Knowing the True Value of Data Assets Will Improve Cyber Security and Promote Meaningful Cyber Insurance

Understanding the value of corporate assets is fundamental to cybersecurity risk management. Only when the true value is known can the correct level of security be applied.

Sponsored by DocAuthority and based on Gartner’s Infonomics Data Valuation Model, Ponemon Institute queried 2,827 professionals across the U.S. and UK to gauge how different business functions value different information assets. The business functions included in the research comprise IT security, product & manufacturing, legal, marketing & sales, IT, finance & accounting, and HR.

How DNS Analytics Can Boost Your Defense

The Domain Name System (DNS) is one of the foundational components of the internet that malicious actors commonly exploit and use to deploy and control their attack framework. The internet relies on this system to translate domain names into numbers, known as Internet Protocol (IP) addresses. Giving each IP a unique identifier allows computers and devices to send and receive information across networks. However, DNS also opens the door for opportunistic cyberattackers to infiltrate networks and access sensitive information.

these are the steps of the investigation:

1- Hypothesis Generation The first step when it comes to formulating an investigation is to create hypotheses. The aim of these hypotheses is to find evidence of threats before they are exploited, or even ones that are already being exploited.

2 – Validation of the hypotheses. Once a hypothesis has been defined, its validity needs to be verified. We then need to look for the existence of threats that fit this hypothesis. In this stage it is usual for some hypotheses to be discarded, while research into others is prioritized due to their likelihood or criticality.

3 – Finding evidence. From the results obtained in the previous search, we need to verify if a threat really exists. False positives and mistakes in configuration are set aside, and efforts are focused on the validated hypotheses.

4 – Discovery of new patterns. The attack is reconstructed to find any new patterns and tactics used to carry it out.

5 – Notification and enrichment. Using the knowledge generated during the Threat Hunting process, the automatic detection systems are enriched and improved. This way, the organization’s global security is improved thanks to the discoveries made during the investigation.

If you want to understand why you should be worried about the proliferation of cyberweapons and the lack of arms control treaties governing them, then read on.

Cybersecurity headlines in recent years have been dominated by companies losing money by being hacked and leaking the data of millions of customers.

But today, cybersecurity is moving beyond the financial impact to concerns over public safety, national security, and even cyberwarfare.

To understand the state of cyberwar and its potential impact, we should all keep in mind two things:
1. The proliferation of cyberweapons is already happening
2. Arms control of cyberweapons hasn’t caught up

Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent email from what seemed to be your bank or even seen the hacking that took place during the 2016 US presidential election. But what do you know about phishing?

As I’ve written about in previous articles, security automation technology is creating impressive gains for security and incident response teams, by helping them improve operational effectiveness, increase speed and agility, and reduce risk. More and more security analysts and SOC managers are beginning to understand the potential of automation as they experience it firsthand or hear about it from their peers.

https://www.securityweek.com/authors/stan-engelbrecht

Facebook on Wednesday said it considered charging application makers to access data at the social network.

Such a move would have been a major shift away from the policy of not selling Facebook members’ information, which the social network has stressed in the face of criticism alleging it is more interested in making money than protecting privacy.

“To be clear, Facebook has never sold anyone’s data,” director of developer platforms and programs Konstantinos Papamiltiadis said in response to an AFP inquiry.