Cyber attacks

Verizon Incident Preparedness and Response Report (VIPR) 2019

No comments

Verizon recently released its 2019 Incident Preparedness and Response Report (VIPR) – “Taming the Data Breach” – based on data collected from companies across industry verticals between 2016 and 2018. The company analyzed the Incident Response or IR Plans of organizations from the finance and insurance (33%), retail trade (17%), manufacturing (15%), utilities (5%), wholesale trade (5 %), educational services (5%) and a few other industries. It also came up with actionable recommendations based on five data breach simulation scenarios.

What the IR Plan is

The IR Plan is centered around the six main stages of incident response – (1) Planning and preparation, (2) Detection and validation, (3) Containment and eradication, (4) Collection and analysis, (5) Remediation and recovery, and (6) Assessment and adjustment. It identifies and defines the roles and responsibilities of internal IR stakeholders; and describes incident detection, attack types, and severity levels to help IR stakeholders and tactical responders manage security threats and incidents.

Key findings

The company’s findings are divided into six main sections that correspond to the six stages of incident response.

Planning and Preparation

Plan construction
  • Seventy-nine percent of the organizations assessed had an IR plan in place. 
  • Forty-eight percent had a “logically constructed, efficient” IR plan.
Plan relevance
  • Only 40 percent of the plans had clearly defined provisions for periodic reviewing, testing, and updating of IR Plans.
  • Twenty-two percent did not cite any internal security policies or procedures, and 38 percent did not cite legal or regulatory requirements.
Internal stakeholders
  • Fifty-seven percent of the plans designated internal IR stakeholders, and 52 percent fully described internal IR stakeholder roles and responsibilities. 
  • Fifty-nine percent did not require internal IR stakeholders to periodically conduct meetings to discuss the threat landscape.
Tactical responders
  • Fifty-three percent clearly designated tactical responders.
  • Forty-seven percent clearly defined tactical responders’ roles and responsibilities.

Detection and Validation

Incidents and events
  • Fifty-five percent of the assessed plans fully defined cybersecurity incidents.
  • Forty-one percent clearly defined cybersecurity events. 
  • Sixty-two percent clearly classified cybersecurity incidents.
  • Sixty-seven percent clearly defined different severity levels for cybersecurity incidents.
Detection sources
  • Forty percent plans fully described non-technical incident detection sources. 
  • Thirty-one percent fully described technical incident detection sources.
Tracking and reporting
  • Forty-two percent plans clearly and fully defined incident and event tracking mechanisms.
  • Sixty-six percent clearly defined incident reporting procedures.
Escalating and communicating
  • Forty percent included detailed IR stakeholder escalation criteria.
  • Forty-five percent included IR stakeholder notification procedures.

Containment and Eradication

  • Fifty-two percent of the assessed plans clearly described containment measures.
  • Fifty percent included fully defined eradication measures.

Collection and Analysis

Collecting and analyzing
  • Only 16 percent of the assessed plans includes clearly defined procedures for data collection and analysis. 
  • Even fewer – 9 percent – fully defined tools for data collection and analysis.
Evidence handling
  • Twenty-six percent plans clearly mentioned procedures for evidence handling.
  • Twenty-one percent fully described evidence submission and chain of custody forms use.

Remediation and Recovery

  • Only 41 percent of the plans included clearly laid out measures for remediation.
  • Forty-five percent included clearly defined recovery measures. 

Assessment and Adjustment

Lessons learned
  • Seventy-six percent plans required (and 14 percent partially required) lessons-learned activities following security incidents
  • Sixty percent fully required (and 14 percent partially required) IR Plan updating following security incidents
Measuring success
  • Twenty-four percent of the assessed plans required the retention of data and reporting. 
  • Twenty-four percent required the tracking of incident and response metrics.

Recommendations

The top five Incident Response Plan recommendations were clearly defining tactical responders’ qualifications (85 percent), making provisions for data analysis (83 percent) and data collection guidance (76 percent), citing external security-related governance and standards (78 percent) and writing and publishing database incident reports and lessons learned results (78 percent). 

The top five breach simulation recommendations were maintaining a regularly updated, well-rounded IR plan (30 percent), producing IR playbooks for individual incident types (30 percent), putting in place internal escalation protocols (30 percent), clearly defining IR stakeholder roles and responsibilities (27 percent), and establishing alternative communication channels and solutions (26 percent).

Read the complete report at Verizon’s website: https://enterprise.verizon.com/resources/reports/vipr/

Read More

Cyber Incident Trends Report (NCSC)

No comments

October 2018 to April 2019

Cybersecurity Incident Trends Report
Cyber Incident Trends Report – NCSC UK

The UK’s National Cyber Security Centre (NCSC) recently released its cyber incident trends report for the period between October 2018 and April 2019. The report covers five main cyber attack trends seen in the UK – (1) attacks on Office 365 deployments (and cloud services in general), (2) ransomware, (3) phishing, (4) vulnerability scanning, and (5) supply-chain attacks. “All the incident types noted have resulted in compromises within the UK, some significant in nature,” it says. 

Read More

Network-based attacks

No comments

Cyberattacks come in all shapes and forms. They are everywhere, and whether you know it or not, you’ve likely been a victim of one at some point. Even an occasional look at IT news will tell you just how widespread cybercrime is and how many areas of life it affects. Yet many of us don’t have more than a superficial idea of how cyberattacks work, where they originate, and how severe their repercussions can be. 

Read More

Cyber Attack Trends 2019 – Check Point Research

No comments
Cyber Attack Trends 2019

Check Point Research released its 2019 mid-year report on Cyber Attack Trends last month. The report puts targeted ransomware attacks at the top of its list of dominant ongoing trends in 2019. Cryptomining attacks, on the other hand, have declined considerably over the past year, with only 21 percent organizations affected by cryptominers’ attacks this year, compared to 42 percent in 2018. 

Read More