The Evolving Cyber Threat Environment: Why Your Business Needs External Monitoring

Posted by Greg Mancusi-Ungaro

Thu, Feb 11, 2016

Regardless of industry or market, CISOs are facing new classes of attackers, from sophisticated teams of hackers who want to obtain an enterprise’s lucrative customer data to activists who want to ruin a company’s reputation and fraudsters who imitate a brand for financial gain. Cybercrime has become organized crime and criminals are finding new ways to harm businesses and individuals on a daily basis.

Without being alarmist, depending on the size and notoriety of your company, it's not unreasonable to assume that while you are reading this, someone is working to pry private, sensitive data from your servers. CISOs must stay ahead of the curve to combat the rapidly evolving cyber threats that have resulted from an increasingly global and digital business landscape.

The Necessity of Regulatory Compliance

In addition to general security regulation put forth by governmental agencies in North America, certain industries have other regulatory bodies with which they must comply. For example, financial institutions in the U.S. must comply with FDIC and FFIEC regulations to help ensure the integrity of communications and online activity. On a global scale, foreign financial institutions with a large presence in the U.S. subject to those same U.S. regulations. However, compliance initiatives are not usually sufficient to stem security concerns.

To better understand potential security gaps, especially in regards to cyber threats beyond the perimeter, many enterprises have joined their industry’s ISAC organization, such as FS-ISAC, the premier security working group for financial services industry. Through organizations like this, and emerging ISACs and ISAOs, institutions and enterprises are able to pool knowledge and plan for the latest kinds of cyber threats, and implement robust threat detection architectures, controls and information sharing programs.

But even as organizations develop and implement strategies for staying ahead of the cybercriminals, they have been unable to solve their security problems – particularly when relying solely on in-house resources. Because of the massive costs and resource requirements necessary to build a team to detect and manage outside threats, outsourcing a portion of cyber security has become the norm for most companies.

Ensuring Security Beyond the Perimeter

A large North American firm with a global presence recently worked with BrandProtect to estimate the costs of protecting the firm (employees, assets, partners, reputation) from third party cyberattacks and brand abuse through a wholly in-house effort. It determined that it would have to assemble a team of at least six people and invest between $2 to $3 million annually to create coverage that at best would only attain a small fraction of the coverage that it enjoyed through its partnership with a security firm – in this case, BrandProtect.

A strong partnership with a security services provider effectively adds highly trained, deeply experienced cyber threat specialists to a firm’s existing security team without the need for additional training or technology investments. From phishing scams and domain abuse to mobile application fraud and sophisticated identity theft schemes, a dedicated managed service can provide multiple layers of threat detection, analysis, threat correlation, and threat mitigation. All day, every day, these services will patrol online sites and markets to discover and understand any threats to a business and unauthorized or infringing online content related to the firm or its employees.

An increased use of technology across all business models has led to more threat vectors than ever before, as attackers have exploited gaps formed by business being transacted digitally and employees having access to an organization’s data outside of its walls. As a result, cyber threats are moving beyond the traditional security perimeter, which is making it harder for organizations to detect potential attacks using existing perimeter-focused tools. Without the proper preparations, such as implementing holistic external monitoring and collaborating with security experts, organizations will struggle to detect and diffuse online threats. Forward-thinking CISOs are already adopting external monitoring to better protect their organizations, and that number will increase throughout 2016.

Will you be ready?

Read More

Topics: Security, internet security, cyber threats, CISO, InfoSec

Viewpost Chooses BrandProtect

Posted by Greg Mancusi-Ungaro

Wed, Dec 02, 2015

Viewpost® Selects BrandProtect™ to Secure Complex Attack Surface

Payments Marketplace Provider Required a Solution With Round-the-Clock Threat Monitoring and Mitigation to Protect Its Customer Information From Beyond the Perimeter Attacks

Read More

Topics: Malware, mobile app monitoring, Security, Social Media Monitoring, Phishing, webinar, SMART, brandSMART, bankSMART, threatSMART

CyberAttack Exposes IRS Tax Returns

Posted by Greg Mancusi-Ungaro

Wed, May 27, 2015

irs-phish

Just a month ago, I wrote about an emerging critical cyber threat trend -- attacks centered on health care providers and health insurance systems.  These schemes are very lucrative for thieves because the loot, electonic health records, contains everything needed -- social security numbers, known addresses, phone numbers, relatives, payment preferences -- to create duplicate identities for individuals.  Just add the photo.

Read More

Topics: Security, data breach, hackers, security breach, cybercrime, cyber threats, impersonation, PII, Health Care

Healthcare Markets Are Under Threat

Posted by Greg Mancusi-Ungaro

Tue, Apr 21, 2015

Recently, on Dark Reading, Sara Peters and Ericka Chickowski wrote a great piece that ran about PII-centric attacks and threats in the healthcare market.

As the Health Care marketplace moves online, opportunistic criminals are retraining their attacks to focus on Health Care consumers.

Over the past decade, there has been enormous pressure on the healthcare industry to move health records online.  Today, according to studies recently published by the U.S. Department of Health & Human Services, almost 90 percent of all doctors and almost 75 percent of all hospitals have deployed at least a basic electronic health record system. And, these adoption rates have soared over the past five years. Insurance reimbursements have been managed online for years, and healthcare enrollments through employers are increasingly managed through a Web browser. The rollout of the Affordable Care Act, with its online purchase model, further accelerated the migration of healthcare to a predominantly online model.

Read More

Topics: Identity Theft, Security, Brand Governance, Internet Threats, Chief Security Officer, PII, CIO,, Health Care

Why Should the CSO care About Social Media? Top 5 Reasons Why They Should

Posted by Shanna Gordon

Wed, Oct 16, 2013

There are very few CSO’s that care about tweets, Instagram’s, likes, followers. etc.  Understandably, it’s not their job to care about how popular their brands are on Facebook or how their Twitter followers have grown by 56% in 2013.   The management of these categories falls to the marketing social media and branding departments.  Despite this, however, those teams are very focused on their marketing initiatives and not, say physical security threats against their organization or disgruntled employees threatening to go postal.

Read More

Topics: Brand Protection, Security, Privacy Protection, employees social media, Risk, Chief Security Officer

Deflecting the Social Engineer: CSO Guidance from BrandProtect

Posted by Ben Bradley

Fri, Sep 20, 2013

The grifter, conman and the thief makes a great story and an even better film. But in today’s reality, what once was the debonair Paul Newman in the Sting, has become a social engineer.

Read More

Topics: Identity Theft, Brand Protection, Security, data breach, scam, risk management, Privacy Protect, defamatory

Internet Reputation Management Guidelines Series: Mitigation

Posted by Greg Barrow

Mon, Feb 18, 2013

Mitigation

Processes need to be defined based on the type of threat observed.  Broadly speaking, these break down into the three areas associated with threats to customers, to the company’s assets and threats to reputation association with community perception.  These will require processes to address the following in particular:

Read More

Topics: Brand Protection, Security, brand abuse

Online Trust Alliance briefing on Anti-Botnet Best Practices

Posted by Michael Kiefer

Wed, Dec 12, 2012

Read More

Topics: Security, Internet Threats

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

 Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all