Through ISMG's Lens: Incident & Breach Response | Edition 10
Defending organizations against rapidly evolving, increasingly complex cyberthreats is no easy task.
Attackers continuously adapt to security enhancements while leveraging new vulnerabilities to stay one step ahead. The headline-grabbing reports this year have hammered home one point: There’s is a big difference between having an incident response plan and being incident response-ready.
Preparedness is the best way to avoid having a cyberattack turn into a full breach. Effective incident preparation is vital to ensure business continuity and keep you in control of your networks.
Here’s what the community is talking about when it comes to breach notification and incident response:
LATEST BREACH NOTIFICATIONS:
Australian Telco Optus Warns of 'Significant' Data Breach, by Mathew Schwartz
Australian telecommunications firm Optus is warning current and former customers that their personal details were exposed after it suffered a major data breach. The exposed information may include details such as driver’s licenses and passport numbers, but no passwords or financial details. Read the full story
Digital Bank Revolut Confirms Customer Data Breach, by Mihir Bagwe
Customers of app-based bank Revolut should be on guard for phishing attempts after a data breach exposed personal details such as names, emails and telephone numbers. The London-based fintech startup told Lithuanian authorities the hacking incident affects more than 50,000 customers. Read the full story
Law Firm Says Year-Old Hack Affected PHI of 255,000 People, by Marianne McGee
A Michigan law firm told regulators about a hacking incident discovered nearly a year ago that has affected the protected health information of more than 255,000 individuals, including members of a Michigan health plan. Some of the compromised data was a decade old. Read the full story
San Francisco 49ers Cybersecurity Incident Affected 20,000, by David Perera
The NFL's San Francisco 49ers will notify more than 20,000 Americans that online attackers likely stole their name and Social Security number from the sports franchise's corporate network in a February network security incident. Ransomware-as-a-service group BlackByte took credit for the attack. Read the full story
领英推荐
INCIDENT RESPONSE:
Log4j Incident Response: What We Learned About Collaboration, by Tom Field
How do we reflect on the Log4j crisis and emerge with lessons learned for the next big application security incident? Julian Azaret shares insights, including how ITOps and SecOps must collaborate in new ways to ensure better preparedness. Full interview
ISMG Editors: Lessons to Learn From Okta's Breach Response, ft. Anna Delaney , Tom Field , Mathew Schwartz , Rashmi Ramesh
Four editors at ISMG discuss important cybersecurity issues, including the lessons we can learn from Okta 's breach fallout and subsequent response, how the first NFT rug pull of 2022 has amounted to over $1 million and the much-anticipated return to in-person events. Full episode
Incident Response Plan: How to Decide on Your Risk Appetite? by Suparna Goswami
"We should do a detailed cost-benefit analysis as well as an analysis of risk. This has to be done in collaboration with business" - @Md. Sanowar Hossain
What should a good incident response plan contain, and how should enterprises assess their risk appetite? Two experts - Md. Sanowar Hossain and Indian Army retired Lt. Col. Santosh Khadsare - discuss how to design an incident response plan. Full interview
"When we are speaking of risk tolerance, we need to include reactive, proactive as well as predictive analysis. It also depends on the industry culture and financial strength of an organization. All these factors need to be included when we are speaking about risks" - Lt. Col Dr. Santosh Khadsare (Retd)
That's all for today. We will be back next week.
Until then, stay current with the latest happenings in cybersecurity by subscribing to our newsletter.
?Have a nice day ahead.
-- ISMG Social Media Desk