An attack by the notorious LockBit ransomware gang stole 10 GB of data from a company that provides high-security fencing for military bases.

Read More

Interesting research:

Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities

Abstract: The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most severe (critical) value. The goal of CVSS is to provide comparable scores across different evaluators. However, previous works indicate that CVSS might not reach this goal: If a vulnerability is evaluated by several analysts, their scores often differ. This raises the following questions: Are CVSS evaluations consistent? Which factors influence CVSS assessments? We systematically investigate these questions in an online survey with 196 CVSS users. We show that specific CVSS metrics are inconsistently evaluated for widespread vulnerability types, including Top 3 vulnerabilities from the ”2022 CWE Top 25 Most Dangerous Software Weaknesses” list. In a follow-up survey with 59 participants, we found that for the same vulnerabilities from the main study, 68% of these users gave different severity ratings. Our study reveals that most evaluators are aware of the problematic aspects of CVSS, but they still see CVSS as a useful tool for vulnerability assessment. Finally, we discuss possible reasons for inconsistent evaluations and provide recommendations on improving the consistency of scoring.

Here’s a summary of the research.

Read More

For organizations of all sizes, cyber consistently earns a place on the agenda, becoming a focal point for business-critical initiatives and investments. Today, cyber means business, and it isn’t challenging to overstate the importance of cyber as a foundational and integral business imperative.

As businesses become increasingly digitized, cybersecurity has become a board-level concern. The traditional security team has been thought of as gatekeepers or teams of NO. We also hear a lot about how cybersecurity is a business enabler, so in today’s business environment, security teams must extend their expertise beyond cybersecurity and consider how they can contribute more to achieving better business outcomes through secure operations and delivering good user experiences.

Enterprises that integrate cyber-security measures with every business function will be able to deliver greater customer experience, attract new customers and enjoy a larger market share, resulting from having a competitive edge!

Many security practices are still based on the old concept of trust but verify. Yet, today data and applications extend far beyond the company’s walls, and blind trust is a luxury no business can afford. Instead, cybersecurity should focus on authenticating identities and devices in the context of requests for any protected resource. Such resources include anything that would constitute a risk to the business if compromised. This means data, networks, workloads, data flows, and the underlying infrastructure that supports them.

Integration and consolidation: Consolidate and integrate: A comprehensive network architecture is critical for business success and productivity. However, legacy systems that rely on multiple vendors, solutions, and applications create complexity and increase risk. CISOs should consolidate their information architecture to simplify the environment. Not only does this reduce complexity and cost, but it also lowers risk and drives increased consistency and more positive user experiences across platforms, ultimately leading to improved productivity.

Integration of cybersecurity and risk management: Integrating cybersecurity and risk management is crucial for effective cybersecurity operations. This involves aligning cybersecurity strategies with overall risk management objectives to ensure that security measures are implemented in a risk-based manner.

 Leveraging cybersecurity as-a-service: Using cybersecurity as-a-service (CaaS) more frequently can enhance security operations. CaaS allows organizations to leverage external expertise and resources to strengthen their cybersecurity posture. It provides access to specialized tools, technologies, and expertise without requiring extensive in-house infrastructure and resources.

Relying on automation: Automation plays a vital role in cybersecurity operations. It helps streamline processes, reduce manual effort, and improve efficiency. By automating repetitive tasks, security teams can focus on more complex and critical activities, such as threat analysis and incident response. Automation also enables faster detection and response to cyber threats, reducing the risk of damage to mission-critical operations.

Visibility and contextualization: Achieving a holistic view of the network architecture is essential. CISOs should prioritize implementing solutions that deliver a clear picture of the working environment to ensure it is secure and reliable. This is especially important for hybrid working environments where new applications and users can be added from anywhere while also introducing risk and exposing potential vulnerabilities in the system. CISOs should implement monitoring solutions to proactively monitor environments and achieve end-to-end performance for the best results.

Address risk management: Cyber risk management is essential for businesses to improve the operational impact of risks. Organizations can gain efficiencies, mitigate consequences, and avoid revenue loss, significantly improving their bottom line.

Quantify cyber risks: Start by determining the likely financial impact of different threats. This allows you to allocate finite resources to address the most significant risks. Understanding the potential economic consequences will enable you to prioritize your efforts and investments accordingly.

Take a risk-based approach: Cybersecurity risk management involves identifying, analyzing, prioritizing, and mitigating potential risks to your organization’s security. Adopting a risk-based approach helps you understand your cyber risks and reduce their potential impact.

This iterative process enables you to make strategic decisions based on the effectiveness of risk reduction.

Align cyber risk management with business needs: It is crucial to align your cyber risk management strategy with your business needs. This ensures that your efforts are focused on the long-term effectiveness of your strategic decisions. This alignment can be achieved by connecting cyber risk management to board members, reducing operating losses, and minimizing reputational damage.

Develop a cybersecurity risk management strategy: Creating a cybersecurity risk management strategy provides a roadmap for your mitigation activities. When developing this strategy, consider asking questions such as: What are the risks? What are the potential consequences? What is the likelihood and impact of each risk? This strategic approach helps you proactively address cyber threats and protect your organization. This strategy can help reduce fraud, protect the bottom line, create new revenue opportunities, and improve productivity. By following these insights and implementing effective cyber risk management practices, businesses can safeguard their operations, enhance financial performance, and mitigate the potential impact of cyber threats.

If you need help with your risk management strategy, AT&T Cybersecurity has a wide range of services to help.

Read More

Highgate Wood School forced to delay new term for six days

Read More

Industry veteran Ollie Whitehouse is confirmed

Read More