This year we again saw an increase in the number of organisations that have a formal cyber incident management plan in place. However, our research shows that most organisations still don’t have a formal cybersecurity plan, and for those that do, the likelihood is that their plans are still relatively new, are not tested, or have limited scope.
There may be a lot of work to do, especially with breach notification requirements, but we all understand that maturity doesn’t just appear overnight. It comes out of knowledge and experience gained over time, by trial and error, research and direction.
And therein lies the challenge: it’s the ever-changing cyber threat landscape; the “proverbial” moving target.
While malware delivered via phishing remains a primary causal factor in most cyber incidents, it’s a well-known fact that malware changes by the minute and can be as simple as a script or as complex as a Trojan, worm, bot, rootkit, crypto, or something as yet unidentified.
Often, we don’t have knowledge about the malware. Is it trying to exploit a known or unknown vulnerability, a valid organisational process or application? You also need to remember that malware is just one of the many tools in your adversary’s ever-expanding arsenal. Ask what the threat actor’s motives are.
Numerous articles and opinions outline the rapid pace of evolution of malware, with nearly all of them telling the same cautionary tale: the increasing pace of innovation and development undertaken by threat actors means legacy protections are no longer sufficient.
It’s for these reasons that cyber incident management has to be fluid, and more importantly, driven by a thorough understanding of the threat…Click HERE to read full article.