Ponemon Institute Study: Most Organizations ‘Don’t Know What They Do Know’ When Assessing Application Security Risk
It’s becoming virtually impossible to escape mobile apps. As a consumer, every time you go shopping, attend a major event, post content to social media or listen to the radio, you’re encouraged to download new, customized applications from content providers. Similarly, customer demand for new or updated functionality has shortened software release cycles and led to an explosion of software-based games, fitness applications and quickly evolving versions of popular social media content.
via Most Organizations ‘Don’t Know What They Do Know’ When Assessing Application Security Risk
Watson is here to help you secure your enterprise.
Watson for cyber security can draw security intelligence from millions of security blogs, online forums and white papers — so you can see threats unseen by other systems .
Source: IBM Cognitive Security – Watson for Cyber Security
Last year, the Mirai botnet wreaked havoc, using compromised Internet of Things (IoT) devices to take down large internet providers in North America and Europe with a distributed denial-of-service (DDoS) attack. While Mirai has largely faded from view, Bleeping Computer reported that a new threat named IoT_Reaper is exploiting specific IoT security flaws and has already infected more than 2 million devices worldwide.
Source: Reaping the Benefit? New Botnet Exploits IoT Security Flaws
Board directors are under a lot of pressure. They know that it’s only a matter of time before their organization suffers a cyber incident, and all eyes will naturally be on the directors themselves to see if they were properly exercising their risk oversight.
Source: Board Directors Need to Get Involved With Cyber Risk Governance
Could you be getting more value from your IBM Security Solution? Your local user group offers a chance to meet up with your peers working with the same technology. Even without diving into the (often confidential) details of your current project, bouncing ideas around with people having a different viewpoint can be valuable. Such discussions can give you a fresh perspective, new ideas and increased motivation. Join us to hear tips from our experts, network with other customers and share best practices for security.
Source: Q4 Security User Group Meetings — BigFix & Guardium & IAM
Exploiting Vulnerable Servers
According to We Live Security, a legitimate open source Monero central processing unit (CPU) miner called xmrig was released in May. Threat actors then copied the code and made very few changes to develop the malware.
They added some hardcoded command-line arguments representing the attacker’s wallet address as well as the mining pool URL. The fraudsters also shut down any other xmrig that may have been running to eliminate competition for CPU resources.
Source: Malware Mines Monero on Vulnerable Servers
A string of security weaknesses in areas such as default configurations, authentication mechanisms and open source components could enable cybercriminals to easily take over robots used in industrial settings, researchers warned.An analysis of major industrial and collaborative robots, or cobots, by IOActive revealed close to 50 vulnerabilities that, if exploited, could harm the people who work with them.
The firm created a series of videos to demonstrate what tampering with cobots could look like, including swinging robotic arms that have had safety features and emergency settings disabled.
Source: Cybercriminals Could Easily Take Over Industrial Cobots, Researchers Warn
IBM® Security Operations and Response, part of the IBM Security immune system, consists of solutions that deliver core functionality to prevent, detect and respond to attacks, including security analytics, threat hunting, incident response, and threat intelligence with network and endpoint protection.
Source: IBM Security Operations and Incident Response Solutions
IBM® is proud to sponsor the 12th annual Cost of Data Breach Study, the industry’s gold-standard benchmark research, independently conducted by Ponemon Institute. This year’s study reports the global average cost of a data breach is down 10 percent over previous years to $3.62 million. The average cost for each lost or stolen record containing sensitive and conﬁdential information also signiﬁcantly decreased from $158 in 2016 to $141 in this year’s study.
Source: IBM 2017 Cost of Data Breach Study – United States
Organizations rely heavily on cybersecurity analysts to protect themselves from cyberattacks. With the traditional approach of threat monitoring and investigation, analysts may run the risk of missing the true indicators of compromise or not having sufficient time to deal with legitimate security threats. So what should organizations do to overcome this challenge?
Source: Event Registration