BreachExchange mailing list archives
Pop! Goes the weasel hacker into your customer database
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 13 Feb 2015 13:31:43 -0700
http://www.bizjournals.com/phoenix/blog/business/2015/02/pop-goes-the-weasel-hacker-into-your-customer.html Oh, yes, you have up-to-date antivirus and anti-malware protection in your servers, tablets, laptops, and you have firewalls. Feel safe? Think again. The question is not if an adept, malevolent hacker will breach your system. The question is when. And then what will you do? Pray. Or, you can install the newest methods of instant response to even a hint of a potential or an actual breach. Call it automated cyber security operations and incident response. And then in real-time these new systems and your cyber response team can take instant action to thwart and mitigate potentially massive damage to your business and your customers. The first installations have begun in major corporations and in government organizations. What went wrong when… Target Corp. experienced a well-known breach that did significant damage to a good U.S. company - huge costs, loss of customer data, loss of business, and large collateral damage in the press. Target had conventional breach prevention measures in place, but it happened anyway. Estimated overall costs now exceed several hundred million dollars. Sony was hit twice with significant breaches that damaged its reputation and loaded it with enormous costs estimated at several hundred million dollars. Here's a long list of 2014 breaches in well known U.S. corporations alone. This is a list of only the commercial business community. Other lists of breaches in U.S. government organizations are equally mind breaking.
From reactive to proactive
Assume that you will eventually be hit with a serious breach, no matter what protective measures you have taken. If you already have your internal cyber security response team in place, good. If not, bad. Go hire a strong team quickly – and with a great leader. Then, make very certain that you have the very best anti-virus, anti-malware, firewalls, and other critical components in place. Either your own cyber response team can do this, or you can contract with outside experts to help. Finally, start looking for the very best incident response and automated security operations software system. It should integrate at least three critical functions: Incident Response - informs and marshals your internal security operations teams around a potential or real breach to stop or mitigate economic and other damage. Vulnerability Management – a process of remediating vulnerabilities based upon your system assets, such as servers, peripherals, laptops, phones, tablets, and more. Threat Management - provides your system with access to a database of 125,000,000 known malware samples and viral threats to help isolate the characteristics of a breach. By the way, this database has been created by the Georgia Institute of Technology and is expanding at the rate 1,000,000 new entries per day. Do you think we have a problem, Houston? Breach cost escalation The longer a breach persists, the more it grows and the more damage it causes. At some point, your customer databases may be copied without you knowing it. Once that has happened, the economic and collateral damage have skyrocketed and it is literally too late. There is no hope. So, dig deeper and find out more about the new advanced systems that respond instantly and robustly to potential and real intrusions. Now there is hope. The bottom line Get smart. Arm yourself with an expert cyber team to help disarm breaches when they happen. Mobilize them with the newest security operations automation that integrates vulnerability management, incident management, and threat management. Stop digital damage instantly. Trap the weasel hacker.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Pop! Goes the weasel hacker into your customer database Audrey McNeil (Feb 20)