India’s Leading outsourcing giant Wipro Ltd confirmed that some of its employee accounts have been hacked in an advanced phishing campaign. The company detected an abnormal activity in a few of his employee accounts on its network. Kerbs On Security detailed that the companies It systems have been hacked and used to launch an attack […]
The post Wipro Security Breach – Employees’ accounts Hacked Through Advanced Phishing Campaign appeared first on GBHackers On Security.
Hackers have breached FBI-affiliated websites and published the personal data of federal agents and law enforcement officers online. The hackers published sensitive data that contains 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers, and their postal addresses, learned TechCrunch. Hackers exploited […]
The post FBI-affiliated Websites Hacked – Hackers Steals Agents Personal data From Websites and Published Online appeared first on GBHackers On Security.
Microsoft Announced a data breach by unknown hackers who have compromised the Microsoft technical support agent’s credentials and gain access the some of the Microsoft customer’s Email. Cybercriminals breached the Microsoft network between January 1 and March 28 and compromise the Microsoft support agent’s credentials. Microsoft notified to the customer via Email on Friday said, […]
The post Microsoft Hacked – Hackers Compromised The Microsoft Employee’s Account to Gain Access the Customers Email appeared first on GBHackers On Security.
Over 540 million Facebook users personal records that include comments, likes, reactions, account names, FB IDs exposed to the public Internet. All the data are collected and stored by Third-Party developers. Researchers from UpGuard found third-party Facebook app datasets, one from Mexico-based media company Cultura Colectiva and another one belongs to Facebook-integrated app “At the […]
The post 540 Million Facebook Users Personal Data Exposed to the Public Internet appeared first on GBHackers On Security.
This post appeared first on Naked Security Blog by Sophos
Author: John E Dunn
Toyota hacked, yes, Toyota major subsidiaries network compromised by unknown hackers and they gained unauthorized access to the network where Toyota stored nearly 3.1 million customers sensitive information. Toyota Motor Corporation is a Japan-based, world’s second-largest automotive manufacturer who produces more than 10 million vehicles per year. This security incident affected Japan-based Toyota subsidiaries networks […]
The post Toyota Hacked – Hackers Leaked 3.1 Million Customers Sensitive Information Online appeared first on GBHackers On Security.
If there’s one thing I’ve learned from working in cybersecurity, it’s that security incidents do not simply occur, they are caused — either by legitimate users who unintentionally expose company data or malicious actors who seek to breach enterprise systems undetected. Unfortunately, it is much easier for attackers to identify exploitable vulnerabilities than it is for security teams to fix every flaw in the company’s network.
While it would seem the odds are insurmountably stacked against cyberdefenders, there is at least one element of an effective incident response program that even the most ingenious attackers cannot take away from security teams: preparedness and thorough planning.
One of the most important metrics in incident response is the time its takes to respond to and contain a security event. According to the “2018 Cost of a Data Breach Study,” the costs associated with a breach were 25 percent lower for organizations that managed to contain the incident within 30 days. That’s a difference of more than $1 million when you consider the overall average cost of a breach, which is particularly concerning since the average time between detection and containment is 69 days.
This so-called mean time to contain (MTTC) depends on the organization’s level of preparedness to rapidly switch into emergency response mode and execute the right tasks in the right order — all under the intense pressure and confusion that invariably arises from a crisis situation. That’s why MTTC is a crucial metric in any emergency response plan template.
Companies with a mature security posture don’t just take a proactive approach to mitigating threats, they also train their employees on what to do in a worst-case scenario and how to implement a break-glass policy within their organizations. This requires security leaders to continuously review their plans for gaps and inefficiencies and adjust them accordingly to thoroughly understand the impact of a potential breach from a remediation perspective.
Below are six key steps organizations can take to step beyond proactive measures and prepare to respond in a worst-case scenario.
An incident response plan does not just apply to IT and security. You will need cooperation and resources from people outside the security organization, including legal, human resources and other departments.
To develop your incident response plan, you must understand the kind of events you are addressing and their potential impact to your organization. The loss and exposure of data is one example that is critical to virtually all companies, and not just since the General Data Protection Regulation (GDPR) took effect. Other risks to consider include production outages, flawed products and third-party breaches. Security leaders should work closely with risk officers to identify the threats with the greatest potential business impact.
It takes a lot of hard work from a variety of people and business functions to identify, contain and eradicate an incident. Roles must be clear in advance, and everyone must know his or her responsibility in the event of a security incident.
Typically, this is where a predefined group of response specialists, known as a computer security incident response team (CSIRT), steps in. In addition to security experts, this team should include representatives from management as well as other business units.
In case of emergency, it’s critical to define the relevant communication channels. Communication channels must be open at all times, even if the normal channels are compromised or temporarily unavailable. It’s also important to establish guidelines for what details should be communicated to IT, senior management, relevant departments, affected customers and the public.
A lot can go wrong during incident response activities. Valuable information can be destroyed through recklessness and thoughtlessness or, worse, by an attacker who is just waiting to exploit poor user behaviors. Therefore, incident response steps should follow a clear structure and methodology, such as the SANS Institute’s six-step incident response framework and other publicly available resources that can be adapted to fit an organization’s unique needs.
The worst thing you can do is wait until a crisis occurs to execute your incident response process for the first time. Tabletop exercises and run books are always beneficial, but it is most critical to regularly drill the response flow and strive to improve its results in every subsequent drill. It’s also helpful for team members to join discussion groups and share successful practices with other teams to sharpen incident response plans and reduce the potential damage from an impending attack.
While a break-glass policy can add more layers of protection in the event of a breach, it also adds to the workload of your already overwhelmed staff. That’s why many organizations are hesitant to step forward. But the benefits of containing the damage within a short period of time outweigh the value of this investment by far. By adapting a tried-and-true emergency response plan template to your organization’s incident response needs and business goals, you will be in a much better position to minimize the damage associated with a data breach.
The post When It Comes to Incident Response, Failing to Plan Means Planning to Fail appeared first on Security Intelligence.
This post appeared first on Security Intelligence
Author: Reto Zeidler
This post appeared first on Naked Security Blog by Sophos
Author: Lisa Vaas
Facebook Stored their hundreds of millions of users password in plain text instead of masking it as a human-readable format. These millions of unencrypted plain text passwords are accessible by thousands of internal Facebook employees. But the further investigation conducted by Facebook reveals there is no indication that any of the Facebook employees are abused […]
The post Facebook Stored Hundreds of Millions of Users Password in Plain Text appeared first on GBHackers On Security.
This post appeared first on Naked Security Blog by Sophos
Author: John E Dunn