Latest news

Verizon Incident Preparedness and Response Report (VIPR) 2019

No comments

Verizon recently released its 2019 Incident Preparedness and Response Report (VIPR) – “Taming the Data Breach” – based on data collected from companies across industry verticals between 2016 and 2018. The company analyzed the Incident Response or IR Plans of organizations from the finance and insurance (33%), retail trade (17%), manufacturing (15%), utilities (5%), wholesale trade (5 %), educational services (5%) and a few other industries. It also came up with actionable recommendations based on five data breach simulation scenarios.

What the IR Plan is

The IR Plan is centered around the six main stages of incident response – (1) Planning and preparation, (2) Detection and validation, (3) Containment and eradication, (4) Collection and analysis, (5) Remediation and recovery, and (6) Assessment and adjustment. It identifies and defines the roles and responsibilities of internal IR stakeholders; and describes incident detection, attack types, and severity levels to help IR stakeholders and tactical responders manage security threats and incidents.

Key findings

The company’s findings are divided into six main sections that correspond to the six stages of incident response.

Planning and Preparation

Plan construction
  • Seventy-nine percent of the organizations assessed had an IR plan in place. 
  • Forty-eight percent had a “logically constructed, efficient” IR plan.
Plan relevance
  • Only 40 percent of the plans had clearly defined provisions for periodic reviewing, testing, and updating of IR Plans.
  • Twenty-two percent did not cite any internal security policies or procedures, and 38 percent did not cite legal or regulatory requirements.
Internal stakeholders
  • Fifty-seven percent of the plans designated internal IR stakeholders, and 52 percent fully described internal IR stakeholder roles and responsibilities. 
  • Fifty-nine percent did not require internal IR stakeholders to periodically conduct meetings to discuss the threat landscape.
Tactical responders
  • Fifty-three percent clearly designated tactical responders.
  • Forty-seven percent clearly defined tactical responders’ roles and responsibilities.

Detection and Validation

Incidents and events
  • Fifty-five percent of the assessed plans fully defined cybersecurity incidents.
  • Forty-one percent clearly defined cybersecurity events. 
  • Sixty-two percent clearly classified cybersecurity incidents.
  • Sixty-seven percent clearly defined different severity levels for cybersecurity incidents.
Detection sources
  • Forty percent plans fully described non-technical incident detection sources. 
  • Thirty-one percent fully described technical incident detection sources.
Tracking and reporting
  • Forty-two percent plans clearly and fully defined incident and event tracking mechanisms.
  • Sixty-six percent clearly defined incident reporting procedures.
Escalating and communicating
  • Forty percent included detailed IR stakeholder escalation criteria.
  • Forty-five percent included IR stakeholder notification procedures.

Containment and Eradication

  • Fifty-two percent of the assessed plans clearly described containment measures.
  • Fifty percent included fully defined eradication measures.

Collection and Analysis

Collecting and analyzing
  • Only 16 percent of the assessed plans includes clearly defined procedures for data collection and analysis. 
  • Even fewer – 9 percent – fully defined tools for data collection and analysis.
Evidence handling
  • Twenty-six percent plans clearly mentioned procedures for evidence handling.
  • Twenty-one percent fully described evidence submission and chain of custody forms use.

Remediation and Recovery

  • Only 41 percent of the plans included clearly laid out measures for remediation.
  • Forty-five percent included clearly defined recovery measures. 

Assessment and Adjustment

Lessons learned
  • Seventy-six percent plans required (and 14 percent partially required) lessons-learned activities following security incidents
  • Sixty percent fully required (and 14 percent partially required) IR Plan updating following security incidents
Measuring success
  • Twenty-four percent of the assessed plans required the retention of data and reporting. 
  • Twenty-four percent required the tracking of incident and response metrics.


The top five Incident Response Plan recommendations were clearly defining tactical responders’ qualifications (85 percent), making provisions for data analysis (83 percent) and data collection guidance (76 percent), citing external security-related governance and standards (78 percent) and writing and publishing database incident reports and lessons learned results (78 percent). 

The top five breach simulation recommendations were maintaining a regularly updated, well-rounded IR plan (30 percent), producing IR playbooks for individual incident types (30 percent), putting in place internal escalation protocols (30 percent), clearly defining IR stakeholder roles and responsibilities (27 percent), and establishing alternative communication channels and solutions (26 percent).

Read the complete report at Verizon’s website:

Read More

Cyber Incident Trends Report (NCSC)

No comments

October 2018 to April 2019

Cybersecurity Incident Trends Report
Cyber Incident Trends Report – NCSC UK

The UK’s National Cyber Security Centre (NCSC) recently released its cyber incident trends report for the period between October 2018 and April 2019. The report covers five main cyber attack trends seen in the UK – (1) attacks on Office 365 deployments (and cloud services in general), (2) ransomware, (3) phishing, (4) vulnerability scanning, and (5) supply-chain attacks. “All the incident types noted have resulted in compromises within the UK, some significant in nature,” it says. 

Read More

Network-based attacks

No comments

Cyberattacks come in all shapes and forms. They are everywhere, and whether you know it or not, you’ve likely been a victim of one at some point. Even an occasional look at IT news will tell you just how widespread cybercrime is and how many areas of life it affects. Yet many of us don’t have more than a superficial idea of how cyberattacks work, where they originate, and how severe their repercussions can be. 

Read More

Cyber Attack Trends 2019 – Check Point Research

No comments
Cyber Attack Trends 2019

Check Point Research released its 2019 mid-year report on Cyber Attack Trends last month. The report puts targeted ransomware attacks at the top of its list of dominant ongoing trends in 2019. Cryptomining attacks, on the other hand, have declined considerably over the past year, with only 21 percent organizations affected by cryptominers’ attacks this year, compared to 42 percent in 2018. 

Read More

Security in the Cloud – Introduction

No comments

Service and Deployment Models, Challenges and Security Principles

Most businesses think of cloud services as being either less secure than on-site services because they expose sensitive data to a wider range of possible attacks or breaches, or more secure because “everything” is taken care of by the cloud provider. The fact, however, is that cloud computing comes with security challenges that are different from but not necessarily more or less serious than what a business would face in an on-premises environment. Whatever security issues there are in the cloud model are due more to users’ inability to adapt quickly to the new threat environment and address security needs specific to the cloud than to any inherent weaknesses and security loopholes in the model itself. In most cases, the learning curve that organizations need to go through before attaining a secure state on the cloud is a bigger challenge than developing technology to address security concerns.

Read More

SANS SOC Survey 2019

No comments
SOC Best Practices – 2019

The SANS Institute released its 2019 SOC Survey report – Common and Best Practices for Security Operations Centers – earlier this month. The survey was designed to “provide objective data to security leaders and practitioners who are looking to establish a SOC or optimize their existing SOCs”. The average size of the SOC teams represented in the survey was 10, with a majority of the respondents based either in North America or Europe, and drawn predominantly from the cybersecurity industry, followed by government, banking and finance, technology, and a few others.

Read More

CIS CSAT – A web-based tool to track your implementation of CIS Controls

CIS CSAT Dashboard

CIS CSAT is a free web-based tool that allows organizations to assess their cybersecurity strategy and infrastructure against the Center for Internet Security’s 20 Critical Controls. The tool was developed for CIS by EthicalHat Cyber Security, and is based on AuditScripts’ popular CIS Controls Manual Assessment spreadsheet. It helps businesses easily track their documentation, implementation, automation and reporting of CIS Controls, and compare their own security performance with the industry average.

Read More

SANS 2019 Cloud Security Survey findings

No comments

The SANS Institute released a new cloud security report recently based on a survey of several hundred companies across the US, Asia, Europe, and Canada. The companies surveyed ranged from the small (under 1000 employees) to the very large (over 50000 employees) and represented a variety of industries including 32 percent from the technology sector and 11 percent from the finance sector.

Read More