Cybersecurity Framework | Breaking Cybersecurity News | The Hacker News

Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevented proactively? That's definitely a 'NO,' which is why there's a reactive approach in place to save organisations from the aftermath of take downs, and with proper cybersecurity practices, one can reduce the chances of becoming a victim. To do that, organizations should follow specific cybersecurity frameworks that will assist them in redefining and reinforcing their IT security and staying vigilant against cyber attacks. In this article, we'll understand what is cybersecurity framework, why they are mandatory for organizations, and what are their types, strategies, benefits, and implementation in detail. What is a Cybersecurity Framework? Cybersecurity framew...

High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this group, since the modern threat landscape applies to all, regardless of size and vertical. What is less commonly known is that by following basic and well-defined practices and wise security product choices, any organization can level up its defenses to a much higher standard. "At the end of the day it comes down to strategic planning," says Eyal Gruner, CEO and co-founder of Cynet, "rather than thinking in term of specific product or need, zoom out and breakdown the challenge to its logical parts – what do you need to do proactively on an on-going basis, while you're under attack and when you manage a recovery process." From the various frameworks of security b...

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV) , the essential strategy that's still missing from most security frameworks. The Danger of False Confidence Conventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the nec...

Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering based on more than 72 hours of data collection and enabling organizations to benchmark their security posture against their industry vertical peers and take actions accordingly. Cynet Free Threat Assessment (available for organizations with 300 endpoints and above) spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment: ➤ Indication of live attacks: active malware, connection to C&C, data exfiltration, access to phishing links, user credential theft attempts and others: ➤ Host and app attack surfaces: unpatched vulnerabilities rated per criticality: ➤ Benchmark comparing ...

In 1999, Bruce Schneier wrote, "Complexity is the worst enemy of security." That was 19 years ago (!) and since then, cyber security has only become more complex. Today, controls dramatically outnumber staff available to support them. The Bank of America has a $400-million cyber budget to hire security staff and implement a broad array of products. But what if your budget and sophistication is just a tiny fraction of the Bank of America's? The remaining 99% of organizations understand that they don't have sufficient protection for their internal network, but they also realize that to be sufficiently secured they need to buy multiple solutions and hire a large team to maintain it – which isn't an option. So they either stay with just an AV or buy a point solution to defend a specific part of their internal environment from particular types of attacks – only to later find out it doesn't meet what they really need. Cynet wants to change all that. ...

By this time, almost every one of you owns at least one internet-connected device—better known as the " Internet of things "—at your home, but how secure is your device? We have recently seen Car hacking that could risk anyone's life, Hoverboard hacking, even hacking of a so-called smart Gun and also the widespread hacks of insecure CCTV cameras, routers and other internet-connected home appliances. But this did not stop vendors from selling unsecured Internet-connected smart devices, and customers are buying them without giving a sh*t about the security of their smart devices. However, the massive cyber attack on a popular DNS service provider that shut down a large portion of the Internet last year made us all fear about the innocent-looking IoT devices, which surround us every day, but actually, poses a threat to global cyber security. Not anymore! A bipartisan group of senators have now introduced a new bill aimed at securing internet-connected devices b...

The IT threat landscape has changed dramatically over the last three-four years. With no shortage of threat actors, from hacktivists to nation-states, criminals to terrorists, all of them are now after something new. It's no more just about stealing your money, credit cards and defacing websites, as now they are after the intellectual property, mass attacks and most importantly, our critical infrastructures. We have long-discussed nightmare scenarios of cyber attacks against nation's critical infrastructure, but now these scenarios have come to the real world, and we have seen many such incidents in the past years. The latest example is cyber attacks against Ukrainian power grid . Just two weeks back, Ukraine's national power company Ukrenergo confirmed that electricity outage on 17-18th December last year was caused by a cyber attack. Such sophisticated cyber attacks have revealed the extent of vulnerabilities in the systems that are operating the most critic...

The US government's $6 Billion firewall is nothing but a big blunder. Dubbed EINSTEIN , the nationwide firewall run by the US Department of Homeland Security (DHS) is not as smart as its name suggests. An audit conducted by the United States Government Accountability Office (GAO) has claimed that the firewall used by US government agencies is failing to fully meet its objectives and leaving the agencies open to zero-day attacks. EINSTEIN, which is officially known as the US' National Cybersecurity Protection System (NCPS) and has cost $5.7 Billion to develop, detects only 6 percent of today's most common security vulnerabilities and failed to detect the rest 94 percent. How bad is EINSTEIN Firewall in reality? In a series of tests conducted last year, Einstein only detected 29 out of 489 vulnerabilities across Flash, Office, Java, IE and Acrobat disclosed via CVE reports published in 2014, according to a report [ PDF ] released by the GAO late las...

President Barack Obama signed an executive order on Friday that encourages and promotes sharing of information on cybersecurity threats within the private sector and between the private sector companies and the government agencies as well. AREAS TO IMPROVE During his speech at the White House Cybersecurity Summit at Stanford University in California, where many tech leaders and other government officials also assembled, the President highlighted events affecting cybersecurity and the development of the Internet. The four areas that Obama believes must be improved are listed below: Development and evolution of the Internet Cybersecurity Rights of individuals in regards to the Internet Cooperation between the Government and private companies EVERYONE IS VULNERABLE - OBAMA " The cyber world is sort of the Wild Wild West and to some degree we are asked to be the sheriff ," Mr. President told a crowd at the Memorial Auditorium. " When something lik...