Implement Vulnerability Lifecycle Management Now Or Face The Consequences – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver


The following heading hit the news recently on September 7, 2017:

Equifax Inc. today announced a cyber security incident potentially impacting around 143 million U.S. customers. Wrongdoers exploited a U.S. site application vulnerability to gain access to certain files. Based upon the business’s examination, the unauthorized access happened from the middle of May through July 2017.

Lessons from Past Debacles

If you like your job, appreciate your role, and desire to retain it, then don’t leave the door open to enemies. A major data breach frequently begins with an un-patched vulnerability that is readily exploitable. And after that the inescapable happens, the cyber criminals are inside your defenses, the crown jewels have left the building, the press releases fly, costly consultants and outside legal counsel rack up billable hours, regulators come down, claims are flung, and you have “some severe ‘splainin’ to do”!

We are unsure if the head splainer in the current Equifax debacle will endure, as he is still in ‘splainin’ mode, asserting the breach started with the exploitation of an application vulnerability.

In such cases the typical rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (particularly the audit and business responsibility committees). Do not let this occur to your career!

Steps to Take Immediately

There are some common sense steps to take to prevent the inescapable breach catastrophe arising from unpatched vulnerabilities:

Take inventory – Inventory all data and system assets and map your network topology and attached devices and open ports. Know your network, it’s segmentation, what devices are connected, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they access, the level of sensitivity of those assets, what defenses are layered around those assets, and exactly what checks remain in place along all potential access points.

Simplify and toughen up – Implement best practices suggestions for identity and access management, network division, firewall and IDS setups, operating system and application setups, database access controls, and data encryption and tokenization, while simplifying and trimming the number and complexity of subsystems across your business. Anything too intricate to handle is too intricate to protect. Choose setup hardening heaven over breach response hell.

Constantly monitor and scrutinize – Routine audits are necessary but not enough. Constantly monitor, track, and assess all appropriate security events and exposed vulnerabilities – have visibility, occasion capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command provided, every networking contact, every database transaction, and every delicate data access. Any gaps in your security event visibility produce an opponent free-fire zone. Establish crucial efficiency metrics, track them ruthlessly, and drive for unrelenting enhancement.

Do not accept functional reasons for insufficient security – There are always safe and effective operational policies, however they may not be pain-free. Not suffering a disastrous data breach is long down the organizational discomfort scale from the alternative. Operational expedience or operating legacy or misaligned top priorities are not valid excuses for extenuation of bad cyber practices in an intensifying danger environment. Lay down the law.

Take Action Now After The Security Incident At Equifax – Charles Leaver

Written By Michael Levin And Presented By Charles Leaver


Equifax, among the 3 major U.S. based credit reporting services simply revealed a major data breach where cyber criminals have actually taken sensitive info from 143 million American consumers.

Ways that the Equifax security breach WILL impact you:

– Personal – Your personal and family’s identity info is now known to hackers and will be targeted!

– Business – Your companies could be affected and targeted.

– Nationally – Terrorist, Nation States and organized crime groups could be included or utilize this data to commit cybercrime to acquire funds.

Protecting yourself is not complicated!

Five suggestions to secure yourself right away:

– Sign up for a credit tracking service and/or lock your credit. The quickest method to be notified that your credit is jeopardized is through a credit monitoring service. Equifax has already begun the process of establishing free credit monitoring for those involved. Other credit tracking services are offered and must be thought about.

– Track all your monetary accounts including credit cards and all bank accounts. Guarantee that notifications are turned on. Ensure you are receiving instant text and e-mail alerts for any modifications in your account or enhanced balances or transactions.

– Safeguard your bank and monetary accounts, guarantee that two level authentication is turned on for all accounts. Learn more about two level authentication and turn it on for all financial accounts.

– Phishing e-mail messages can be your biggest day-to-day risk! Take your time when dealing with email messages. Stop automatically clicking on every email link and attachment you recieve. Instead of clicking links and attachments in email messages, go separately to the sites beyond the e-mail message. When you get an email, you were not expecting from a name you recognize think about calling the sender independently before you click links or attachments.

– Strong passwords – consider altering all your passwords. Establish strong passwords and secure them. Use various passwords for your accounts.

Other Security Thoughts:

– Backup all computer systems and upgrade operating systems and software applications routinely.

– Social media security – Sharing too much details on social media increases the risk that you will be preyed on. For example, informing the world, you are on a getaway with images opens the risk your home will be robbed.

– Protect your devices – Don’t leave your laptop, phone or tablet unattended even for a moment. Don’t leave anything in your automobile you do not desire taken since it’s just a matter of time.

– Internet of things and device management – Understand how all your devices link to the Internet and exactly what information you are sharing. Check security settings for all devices including smart watches and physical fitness bands.

The value of security awareness training:

– This is another crime, where security awareness training can help to minimize danger. Understanding brand-new crimes and scams in the news is a fundamental part of security awareness training. Making sure that workers, friends and family are aware of this rip-off will considerably decrease the probability that you will be preyed on.

– Sharing new frauds and crimes you find out about in the news with others, is necessary to guarantee that the people you care about do not come down with these kinds of criminal activities.