FBI Urges Firms to Plan For Cyber Attack

fbijpg-1a13cf4312bb8b00.jpg

An FBI security expert has called on businesses of all sizes to adopt cyber incident response plans to combat a striking increase in global security threats.

Timothy Wallach, an FBI Supervisory Special Agent currently assigned to lead the Cyber Task Force in the US Seattle field office, told V3 businesses should make security planning for cyber incidents a top priority.
"Quite often the FBI responds to companies that don't have an incident response plan at all and they are the ones that have had intrusions in their networks for a year and so everything is stolen," he said.
"The companies that are more sophisticated in terms of security generally have the plan in place."
His comments come in the wake of numerous high-profile cyber attack incidents over the past few years such as the breach of Ashley Madison, the OPM, Target and even a breach of Betty's tea room.
Many of these attacks are thought to have been carried out by government-backed groups, although Wallach said the techniques used for cyber attacks are often he same whether criminals or a nation state which makes attribution tough.
Wallach's comments came after new research commissioned by Trend Micro and Quocirca found that incident response planning, including carrying out 'cyber fire drills', remains underused by UK organisations.
Only 36 percent of companies have cyber fire drills in place, although this is seven percent above the European average.
Rik Ferguson, global vice president of security research at Trend Micro, said a cyber fire drill is an extremely useful tool as it has a "positive feedback loop" built in.
"It seems like the fire drill scenario should be an easy win for most of the organisations in the survey as it's a simple add on, either to training or a penetration test, or ideally putting all of them together to create a fire drill out of things that people are apparently already doing and already paying for," he said.
"It's very important that we as an industry get everybody else to think more about security. There certainly should be a mindset of security first in everything you do."
Bob Tarzey, director of Quocirca, revealed that UK organisations are still more likely to be targeted, and receive a higher number of attacks in comparison with Europe.
However, the research found that the actual impact of a cyber breach is not as damning when the data is contrasted. 

The full security report with a more expansive breakdown of specific types of threats currently faced by UK businesses will be published in October. 

The research also said that 52 percent of European and 53 percent of UK organisations fear that a cyber attack would have a serious impact on their operation. However, the majority of UK businesses said they had measures in place to mitigate targeted attacks.
Ein News: http://bit.ly/1Ltl9eM

However Cyber Security Intelligence analysis does not support this conclusion; as often the company Board believe the reports from their IT teams who sometimes underestimate their own security vulnerabilities. Cyber Security Intelligence will be producing monthly Directors' Reports. Sign up here: http://www.cybersecurityintelligence.com/contact.php

 

« Why Cybercrime Now Exceeds Conventional Crime
The Pentagon Goes Shopping For A New Mobile Phone »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

UpGuard

UpGuard

UpGuard's discovery engine brings visibility to complex IT environments, enabling teams to identify risk, confirm compliance and make business safer.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Referentia

Referentia

Referentia leads the development of critical infrastructure solutions that benefit society, including cyber security and network performance management.

Evidence Talks Ltd

Evidence Talks Ltd

A leading forensic computing authority developing unique digital forensic technologies. Tools that detect potential terrorists & criminals & used by the military, enforcement & intelligence commmunity

TunnelBear

TunnelBear

TunnelBear is a Virtual Private Network services provider offering secure encrypted access to the internet.

Mvine

Mvine

Mvine's primary business is authoring and selling Cyber-Secure Platforms for Collaboration Portals and for Identity Management as well as delivering cloud support services.

GuardSI

GuardSI

GuardSI was created to protect companies from growing threats to security such as fraud, hacking, internal theft, accidents and human mistakes that can directly affect the business.

Blockchains LLC

Blockchains LLC

Blockchains is committed to changing the world for the better. Using blockchain and other innovative technologies, we’ll build new systems, new security, and new interactions.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

Veratad Technologies

Veratad Technologies

Veratad Technologies, LLC is a world class provider of online/real-time Identity Verification, Age Verification, Fraud Prevention and Compliance Solutions.

Exabeam Cyberversity

Exabeam Cyberversity

Exabeam Cyberversity is a philanthropic program to help aspiring cybersecurity professionals navigate career options and increase industry-wide diversity through knowledge sharing and networking.

Support Link Technologies (SLT)

Support Link Technologies (SLT)

Support Link Technologies are an IT Solutions Company committed to achieving customer satisfaction through excellent customer service.

Oman Technology Fund (OTF)

Oman Technology Fund (OTF)

Oman Technology Fund aims to make Oman the preferred destination for emerging tech companies in the region, and an attractive and stimulating destination for venture capital.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.