FBI Urges Firms to Plan For Cyber Attack

fbijpg-1a13cf4312bb8b00.jpg

An FBI security expert has called on businesses of all sizes to adopt cyber incident response plans to combat a striking increase in global security threats.

Timothy Wallach, an FBI Supervisory Special Agent currently assigned to lead the Cyber Task Force in the US Seattle field office, told V3 businesses should make security planning for cyber incidents a top priority.
"Quite often the FBI responds to companies that don't have an incident response plan at all and they are the ones that have had intrusions in their networks for a year and so everything is stolen," he said.
"The companies that are more sophisticated in terms of security generally have the plan in place."
His comments come in the wake of numerous high-profile cyber attack incidents over the past few years such as the breach of Ashley Madison, the OPM, Target and even a breach of Betty's tea room.
Many of these attacks are thought to have been carried out by government-backed groups, although Wallach said the techniques used for cyber attacks are often he same whether criminals or a nation state which makes attribution tough.
Wallach's comments came after new research commissioned by Trend Micro and Quocirca found that incident response planning, including carrying out 'cyber fire drills', remains underused by UK organisations.
Only 36 percent of companies have cyber fire drills in place, although this is seven percent above the European average.
Rik Ferguson, global vice president of security research at Trend Micro, said a cyber fire drill is an extremely useful tool as it has a "positive feedback loop" built in.
"It seems like the fire drill scenario should be an easy win for most of the organisations in the survey as it's a simple add on, either to training or a penetration test, or ideally putting all of them together to create a fire drill out of things that people are apparently already doing and already paying for," he said.
"It's very important that we as an industry get everybody else to think more about security. There certainly should be a mindset of security first in everything you do."
Bob Tarzey, director of Quocirca, revealed that UK organisations are still more likely to be targeted, and receive a higher number of attacks in comparison with Europe.
However, the research found that the actual impact of a cyber breach is not as damning when the data is contrasted. 

The full security report with a more expansive breakdown of specific types of threats currently faced by UK businesses will be published in October. 

The research also said that 52 percent of European and 53 percent of UK organisations fear that a cyber attack would have a serious impact on their operation. However, the majority of UK businesses said they had measures in place to mitigate targeted attacks.
Ein News: http://bit.ly/1Ltl9eM

However Cyber Security Intelligence analysis does not support this conclusion; as often the company Board believe the reports from their IT teams who sometimes underestimate their own security vulnerabilities. Cyber Security Intelligence will be producing monthly Directors' Reports. Sign up here: http://www.cybersecurityintelligence.com/contact.php

 

« Why Cybercrime Now Exceeds Conventional Crime
The Pentagon Goes Shopping For A New Mobile Phone »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyren

Cyren

Cyren is a cloud-based, Internet security technology company providing threat detection and security analytics.

European Cybercrime Training and Education Group (ECTEG)

European Cybercrime Training and Education Group (ECTEG)

The primary aim of ECTEG is to enhance the coordination of cybercrime training, by identifying opportunities to build the capacity of countries to combat cybercrime

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

ACI Worldwide

ACI Worldwide

ACI Worldwide powers electronic payments for more than 5,000 organizations around the world.

Australian Cyber Security Growth Network (AustCyber)

Australian Cyber Security Growth Network (AustCyber)

AustCyber brings together businesses and researchers to develop the next generation of cyber security products and services.

CyberESI

CyberESI

CyberESI is a Managed Security Service Provider providing 24x7 remote security monitoring and management of your mission-critical networks.

PETRAS IoT Hub

PETRAS IoT Hub

PETRAS is a consortium of 12 research institutions and the world’s largest socio-technical research centre focused on the future implementation of the IoT.

CyberOwl

CyberOwl

CyberOwl's early warning system uses a probabilistic framework to systematically aggregate uncertain and disparate security events to provide real-time visibility of threats to every asset.

Opaq Networks

Opaq Networks

OPĀQ Networks’ groundbreaking network security-as-a-service empowers organizations with the easiest way to tighten security control and improve business agility.

Fluency Security

Fluency Security

Fluency is the only Security Analytics & Orchestration (SAO) solution that automates correlation, detection, validation and ongoing tracking.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

Cube 5

Cube 5

The Cube 5 incubator, located at the Horst Görtz Institute for IT Security (HGI), supports IT security startups and people interested in starting a business in IT security.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

CAPSLOCK

CAPSLOCK

CAPSLOCK delivers career-changing cyber training to help adults re-skill. Learn online to become a cyber security professional and pay no tuition until you land a high-paying job.

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.