Digital Resilience: Is Your Company Ready for the Next Cyber Threat?
by Ray Rothrock (MBA 1988)
Amacom:
Rothrock lays bare tactics used by hackers, vulnerabilities lurking in networks, and strategies not just for surviving attacks but also for thriving even while under assault. This book helps businesses understand the threats they face, assess the resilience of their networks against attacks, identify and address weaknesses, and respond to data theft swiftly and effectively.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-08-04 21:29:212019-01-14 22:42:28Harvard Business School: Alumni and Faculty Books
Asha Saxena explores cyber security and the future of Big Data with venture capitalist Ray Rothrock.
In this episode, we’ll talk about how Big Data is impacting cyber security and how businesses can overcome the common challenges associated with Big Data, from keeping sensitive information to finding the right talent to process and analyze the data. Without a doubt, Big Data is here to stay, which is why all businesses should focus on learning how to effectively use it.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-07-26 21:30:212018-12-17 14:20:20The Future of Cyber Security, with Ray Rothrock
The subtitle grasped my attention, “Is your Company Ready for the Next Cyber Threat?” With the speed of change and the lack of international laws to detect and prosecute the criminals, my mind quickly responded, “I doubt it?”
This title addresses the rise in cybercrimes and every business, large and small are at risk. It helps law abiding business people peek inside the minds and tactics of international criminals to understand the threats, identify the weakness and effectively respond, no matter what it takes.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-07-13 20:38:022019-01-14 22:42:07PM World Book Review: Digital Resilience
Russia has nearly completed an alternative to the Domain Name System — the common “phone book” of the internet that translates numerical IP addresses to readable text like “Amazon.com” and “NYMag.com.” When implemented, the DNS alternative could separate Russia and its allies from the rest of the connected internet — a possibility that, however remote, has experts worried about a “balkanization” of a global network.
Last November, the Russian Security Council announced its ambition to create an independent internet infrastructure for Russia and the other members of BRICS (Brazil, India, China, and South Africa). According to reports, the Russian government sought to create the alternative internet to protect itself from American and Western manipulation of internet services and avoid “possible external influence.” (Sound familiar?)
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-07-13 08:25:112018-11-26 12:58:55Russia’s Alternate Internet
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
“The enemy is in the wire.” During the Vietnam War, this call would ring out to alert everyone that the enemy was in the perimeter of fortifications. In our cyber world, we’ve known this for years; however, the call rang frighteningly true in May of this year.
This particular enemy was first discovered in August 2017, as a new piece of malware, now known as Trisis. A Middle Eastern oil and gas company found the malware when its industrial equipment started shutting down.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-07-12 11:07:452018-11-26 13:00:01ICS Security: ‘The Enemy Is in the Wire’
As much as everyone hates to think about this, it is a reality that we all must face: cyberattacks are not going to stop, and everyone is a target. It may even be safe to say that any person who has even briefly gone on the Internet has been exposed to some cyber threat, whether it be a phishing email or malware download.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-07-10 20:39:592018-11-26 12:59:49Keeping Score with Digital Resilience
I found myself in London Heathrow recently with a few hours to kill. I’d heard about a big political brouhaha rumbling along about adding a third runway, but there are lots of competing pressures — from the economic to the environmental and everything in between. So I decided to spend my down time looking into that. Just how badly does Heathrow need another runway?
After reading a good piece in Wired, this amateur pilot found the statistics intense: Heathrow functions at almost 99% capacity, essentially packing in as many people as the airport can take, with a landing or takeoff taking place every 45 seconds. Forty-five seconds might sound like there’s still some room for error, but from my point of view, it’s far from it. I’m not allowed to land the small planes I fly for three minutes after a big jet takes off or lands due to the dangerous turbulence they leave in their wake. If I wanted to land at Heathrow, it would have to make a huge gap, canceling landing clearances for at least three big jets. That would inconvenience many hundreds of people. What’s worse, at these use levels, the ripple effects could last all day.
As a security professional, I found a behind-the-scenes aspect of the story most interesting — specifically, the approach taken to ensure resilience.
The responsibility of cyber security falls on everyones shoulders. But, the charge should be lead from the top. Has your sector fallen behind?
The frequency and severity of cyber attacks and data breaches has risen significantly in the last few years, as attacks increase in volume and variety.
While the focus on cybersecurity has never been higher, the cybersecurity community – a combined team of solution providers, CISOs, boards and others– haven’t been able to stop most attacks from being successful.
Why?
We have focused too much of our efforts on network perimeters, working to detect and prevent cyber attacks. We haven’t done enough to build resilience INSIDE the network, the part of the equation we can control and quantify with a security metric.
Organizations need to build resilience into their infrastructures and adopt an end-end digital resilience strategy to survive and thrive.
How big is the problem? There are 1400+ vendors focused on cybersecurity. Nearly $100B was spent on information security just in 2016. Yet billions of records have been compromised.
The reason is we have not addressed fundamental issues inside the network. Companies need to build resilience into their infrastructure and adopt a corporate-wide digital resilience strategy with a corporate-wide security metric.
A few years back, RedSeal gathered 800 surveys during the RSA Conference. We learned that:
Practitioners are drowning in data
They can’t measure the performance or impact of their security efforts
Current solutions can’t turn data into action
They need useful cybersecurity metrics
The problem with measuring security is that security is the absence of something. You can’t report how often you were NOT on the cover of Washington Post. Many people start by counting what they are doing. But this measures busy-ness, not business. How can you show actual improvements in cybersecurity?
The Shifting Terrain and Digital Resilience
According to the 2016 TechCrunch CIO Report, 82% of global IT leaders report significant labor shortages in cybersecurity. This, combined with issues such as software defined everything, digital transformation, hybrid datacenters, IoT, and shadow IT, means a big shift in thinking is required. We don’t have enough people to throw at the problem.
Digital resilience is a comprehensive strategy across all IT functions and business processes to minimize the impact of cyber attacks and network interruptions. It’s a different way of thinking. Being resilient means simultaneously striving to minimize each attack and being able to recover quickly from a strike. Resilient organizations have fewer, smaller incidents, understand and respond to them faster, and can rapidly return to normal operations afterwards.
It’s not enough to see the devices in your “as-built” infrastructure – you have to really understand how they are configured and automatically get a list of vulnerabilities.
And that list of vulnerabilities is a problem; there are too many to act on. Even knowing asset value and vulnerability severity aren’t enough to fully understand the risk. You need to understand if they can be accessed. A high value asset with a vulnerability that is segmented behind a firewall is not as big a risk as one that is slightly lower in value, but has an open path to the internet.
RedSeal’s Digital Resilience Score
Resilient organizations must focus on three main areas—being hard to hit, being ready for an attack when it comes, and being able to recover quickly.
RedSeal helps these organizations identify defensive gaps, run continuous penetration tests to measure readiness, and map their entire network infrastructure.
From these capabilities, RedSeal calculates one unified number, so managers, boards of directors and executive management have the understandable and actionable cybersecurity metric they need to drive towards digital resilience.
Do you have defects that are easy to hit? RedSeal evaluates how weaknesses from incorrectly configured devices and third-party software could impact you.
Can an attacker reach your valuable assets? RedSeal evaluates how well your network is structured, identifying attack pathways and chains of vulnerability that reduce your ability to withstand and recover from attack.
Is your network understanding complete? By identifying previously unknown parts of your network, RedSeal evaluates how well you know what your digital infrastructure looks like. With a complete picture, you can be sure you’re managing all assets on your network. During an attack, you’ll be able to understand where an attacker can reach. And, you’ll be able to recover much more quickly.
Instead of getting stuck in an ineffective focus on measuring activity, resilient organizations use RedSeal’s Digital Resilience Score (DRS). This cybersecurity metric works like a creditworthiness score, deducting pointing for defensive gaps, weaknesses revealed by attack simulations, and blind spots in your network awareness. A higher score means there is a higher likelihood that your business can withstand an incident and keep running.
It’s the cybersecurity metric that matters for digital resilience.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Wayne Lloyd, Federal CTO, RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngWayne Lloyd, Federal CTO, RedSeal2018-07-02 05:58:532019-10-03 14:26:29The Only Cybersecurity Metric That Matters for Digital Resilience
Bay Area News Group has recognized RedSeal as a Top Workplace in the Small Business category among 85 companies and organizations in the Bay Area as Top Workplaces for 2018. These companies have been recognized based solely on surveys about the workplace completed by their employees.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-06-28 08:45:532018-07-16 09:18:49RedSeal Named a 2018 Top Workplace by Bay Area News Group
In order to provide you with the best experience possible we might sometimes track information about you. Sometimes this may involve writing a cookie. We use this information for things like experience enrichment, analytics and targeting advertising. We recommend allowing these functions to get the most out of your experience.
We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
Other external services
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
