From sophisticated new forms of malware to the nation-state and the advanced persistent threat (APT), cybersecurity incidents have evolved at a rapid pace and are disrupting organizations and damaging reputations. But are organizations' incident response programs, personnel and tools evolving to keep up with the new threat landscape?
According to the 2013 Incident Response Survey results, only 20% of organizations rate their incident response programs as "very effective." Their biggest gaps: Being able to detect and contain malware, which can also be the precursor to advanced persistent threats.
Aimed at determining how organizations are prepared to respond to today's new breed of cyber-attacks, the survey also finds many respondents experienced malicious code in the past year, had lost or stolen devices, or were victims of spear phishing, resulting in system downtime, lost or compromised data or financial loss. Only 26 percent of respondents rate their current anti-malware tools as "very effective."
In this session, thought-leaders from FireEye and ISMG will present and analyze responses to key questions, including:
DDoS was thought to be a threat from the past until it was reactivated and re-energized by the hacktivist group known as the Izz ad-Din al-Qassam Cyber Fighters.
Since the fall of 2012, the attackers have used DDoS to disrupt the online functions of nearly 50 U.S. financial institutions, causing website outages that alarmed customers and caused two federal regulatory agencies to issue fraud alerts to member institutions.
Following the two initial waves of attacks, in the fall and winter of 2012, the hacktivists took time off to regroup. Each time they came back stronger.
But the third wave, which commenced in March 2013, shows no sign of abating. Not only have the attacks morphed, targeting different vulnerabilities, but the attackers' botnet has strengthened. In April, the FBI warned that attack scripts have been modified in an attempt to increase the effectiveness with which the scripts evade detection. The actors are changing their attack methodology, the FBI says, to circumvent mitigation efforts of the financial institutions.
Concurrently, electrical utilities, gaming sites and European banking institutions all have experienced different forms of DDoS.
How can organizations from across industry defend themselves against attacks that some of the world's largest banks cannot prevent?
That is the key question that will be answered in this panel discussion from three unique perspectives: