Over the last several months we’ve seen a tremendous uptick in cyberattacks. Nearly every day, news of another ransomware, supply chain or zero-day attack makes headline news. So, what can organizations do to mitigate risk? One major step forward to improve security operations is to effectively share curated threat intelligence.
2020 was the year of the phish. Well, not officially. According to the Chinese Zodiac, 2020 was the Year of the Rat. But if you look at it from a cyberattack trends perspective, plenty of third parties reported a huge uptick in phishing attacks during 2020. The SANS 2021 Top New Attacks and Threat Report points to both the Microsoft Digital Defense Report 2020 and the 2021 Data Breach Investigations Report as key sources that validate phishing as the most common initial compromise vector.
This month marks the 18th year of Cybersecurity Awareness Month (CSAM) which focuses on helping provide individuals with resources they need to stay safer and more secure online. Now, more than ever, the overarching theme “Do Your Part. #BeCyberSmart” should resonate with everyone.
ThreatQuotient’s new survey on the State of Cybersecurity Automation Adoption is now available for download. Conducted by independent research organization, Opinion Matters, the survey includes responses from 250 senior cybersecurity professionals representing the following industries: central government, defense, critical national infrastructure (energy and utilities), retail and financial services.
Threat intelligence feeds enable organizations to stay informed about indicators of compromise (IoCs) related to various threats that could adversely affect the network. These feeds also help to inform tools like SecurityScorecard’s Security Data by providing a source of information to collect, analyze and share with customers.
The escalation of cyberattacks since early 2020 is requiring many companies to strengthen their security operations. Adversaries are taking advantage of new attack vectors – like IoT devices, insecure remote access mechanisms, and the multiple personal and work devices users now move between. They’re also leveraging human vulnerabilities, impersonating trusted colleagues and third parties to infiltrate organizations.
The SANS 2021 Automation and Integration Survey is now available for download, focusing on the question: First we walked, now we run – but should we? Let’s face it, we’ve talked about security automation for years. We’ve grappled with what, when and how to automate. We’ve debated the human vs machine topic.
Many CISOs I speak with across Europe tell me their cybersecurity teams rely on two, primary open-source platforms within their security operations (SecOps). The first is Malware Information Sharing Platform (MISP), that allows the storing and sharing of indicators of compromise (IoCs) with other MISP users. The second is TheHive, designed for security incident response (IR).
SecOps and security teams spend an excessive amount of time sifting through low-value, poorly-contextualized alarm data rather than actively hunting for valid threats. This is because bad actors are constantly looking to steal whatever they can hold onto with the least exposure. Recent ransomware attacks in critical business sectors only serve as reminders that organizations cannot lie dormant. This blog post will unpack strategies to help overcome these challenges and explain why integrating threat intelligence with security orchestration and automation is critical for an effective security operations strategy.