Four lessons learned from our experience with a fake North Korean remote IT worker
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/perspective/four-lessons-learned-from-our-experience-with-a-fake-north-korean-remote-it-worker
-
Navigating the Shared Responsibility Model: Lessons Learned from the Snowflake Cybersecurity Incident
by
in SecurityNewsJerry Dawkins, PhD In the world of cybersecurity, the recent incident involving Snowflake has sparked a significant discussion around the shared respo… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/navigating-the-shared-responsibility-model-lessons-learned-from-the-snowflake-cybersecurity-incident/
-
Security Update: MSSP Alert Live, An MSSP’s Perspective on CrowdStrike Lessons Learned
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/feature/security-update-mssp-alert-live-an-mssps-perspective-on-crowdstrike-lessons-learned
-
CrowdStrike Lessons Learned: An MSSPs’ Perspective
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/crowdstrike-lessons-learned-an-mssps-perspective
-
SaaS Security Lessons Learned the Hard Way | Grip
by
in SecurityNewsDiscover key lessons in SaaS security, avoid common pitfalls, and learn how to proactively manage SaaS identity risks for a stronger security posture…. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/saas-security-lessons-learned-the-hard-way-grip/