The #CyberAvengers Playbook

The Non-Technical, No Nonsense Guide For Directors, Officers, and General Counsels

Cybersecurity, as many organizations practice it today, is broken. Everybody is feeling the pressure as competitors and partners alike dread a breach. Leadership can’t be left in the dark due to technobabble, a lack of resources, or excuses as to why cyber risk cannot be measured.

FireEye is proud to support the new eBook, The #CyberAvengers Playbook: Doing the Little Things (and Some of the Big Things) Well (2017 Edition). This short guide is designed to give you actionable items that could help any organization improve its cybersecurity posture.

Download the eBook and pick up the following tips from the #CyberAvengers:

  • Oversight duties: Learn to view risk from an enterprise perspective in an era where accountability and fallout costs are surely going to grow.
  • Cyber risk: Why it matters and how to wisely spend your limited resources.
  • Communication gaps: Cybersecurity is not an IT-only issue, so do not be afraid to speak your mind. We show you which questions to ask.
  • Response and continuity: Even the best-tested plans can go out the window during a time of crisis. Learn to minimize the fallout.
  • What’s happening in 2017 and what to expect in 2018: From the ransomware scare to the General Data Protection Regulation (GDPR) coming into effect, business is becoming more expensive. We try to help you save wherever you can.

From the Starship Enterprise to Your Enterprise: Eight Cybersecurity Lessons From ‘Star Trek’

Every CEO needs a Spock or a Data. In this era of monthly breaches, the importance of a good cyber risk advisor cannot be overstated. The ultimate decision is yours, Captain, but at least you’ve been forewarned.

Many people in the security industry today grew up watching “Star Trek,” from the original episodes to Next Generation, Deep Space Nine, Voyager, Enterprise and the many other series that followed. In anticipation of the upcoming “Star Trek: Discovery” series, we thought it would be a good time to remind our readers that, beyond the entertainment value, “Star Trek” also provides useful metaphors to help security professionals communicate with executives and fellow staffers.

Eight Cybersecurity Lessons for Your Security Starfleet

When it comes to security, the typical enterprise is really not so different from the USS Enterprise. Without proactive risk management, savvy threat identification and effective incident response, neither a business nor an intergalactic vessel can survive. Below are eight cybersecurity lessons that security professionals can take away from “Star Trek.” Continue reading at SecurityIntelligence.com

3 keys to responding intelligently, publicly to a cyberattack

Much the same way you wouldn’t go do a podiatrist for your dental issues (despite increased cases of foot-in-mouth syndrome, particularly over social media), you shouldn’t be using real estate counsel to handle a cyber breach.

Intelligent responses depend on three elements:

  1. Incident Response Planning
  2. Business Continuity Planning
  3. Crisis Communication Planning

There are numerous articles and memos deal with the topic of incident response, business continuity, and crisis communication plans. Many have been distributed through media outlets even. So you may be asking: why us, why now, and what more could we possible offer in this space?

Continue reading “3 keys to responding intelligently, publicly to a cyberattack”

Five Lessons on Cybersecurity Survival

Remember, these are just tools, not crutches, and humans are still needed at the helm.

In the midst of the recent devastating cybersecurity news from Equifax it would not be unreasonable for Americans to think: What’s next?

Let’s be candid: The status quo is not working. Traditional perimeter defenses are becoming sieves. Password policies and practices are weak. Over-privileging is a self-induced wound. And the timely patching of critical vulnerabilities continues to be a major issue despite months of discussion and thousands of written words on the topic.

So what will work? Getting back some of the basics would be a good start. Taking advantage of some current and next-generation technologies would be another good step. What follows are a few such suggestions, in no particular order.

Continue reading “Five Lessons on Cybersecurity Survival”

No Time for Techno-Babble: Four Key Traits of Quality CISO Reports

Directors are under pressure to ensure that they are dutifully discharging their duties of care and due diligence.

Board directors have very little patience for technical jargon. Given the tremendous pressure executives are under to avoid headline-grabbing data breaches, CISO reports should align enterprise risks with their potential impacts on business objectives in terms that nontechnical board members can easily understand.

An EY report titled “The Evolving Role of the Board in Cybersecurity Risk Oversight” stated that board directors “seek assurances from management that their cyber risk management programs will reduce the risk of attacks and, when necessary, will detect, respond and recover from any attack that does happen.” Continue reading at SecurityIntelligence.com

Do You Trust Your Network?

Therefore, if your IT department says to you, “we’re confident we do not have any malware on our network” ask how they came to that conclusion. If instead they say, “we do not have any malware on our network, honest, trust us!” then raise an eyebrow and get your hands dirty, because you have work to do.

The question seems simple enough, doesn’t it?  But have you asked the question?  My feeling is that not enough people actually do.  Of course, a natural response may be: isn’t that a question for my IT department to answer?

Yes and no (more on that in a moment).  And I promise I am not trying to play word games, but words and their meanings matter, and am therefore placing particular focus on the word trust.  Trust is different than confidence.  Trust is different than transparency.  Trust has a much more “personal” element than the others.  And so much of what we do in the world today is based on trust. Continue reading “Do You Trust Your Network?”

Incident Response – 3 Takeaways from the Equifax Breach

It’s not about what you do right, as much as what you do not do wrong.

The SecureWorld News Team talked with Shawn Tuma about many of the lessons that can be learned from the Equifax data breach and winnowed it down to the following 3 takeaways that are discussed more thoroughly in the article at SecureWorldExpo.com :

  1. We need a uniform national breach notification law in the United States.
  2. When it comes to data breach response, “[i]t’s not about what you do right, as much as what you do not do wrong.”
  3. A mega breach keeps going, and going, and going.

Main Takeaways for CIOs from the Global C-Suite Study

Technological advances are transforming the way we connect, disrupting the status quo and creating huge turbulence. Industries are converging, and new opportunities and threats are emerging, as never before.

— ­IBM IBV 2016 Global C-suite Study – The CIO Point of View

The pace of change is top of mind for CIOs. We live in an age where technology is nearly obsolete by the time it has been implemented and deployed. Gone are the days of 5-year and 7-year technology deployment plans, instead CIOs must oversee a near-continuous digital transformation of their enterprise, constantly. Add to that the critical nature of today’s technology infrastructure — i.e. can your business run without computers, networks, or the Internet — and you get a good sense for the level of stress CIOs are facing today. Continue reading at IT Biz Advisor

Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks

The specifics of a security approach may vary according to circumstances, but the mesh that connects the elements is situational awareness combined with systematic abilities for critical communications in cases of emergency.

What are the new Cybersecurity Stakes – What are vulnerabilities and risks?

We live in world of algorithms; x’s and o’s. Our digital world is ripe for access and compromise by those who want do harm from just a laptop and server. A myriad of recent breaches have demonstrated that as consumers we are becoming more and more dependent upon digital commerce. Our banking accounts, credit cards, and financial daily activities are interconnected. We are all increasingly vulnerable from hackers, phishers, and malware proliferating across all commercial verticals.

In the past year, the employment of ransomware has become a method of cyber-attack choice by hackers. This is because many networks (especially hospitals, utilities, universities, and small businesses) are comprised of different systems, devices and often lack required patching and updating necessary to thwart attacks. The recent Wannacry, and Petya attacks were certainly wake up calls to the disruptive implications of ransomware. We can expect to see more such attacks because of the ease of infection and because the vulnerabilities to networks still remain. Continue reading “Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks”

Board Directors Need to Get Involved With Cyber Risk Governance

Board directors are under a lot of pressure. They know that it’s only a matter of time before their organization suffers a cyber incident, and all eyes will naturally be on the directors themselves to see if they were properly exercising their risk oversight.

Directors also know that all interactions with the CISO will be subject to close scrutiny in the aftermath of a breach. But with the right mix of security education, communication and help from outside experts, executives can fill cyber risk awareness gaps and achieve compliance with a growing number of privacy and risk regulations. Continue reading at SecurityIntelligence.com