FBI Urges Firms to Plan For Cyber Attack

fbijpg-1a13cf4312bb8b00.jpg

An FBI security expert has called on businesses of all sizes to adopt cyber incident response plans to combat a striking increase in global security threats.

Timothy Wallach, an FBI Supervisory Special Agent currently assigned to lead the Cyber Task Force in the US Seattle field office, told V3 businesses should make security planning for cyber incidents a top priority.
"Quite often the FBI responds to companies that don't have an incident response plan at all and they are the ones that have had intrusions in their networks for a year and so everything is stolen," he said.
"The companies that are more sophisticated in terms of security generally have the plan in place."
His comments come in the wake of numerous high-profile cyber attack incidents over the past few years such as the breach of Ashley Madison, the OPM, Target and even a breach of Betty's tea room.
Many of these attacks are thought to have been carried out by government-backed groups, although Wallach said the techniques used for cyber attacks are often he same whether criminals or a nation state which makes attribution tough.
Wallach's comments came after new research commissioned by Trend Micro and Quocirca found that incident response planning, including carrying out 'cyber fire drills', remains underused by UK organisations.
Only 36 percent of companies have cyber fire drills in place, although this is seven percent above the European average.
Rik Ferguson, global vice president of security research at Trend Micro, said a cyber fire drill is an extremely useful tool as it has a "positive feedback loop" built in.
"It seems like the fire drill scenario should be an easy win for most of the organisations in the survey as it's a simple add on, either to training or a penetration test, or ideally putting all of them together to create a fire drill out of things that people are apparently already doing and already paying for," he said.
"It's very important that we as an industry get everybody else to think more about security. There certainly should be a mindset of security first in everything you do."
Bob Tarzey, director of Quocirca, revealed that UK organisations are still more likely to be targeted, and receive a higher number of attacks in comparison with Europe.
However, the research found that the actual impact of a cyber breach is not as damning when the data is contrasted. 

The full security report with a more expansive breakdown of specific types of threats currently faced by UK businesses will be published in October. 

The research also said that 52 percent of European and 53 percent of UK organisations fear that a cyber attack would have a serious impact on their operation. However, the majority of UK businesses said they had measures in place to mitigate targeted attacks.
Ein News: http://bit.ly/1Ltl9eM

However Cyber Security Intelligence analysis does not support this conclusion; as often the company Board believe the reports from their IT teams who sometimes underestimate their own security vulnerabilities. Cyber Security Intelligence will be producing monthly Directors' Reports. Sign up here: http://www.cybersecurityintelligence.com/contact.php

 

« Why Cybercrime Now Exceeds Conventional Crime
The Pentagon Goes Shopping For A New Mobile Phone »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

Diaplous Group

Diaplous Group

Diaplous Group is a leading Maritime Risk Management (MRM) provider, delivering specialized services to an ever-broadening portfolio of shipping, oil & gas, energy and construction industries.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.

CyberGate Technologies

CyberGate Technologies

CyberGate Technologies is a world-class, customer focus cyber security service and consultancy company operating the UK, Europe, Middle East, and Africa.

Sentryc

Sentryc

Sentryc provides automated monitoring of brands on online marketplaces and social media making online brand protection processes faster, more clearly structured and more efficient.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.

Cyabra

Cyabra

Cyabra is leading the fight against disinformation. Our AI shields companies and the public sector by uncovering malicious actors, bot networks, and GenAI content.

Hopper Security

Hopper Security

The Future of Open-Source Risk Management Starts Here. We built Hopper to make sure you can harness the power of Open-Source safely and effectively.

Arms Cyber

Arms Cyber

Arms Cyber is redefining ransomware defense with advanced solutions that stop attacks before they start.

Cyberr

Cyberr

We’re transforming cybersecurity recruitment with Cyberr Intelligence – the AI-driven platform that connects top cybersecurity talent, both freelance and permanent, with leading employers worldwide.

Pacific Northwest National Laboratory (PNNL)

Pacific Northwest National Laboratory (PNNL)

PNNL draws on its distinguishing strengths in chemistry, Earth sciences, biology, and data science to advance scientific knowledge and address challenges in energy resiliency and national security.