Derrick Coston, CISA, CISSP, GIAC

I have always had my issues with Sales Teams.  CNBC reports that Cyber Security Vendors are driving the hacking new cycle.  Its a shame  because those of us who are consultants and trying to ensure that organizations and people stay aware of the Cyber threat landscape, we have some exploiting it.  This article is interesting because as I try to find important information to share with those in my sphere of influence.  My only concern with this article is that it states that “breaches that actually cause damage are relatively rare. As a result, vendors often try to make a big deal out of minor breaches that don’t expose important company or customer information.”  I disagree with this because they fail to address the actual breaches that were made public.  Privacy Rights.org showed that in 2018, there were 828 documented breaches totaling over 1,371,001,709 confidential data records that were breached or exposed.  This number is higher because were were a large number or breaches where the record count was unknown, which is a different issue and concern that I have.  Statistics can be manipulated and hopefully those who are concerned with cyber security, they analyze the type of breaches, conduct a through risk assessment and identify try threats and vulnerabilities in their environment and apply the appropriate controls to mitigate the risk that could impact their environments.

Derrick Coston, CISA, CISSP, GIAC

Rami Sass, CEO, WhiteSource has found that for the past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing as 2018 beat out the previous year with 16,521 CVEs reported, we should prepare ourselves for plenty of patching ahead in 2019.  Despite this, he notes that we need to remember that even as a rise in CVEs can be eternally frustrating and means more remediation work, it is still far more preferable to deal with these vulnerabilities early before they are exploited by attackers.See his article here.

Derrick Coston, CISSP, CISA, GIAC

This is a common result for every organization that has a data breach.  The Equifax Breach  is just one of many that have the similar root cause.  What is interesting is that  many organizations do not use the findings of the Equifax Breach to enhance their own Risk Management and Cyber Security Controls.  SC media reports today data breaches up 400% and the Identify Theft and Research has just published their January 2019 Data Breach List which is more disturbing because many organizations do not even know the extent of how much PII or PHI data was compromised.  We seem to be going backwards and not forwards and it appears that the problem will get worse before it gets better.    At the RSA 2019 conference, Jason Escaravage, from Booz Allen Hamilton, summed up one of the issues nicely… “compliance isn’t enough. You need to be aware of the threats that are likely to… that your organization is likely to encounter or experience and really getting a threat-focused mindset into the organization”. Entire Article Here.  This is just a starting point.  We have a long way to go.