resilience starts with information
Improving railroad cyber-threat resilience
Cyberattacks against critical infrastructure have been increasing dramatically and have been well-reported in the press. What has not been as widely noted is that the nature of the adversary has changed. The term “advanced persistent threat” refers to an adversary that possesses sophisticated levels of expertise and significant resources, which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly…
IBM: 77% of Enterprises Don’t Have a Cybersecurity Incident Response Plan
The majority of companies — 77% of respondents — don’t have a cybersecurity incident response plan applied across the enterprise, according to a study conducted by the Ponemon Institute and paid for by IBM.
One of the primary reasons for this is the well-documented security skills shortage. “It’s a major, major problem for security generally but it’s particularly acute in incident response because it’s a newer discipline,” said Ted Julian, vice president of product management and co-founder of IBM Resilient.
IBM bought Resilient, an incident response company, in 2016. The 2019 Cyber Resilient Organization is the vendor’s fourth annual benchmark study on cyber resilience — how an enterprise aligns its prevention, detection, and response capabilities to manage and mitigate threats against its data and IT infrastructure. For the report, Ponemon surveyed more than 3,600 security and IT professionals globally…
Resilience guide for universities
The third edition of the guidance document, Resilience in Higher Education, was aired at the annual Aucso conference of university security chiefs of security, at Aston, last week, by lead reviewer and author, Dr Lucy Easthope LLB MSc FEPS FHEA FRAI, Director of Whatever Next Productions Ltd. Mark Rowe digests the guide, now available to Aucso members as a download from the association website.
As Prof Dame Janet Beer put it in a foreword to the 217-page document: “Universities are increasingly complex and operational activity is interlinked. It is crucial for all university staff to see resilience as a part of their own role and for all departments…