I posted article on Ciscopress.com about responding to Cyber threats. Here is a summary introduction of the article and the first part from it. The entire article can be read at Ciscopress.com/articles HERE.
Are you ready to take on the latest cyber threats? Research shows that many organizations are not, because they’re unprepared for what happens when common defenses fail to prevent a breach. Joseph Muniz, co-author ofSecurity Operations Center: Building, Operating, and Maintaining Your SOC, explains how to build a security strategy around the assumption that your defenses WILL fail. By implementing this approach, your organization can shorten the time of exposure when you’re compromised, limiting losses from a breach. Without this type of visibility, you probably won’t know that you’re compromised until the damage is already done.
John Chambers, the executive chairman and former CEO of Cisco Systems, once stated, “There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.”  This statement may seem unrealistic until you look at recent research focused on cyber breaches and vulnerabilities. For example, the Verizon 2015 Data Breach Investigation Report stated  that 99% of exploited vulnerabilities were compromised more than a year after the associated Common Vulnerabilities and Exposures (CVE) reference  was published.
The defenses are available to stop malicious users from breaching systems, but those defenses are not being put in place. Why not? The answer includes many reasons, such as human or system error, the vast range of devices and systems that are vulnerable, the required time to maintain defenses, changes in responsibilities for providing security, and so on. Even if your systems are up to date now, that situation can change immediately after you validate your patches, making the goal of being 100% secure an impossible moving target. In summary, though defenders must strive to be 100% secure, that number is impossible to achieve and maintain, while attackers need just one mistake to get past those defenses.
Looking back at John Chambers’ famous quote, what he’s asking all of us to do is to assume that we’ve been breached: How should we provide security differently than we’re operating today? A good starting point is evaluating your current incident-response plan. Many employees aren’t even sure what that plan is, or they lack the capabilities to respond properly to a breach. Best practice is to have the ability to Scope, Contain, and Remediate a security breach from a network and file viewpoint. Let’s walk through how a typical breach operates and examine concepts to detect and prevent the attack. We’ll start with how a typical attack could penetrate a network.
Attack Stage 1: Phishing for Victims
Read more at Ciscopress.com HERE.