Cybersecurity is not a new issue, but the stakes are getting higher. The scale of regulatory penalties is growing, and customers—consumers, businesses and public-sector organizations alike—are becoming more sensitive to the issue. In the past, many consumers saw little difference between the security postures of the companies—such as banks and retailers—pursuing their business, and so it didn’t sway their loyalty. That’s changing, and consequently lots of companies are responding by making security and data privacy central to their value proposition.

For more than a decade, Verizon has published some of the preeminent reports on cybersecurity, including the Data Breach Investigations
Report (DBIR). This is the fourth edition of the Mobile Security Index. As the name suggests, it focuses on the threats to mobile devices; what
defenses companies have in place to thwart these attacks; and how often those fail, leading to a mobile-related compromise.

One of the key themes of the 2020 Mobile Security Index was mal-innovation. We talked about how cybercriminals were constantly finding new and often imaginative ways to carry out attacks. In another life, where their motives weren’t nefarious and the outcomes not so damaging to so many, the creativity and ingenuity shown by some of the attackers would merit fame and accolades.

Click to download 

Up to $223b of the World’s Top 100 Brands’ Value could be at risk from a Data Breach, finds Infosys-Interbrand Study.

In a world where technology has gotten weaved into every facet of our lives, we find ourselves living in a data-rich society. And this has made cybersecurity a part of our everyday lexicon, driving our choice in our association with brands.

For brands, this means data security has become a critical aspect of their businesses. This has a direct implication on the ‘trust’ that customers have on a brand. This in turn has a huge influence on customer engagement and affinity with the brand.

Most studies on data breaches tend to focus on the immediate costs to businesses – drop in profits or loss in revenues. However, the real impact on businesses could run much deeper as breaches can affect the long-term relationship between the customers and the brand.

In the endeavor to gauge this real impact, Infosys partnered with Interbrand to understand the impact of a breach on the brand’s relative strength. The study involved extensive desk research, discussions with security experts, along with a poll amongst Interbrand’s Brand Valuation Experts from across 15 countries.

The report serves as a guide for businesses to understand their brand’s ‘value at risk’ in the event of a cybersecurity breach and offers insights into implementing a well-defined cyber security strategy to maintain constant vigil and protect applications, data, networks and systems from the ever-present cyber threat landscape.

Click to download

What is Hunting?

Most security technologies, tools, and processes are passive. They’re triggered by events or conditions that generate some prescribed response ─ not unlike how your immune system works to detect and address foreign bodies. Enterprise antivirus is a well-known class of technologies that illustrate this process particularly well. But these passive controls and workflows are rarely immediate. Adversaries may be able to dwell undetected in your environment for hours, days, weeks, months, or years. Even worse, adversaries have learned to maximize their success with minimal dwell time, which leaves you the narrowest margin of error to prevent data theft or business disruption.

Threat hunting has become one of the more important functions of mature security organizations – a rare capability that enables them to address gaps in passive security solutions. But at first, threat hunting can be a daunting endeavor. How can you detect attacks that don’t deploy malware or leave behind known indicators of compromise? How can you deduce the presence of “fileless”attacks that minimize disk-based evidence? The goal of this guide is to help security teams cultivate the skills and procedures that enable threat hunting.

The first chapter provides an overview of threat hunting concepts and shares ideas for integrating threat hunting into security operations. Subsequent chapters explore techniques for hunts based on different adversary techniques. Appendices offer reference materials to remind you of key information. When you pick up this guide you join a global community of security professionals. Together we can reshape the security landscape by sharing knowledge and best practices on how to protect the world’s data from attack.

Click to download

Cyber resiliency, like security, is a concern at multiple levels in an organization. The four cyber resiliency goals, which are common to many resilience definitions, are included in the definition and the cyber resiliency engineering framework to provide linkage between risk management decisions at the mission and business process level and at the system level with those at the organizational level. Organizational risk management strategies can use the cyber resiliency goals and associated strategies to incorporate cyber resiliency.

Cyber resiliency objectives are more specific statements of what a system must achieve in its operational environment and throughout its life cycle to meet stakeholder needs for mission assurance and resilient security.

The purpose of this document is to supplement [SP 800-160 v1] and [SP 800-37] (or other risk management processes or methodologies) with guidance on how to apply cyber resiliency concepts, constructs, and engineering practices as part of systems security engineering and risk management for systems and organizations. This document identifies considerations of the engineering of systems that include the following circumstances or systems that depend on cyber resources. Circumstances or types of systems to which this document applies include:

Click to download