Hackers could exploit security vulnerabilities in fax machines to launch cyber attacks in millions of organisations around the world, researchers warn, underlining the need for cyber resilience.
Ray Rothrock, chairman and CEO of security analytics firm RedSeal, said the Check Point research underlines the need for organisations to focus on resilience.
“We recommend that companies validate their segmentation policies and make sure there’s very limited access to their most valuable assets,” he said. “This isn’t a one-and-done exercise. Companies must remain vigilant, constantly monitoring all possible pathways within and between their network environments so they can quickly isolate a compromised device.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-08-15 09:47:032018-08-15 09:48:34Millions of businesses vulnerable to fax-based cyber attack
I found myself in London Heathrow recently with a few hours to kill. I’d heard about a big political brouhaha rumbling along about adding a third runway, but there are lots of competing pressures — from the economic to the environmental and everything in between. So I decided to spend my down time looking into that. Just how badly does Heathrow need another runway?
After reading a good piece in Wired, this amateur pilot found the statistics intense: Heathrow functions at almost 99% capacity, essentially packing in as many people as the airport can take, with a landing or takeoff taking place every 45 seconds. Forty-five seconds might sound like there’s still some room for error, but from my point of view, it’s far from it. I’m not allowed to land the small planes I fly for three minutes after a big jet takes off or lands due to the dangerous turbulence they leave in their wake. If I wanted to land at Heathrow, it would have to make a huge gap, canceling landing clearances for at least three big jets. That would inconvenience many hundreds of people. What’s worse, at these use levels, the ripple effects could last all day.
As a security professional, I found a behind-the-scenes aspect of the story most interesting — specifically, the approach taken to ensure resilience.
While the focus on cybersecurity has never been higher, the cybersecurity community – a combined team of solution providers, CISOs, boards and others– haven’t been able to stop most attacks from being successful.
We have focused too much of our efforts on network perimeters, working to detect and prevent cyber attacks. We haven’t done enough to build resilience INSIDE the network, the part of the equation we can control and quantify with a security metric.
Organizations need to build resilience into their infrastructures and adopt an end-end digital resilience strategy to survive and thrive.
How big is the problem? There are 1400+ vendors focused on cybersecurity. Nearly $100B was spent on information security just in 2016. Yet billions of records have been compromised.
The reason is we have not addressed fundamental issues inside the network. Companies need to build resilience into their infrastructure and adopt a corporate-wide digital resilience strategy with a corporate-wide security metric.
A few years back, RedSeal gathered 800 surveys during the RSA Conference. We learned that:
Practitioners are drowning in data
They can’t measure the performance or impact of their security efforts
Current solutions can’t turn data into action
They need useful cybersecurity metrics
The problem with measuring security is that security is the absence of something. You can’t report how often you were NOT on the cover of Washington Post. Many people start by counting what they are doing. But this measures busy-ness, not business. How can you show actual improvements in cybersecurity?
The Shifting Terrain and Digital Resilience
According to the 2016 TechCrunch CIO Report, 82% of global IT leaders report significant labor shortages in cybersecurity. This, combined with issues such as software defined everything, digital transformation, hybrid datacenters, IoT, and shadow IT, means a big shift in thinking is required. We don’t have enough people to throw at the problem.
Digital resilience is a comprehensive strategy across all IT functions and business processes to minimize the impact of cyber attacks and network interruptions. It’s a different way of thinking. Being resilient means simultaneously striving to minimize each attack and being able to recover quickly from a strike. Resilient organizations have fewer, smaller incidents, understand and respond to them faster, and can rapidly return to normal operations afterwards.
It’s not enough to see the devices in your “as-built” infrastructure – you have to really understand how they are configured and automatically get a list of vulnerabilities.
And that list of vulnerabilities is a problem; there are too many to act on. Even knowing asset value and vulnerability severity aren’t enough to fully understand the risk. You need to understand if they can be accessed. A high value asset with a vulnerability that is segmented behind a firewall is not as big a risk as one that is slightly lower in value, but has an open path to the internet.
RedSeal’s Digital Resilience Score
Resilient organizations must focus on three main areas—being hard to hit, being ready for an attack when it comes, and being able to recover quickly.
RedSeal helps these organizations identify defensive gaps, run continuous penetration tests to measure readiness, and map their entire network infrastructure.
From these capabilities, RedSeal calculates one unified number, so managers, boards of directors and executive management have the understandable and actionable cybersecurity metric they need to drive towards digital resilience.
Do you have defects that are easy to hit? RedSeal evaluates how weaknesses from incorrectly configured devices and third-party software could impact you.
Can an attacker reach your valuable assets? RedSeal evaluates how well your network is structured, identifying attack pathways and chains of vulnerability that reduce your ability to withstand and recover from attack.
Is your network understanding complete? By identifying previously unknown parts of your network, RedSeal evaluates how well you know what your digital infrastructure looks like. With a complete picture, you can be sure you’re managing all assets on your network. During an attack, you’ll be able to understand where an attacker can reach. And, you’ll be able to recover much more quickly.
Instead of getting stuck in an ineffective focus on measuring activity, resilient organizations use RedSeal’s Digital Resilience Score (DRS). This cybersecurity metric works like a creditworthiness score, deducting pointing for defensive gaps, weaknesses revealed by attack simulations, and blind spots in your network awareness. A higher score means there is a higher likelihood that your business can withstand an incident and keep running.
It’s the cybersecurity metric that matters for digital resilience.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Wayne Lloyd, Federal CTO, RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngWayne Lloyd, Federal CTO, RedSeal2018-07-02 05:58:532019-10-03 14:26:29The Only Cybersecurity Metric That Matters for Digital Resilience
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-06-27 15:15:252018-12-17 14:22:25How to solve the human challenges of cybersecurity
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-06-26 08:34:042018-06-27 13:51:53Why agencies are shifting from cyberdefense to digital resilience
Business owners share the most influential lessons learned throughout their careers, including insights into their daily habits, their most vital priorities that have contributed to their business and personal success, and the most challenging time or situation that could have devastated or even ruined their businesses or careers.
In this episode, RedSeal CEO and “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?” author Ray Rothrock discusses:
Why you can’t predict where the next cyber threat will come from
How to get ready for a cyber threat
The importance of being prepared to respond to cyber threats with the right people, systems, strategy and processes
How RedSeal helps businesses prepare for any potential cyber attack
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-05-25 10:39:542018-11-26 11:34:44Podcast: How to get ready for a cyber threat
Cybercrime and cyberwarfare are both on the rise. From businesses large and small to national governments, the question is not if they will experience a cyberattack, but when, how much damage will be done and how long the recovery process will be. In this week’s episode, we discuss the cybersecurity landscape and how businesses and governments can most effectively work together to mitigate risks.
Joining World Affairs CEO Jane Wales are digital security experts Ray Rothrock, CEO of RedSeal and author of “Digital Resilience,” and Richard Clarke, former U.S. National Coordinator for Security, Infrastructure Protection, and Counterterrorism and most recently, author of “Warnings: Finding Cassandras to Stop Catastrophes.”
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-05-22 10:49:542018-11-26 12:16:56Building Digital Resilience: Planning For and Recovering From the Next Cyber Attack
Security incidents are up 66% year-over-year since 2009. Despite this alarming statistic, 80% of CEOs report that they are confident in their company’s cybersecurity. Cybercrime is on the rise. Are you prepared?
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-05-17 15:16:392018-11-26 12:17:34Is Your Company Ready for the Next Cyber Threat?
Cybercrime is an epidemic, and every business is at risk. For management, the question is not if you will be compromised, but when. 80% of CEOs are very confident in their company’s cybersecurity strategies, despite the fact that security incidents have surged 66% year-over-year since 2009 (PricewaterhouseCoopers). In fact, few are prepared, explains cybersecurity expert Ray A. Rothrock, who demystifies cyber risk and clearly outlines strategies for both surviving attacks and thriving even while under assault.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-05-14 15:16:372018-11-26 12:21:23Digital Resilience: Is Your Company Ready for the Next Cyber Threat?
It might be a grim necessity and a tiresome back-office expense, but tackling cyber security by creating digital resilience should be viewed not as a cost, but as an investment, says Ray Rothrock. Don’t build a wall as defence against cyber attackers, he says – that can prevent growth. Build an army to display how well your brand is continuing to invest in security and can thus be trusted. Here’s how:
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-05-01 11:49:362018-11-26 12:22:02Cyber Security and Defending Your Data – How to Promote Your Digital Resilience
In order to provide with the best experience possible we might sometimes track information about you. Sometimes this may involve writing a cookie. We use this information for things like experience enrichment, analytics and targeting advertising. We recommend allowing these functions to get the most out of your experience.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
Other external services
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.