You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.

NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

• Cyber Bits & Bytes

• Early Warning - Top Ten Cyber Threats

• Featured Article - How One Organization's Incident Response Plan Saved Them Millions

• Cyber Quote - Cybersecurity Quote by John Chambers

• Free Cybersecurity Resources - eBooks, tools, apps & services

• Trending Story - Sharing sensitive business data with ChatGPT could be risky

• Cybersecurity News Highlights

• Cyber Scam of the Week - Watch Out for Scams This Tax Season

• Social Posts of the Week

Cyber Bits & Bytes

Microsoft: Defender update behind Windows LSA protection warnings - Read more in this Bleepin Computer article.

Malware Trends: What’s Old Is Still New reported in Cybersecurity Ventures. Many of the most successful cybercriminals are shrewd; they want good ROI, but they don’t want to have to reinvent the wheel to get it.

Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks is the title of a really good read on CSO Online. State of Storage and Backup Security Report 2023 reveals a significant gap in the state of enterprise storage and backup security compared to other layers of IT and network security.

Early Warning - Top Ten Cyber Threats

Here are the current top 10 cybersecurity threats according to cyber insurance provider Embroker:

1. Social Engineering

2. Third-Party Exposure

3. Configuration Mistakes

4. Poor Cyber Hygiene

5. Cloud Vulnerabilities

6. Mobile Device Vulnerabilities

7. Internet of Things

8. Ransomware

9. Insider Threats

10. Supply Chain Attacks

Featured Original Article

How One Organization's Incident Response Plan Saved Them Millions

When it comes to information security, it's not a question of if an incident will occur, but when. One organization (their name is intentionally withheld for security reasons. Strong security practice for all.) learned this recently when they experienced a data breach that could have cost them millions of dollars in lost data, lost revenue, settlements, lawsuits, and reputational damage. According to the Ponemon Institute’s 2021 Cost of Cyber Crime Study sponsored by IBM the typical organization experiences an average of 145 security incidents per year and spends $13 million annually year to defend itself.

Fortunately, for this organization their incident response plan saved the day, allowing them to mitigate the damage and prevent future incidents. Here's how they did it.

Early Detection and Intervention Lead to Cost Savings

The first key to effective incident response is early detection. In this case, the organization had implemented a variety of effective security controls and monitoring systems that allowed them to detect the incident quickly. They chose detection systems that utilized artificial intelligence to help them identify and detect early potential threats, which helped bridge the resource gap they had in the cybersecurity area. This early detection allowed them to minimize the damage and reduce the amount of data that was compromised. It also allowed them to begin responding to the incident immediately, rather than waiting until it was too late. The Cost of Crime Study goes on to point out that it took an average of 287 days for an organization to identify and contain a data breach, seven days longer than in the previous report.

Effective incident response also requires proper intervention. The organization had a clear plan in place for how to respond to a data breach. This plan included steps for isolating the affected systems, securing the environment, and notifying the appropriate internal and external stakeholders. By following this plan, the organization was able to minimize the impact of the incident and prevent it from becoming a more damaging business continuity issue or major disaster.

Early detection and intervention not only helped minimize the impact of the security incident but also ultimately lead to cost savings for the organization. By detecting and responding to the incident quickly, the organization was able to avoid significant costs associated with a prolonged incident, such as lost productivity, reputational damage, legal fees, and more.

Additionally, by having a well-structured and tested plan that outlined the steps to take in the event of a security incident, the organization was able to avoid some other costs typically associated with a disorganized and ineffective response. This can include costs associated with hiring external consultants, paying overtime to staff, and purchasing new security tools and technologies.

The Benefits of Proactive Incident Response Planning

One of the key lessons learned from this incident was the value and importance of proactive incident response planning. By having a comprehensive incident response plan in place before the incident occurred, the organization was able to respond quickly and effectively. This plan included not only technical steps for responding to the incident but also legal and communications plans to manage the fallout.

Proactive incident response planning also helps organizations to identify potential data at risk and vulnerabilities before they can be exploited. In the IBM-sponsored Cost of Data Breach Report 2021, the customer’s Personally Identifiable Information (“PII”) was the costliest record type, at $180 per lost or stolen record. The overall average cost per record in the 2021 study was $161, an increase from $146 per lost or stolen record in the 2020 report year. This is important to note as nearly every single organization in the world stores customer data.

But because they had been assessing and addressing these vulnerabilities before the incident occurred, they were able to reduce the impact of the incident. This resulted in significant cost savings, as the organization didn't have to spend as much on incident response and recovery.

This proactive incident response planning has effectively improved the organization's reputation and customer trust by minimizing the incident early at the point of attack. By demonstrating that the organization had a plan in place to handle potential incidents, customers, and stakeholders often feel more confident in the organization's ability to protect their data and assets. This can lead to increased customer loyalty and positive brand recognition over time.

How Collaboration and Planning Led to Successful Incident Response

Another key factor in the organization's successful incident response was collaboration. The organization had a cross-functional incident response team in place, which included representatives from IT, legal, communications, and business units. This allowed the organization to respond quickly and effectively to the incident, as each team member had a clearly defined role to play.

In addition to collaboration, effective incident response also requires planning. The organization had in collaboration with their partners conducted extensive tabletop exercises prior to the incident, which helped the incident response team to be well-prepared and confident in their response. These exercises allowed the team to identify potential issues and work through them before the incident occurred.

Furthermore, the organization had a clear communication plan in place, which was critical in ensuring that all stakeholders were kept informed throughout the incident. The incident response team had established communication channels and protocols, which allowed them to quickly disseminate information to the appropriate parties. This helped to minimize confusion and prevent misinformation from spreading, which could have further complicated the incident.

Achieving Cost Savings Through Effective Incident Response

By responding quickly and effectively to the incident, the organization was able to minimize the impact on its business. This saved them millions of dollars in lost revenue, settlements, and reputational damage.

According to the Cost of a Data Breach Report, the total costs of a data breach rose from $3.86 million in 2020 to $4.24 million in 2021, the highest average total cost in the history of the report Interestingly, it goes to state the average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor.

In addition to these direct cost savings, effective incident response can also lead to longer-term cost savings. By identifying vulnerabilities and implementing controls to address them, organizations can reduce the likelihood of future incidents. This can result in significant savings over time, as the organization doesn't have to spend as much on incident response and recovery.

Another benefit of effective incident response is improved customer trust and loyalty. When customers see that an organization is able to handle incidents quickly and efficiently, they are more likely to trust that organization with their personal information and continue doing business with them. This can lead to increased revenue and customer retention.

Furthermore, effective incident response can also help organizations comply with regulatory requirements. Many industries have specific regulations around incident response and data protection. By having a strong incident response plan in place, organizations can ensure they are meeting these requirements and avoid costly fines and penalties.

Preventing Costly Outcomes Through Effective Incident Response

In today's digital world, incidents are inevitable. However, effective incident response can mean the difference between a minor blip and a major disaster. By implementing a comprehensive incident response plan, organizations can be well-prepared to respond to incidents quickly and effectively like the organization in this example. This can result in significant cost savings, as well as reduced reputational damage and other negative outcomes.

The organization, in this case, learned a lot along the way, but they credit their proactive incident response planning, which allowed them to mitigate the damage and also help them prevent future incidents.
Some areas they identified as needing some improvement were having a clear chain of command and communication plan in place. This ensures that everyone knows their role and responsibilities during an incident, and that information is shared quickly and accurately. Regular training and drills can help ensure that everyone is familiar with the plan and can respond quickly and confidently when an incident occurs.

Another improvement area they identified was having a robust backup and recovery plan. This includes regularly backing up critical data and systems, as well as testing the recovery process to ensure that it works effectively. By having a solid backup and recovery plan in place, organizations can minimize the impact of an incident and quickly get back to normal operations.

Having a tested incident response plan in place is now an executive management and board member activity as well. They need to partner with their security leadership and other business leaders within the organization to ensure an effective capability is in place. It is part of their due care and fiduciary responsibility. By following this organization’s example and learnings, other organizations can be well-prepared to respond to incidents and prevent costly outcomes.

Read more of my incident response articles

Cyber Quote

Free Resources

• eBook: "9 Things Leaders Should Know About Cyber Insurance"

• CISA Releases ESXiArgs Ransomware Recovery Script

• SANS Security Policy Templates

• Web Security Academy - Free, online web security training

• CISA - Free Cybersecurity Tools and Services

• At Bay - Free Cyber Risk Calculator

Trending Story

Other Bytes

Cyber Scam of the Week

Watch Out for Scams This Tax Season

In most countries, it’s cybercriminals' favorite time of the year: tax season. Taxes are a sensitive topic that can easily be used to catch your attention or manipulate your emotions. Over the next few months, cybercriminals will likely mention taxes in phishing attacks and disinformation campaigns.

Tax season is also a vulnerable time for your sensitive information. Tax documents from employers, banks, and other organizations typically include personally identifiable information. If cybercriminals get their hands on this information, they can use it to steal your identity, your money, and more.

Follow the tips below to stay safe during tax season:

• Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.

• Use extra caution when handling tax documents. For digital documents, use password protection. For physical documents, keep paperwork in a secure location and shred anything that is no longer needed.

• Be suspicious of emails, text messages, and social media posts that contain shocking information about taxes in your country. These messages could be disinformation, which is false information designed to mislead you.

This Cyber Scam is provided by our sponsors: Netsync & KnowBe4

Cybersecurity Social

Just a couple of interesting social posts