Buying a risky or vulnerable company is avoidable, and what you don't know can hurt you. Even with insurance or financial indemnification, cybersecurity breaches represent significant capital investment and brand risk. Cyber-related compliance requirements are often poorly understood, difficult to detect, introduce reputational risk, and cost time lost with outside auditors.
When Peter Drucker produced his seminal work, “What Makes an Effective Executive,” in the Harvard Business Review (Drucker, June, 2004), he may not have been writing with cybersecurity in mind. In fact, in 2004, the cybersecurity world had only begun to appear as the many-headed beast it’s become since then. Nonetheless, this text is an excellent guide for executives about incident response and breach management.
Topics: Cybersecurity, budgeting, security incident handling
Phishing via employment-focused social media is on the rise. While performing incident response over the last few months, ProCircular encountered multiple incidents where LinkedIn was used in employee phishing attacks. Several news articles raised awareness of this phishing vector over the last year, and the trend continues with a new wave of attacks by sophisticated threat actors.
Topics: Incident Rsponse, hacking, risk
Ransomware Prevention: DEF CON 29 Takeaways
Topics: Information Security, Incident Rsponse, security incident handling, security incident response, DEF CON
Incident Response (IR) is the way your team reacts to an occasion of data insecurity. In the least ambiguous sense, an "incident" is an occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.