Multi-Year Training And Exercise Plan - Dhs&Em - State Of Alaska: Fill & Download for Free

TOP 10 CYBERSECURITY TRENDS OF 2018Blurring of Cyber Threat ActorsThe FBI/DHS and other law enforcement and intelligence agencies are all reporting the increased collaboration between nation-state cyberattack groups and organized criminal cyberattack groups worldwide, especially in China, Russia, Iran, and North Korea.Rise of Business Email Compromise (BEC) AttacksRapid growth of social-engineering-based cyber spoofing attacks on companies globally, typically focused on the payment of invoices to wrongful suppliers.Growth of Spear-Phishing Email AttacksIncreased number of spear-phishing attacks targeting senior company executives, especially CEOs, CFOs, and Controllers for unauthorized electronic transfer of funds.Expansion of Ransomware AttacksOver the past year there has been a 350% increase in the number of ransomware attacks globally, with an ever-increasing focus on the healthcare industry.Exploitation of Supply Chain Network-based Cyber AttacksSignificant increase in the number of cyber data breaches resulting from initial unauthorized access via third-party vendors network connections to prime contractors.Recognition that Regulatory Compliance with Cybersecurity Industry Standards Does Not Ensure Real Data SecurityMany companies that have invested in ensuring compliance with various industry standards for cybersecurity (i.e. PCI-DSS, NYDFS, HIPAA, ISO 27001, etc.) have experienced cyber data breaches. Thus, realizing that regulatory compliance with general information security requirements does not guarantee a company will not suffer a major cyber data breach.Higher Cost of Cyber Data Breaches = Higher Cyber Liability Insurance PremiumsAs the average cost of a cyber data breach has increased every year for the past five years, so has the average cost of cyber liability insurance premiums.Increasingly Complex Cybersecurity Regulatory LandscapeThroughout the U.S. and internationally, regulators at the multi-national, federal, state, and local levels are continually enacting new government regulations intended to protect consumers’ personally identifiable information (PII), protected health information (PHI) via Electronic Health Records (EHR), and payment card information (PCI). All ultimately have a cost associated with compliance, which is passed on to consumers.Shortage of Experienced Cybersecurity ProfessionalsThere is a global shortage of experienced, trained, and certified cybersecurity professionals to meet the ever-increasing demand for cybersecurity advisory services and managed security services worldwide.Cyberattack Fatigue/Burn-out Is Affecting Cybersecurity InvestmentsAs a result of continuous news reports of massive cyberattacks and data breaches internationally, more and more companies are becoming increasingly apathetic to the potential impact, often assuming merely purchasing more cyber liability insurance is sufficient, rather than investing in trying to prevent an attack.KEY CYBERSECURITY RECOMMENDATIONS FOR 2019Conduct Email Threat AssessmentsGiven the increasing number of cyberattacks via email systems, companies are increasingly looking to conduct periodic email threat assessments, especially to detect malware that made it through their anti-virus software and firewalls which have previously gone undetected.Perform Network & Endpoint Threat AssessmentsWith the expansion of information systems, software applications, bring your own devices, and Internet of Things (IoT), organizations are increasingly testing their network and endpoints via threat assessments using sophisticated Intrusion Detection Systems (IDS) to reduce potential vulnerabilities to cyberattacks.Conduct Spear-Phishing CampaignsDue to the significant increase in spear-phishing attacks, organizations should periodically test the cyber awareness and susceptibility of their employees to cyberattacks via engaging certified ethical hackers who can conduct social engineering-based spear-phishing exercises.Perform Vulnerability Assessments & Penetration TestingMost organizations either internally conduct or hire an independent firm to perform some form of vulnerability assessments, via computer malware scanning software, and penetration testing to discover potential external vulnerabilities to cyberattacks. It is important to conduct these tests at least once a year, but twice or quarterly is better given the constant evolution of cyberattacks.Implement Effective and Timely Software Patch Management ProgramThe most significant cyber data breaches in the past two years all resulted from organizations not implementing an effective and timely software patch management program of Microsoft and Cisco software.Establish a Cybersecurity Awareness/Education ProgramThe cost-effective means to improve cybersecurity is to create a human firewall by providing quality cybersecurity educational programs for all of your employees from the top of the company to the bottom.Conduct Cybersecurity Risk AssessmentsIt is important to independently verify that an organization’s cybersecurity policies, plans, andprocedures are sufficient to adequately protect the organization’s digital assets and to ensure regulatory compliance with the appropriate industry cybersecurity standards.Implement an Incident Response (IR) ProgramIt is critical that every organization has a well-thought-through and periodically tested incident response (IR) program, including policies, plan, process, procedures, standard forms, and periodic exercises and/or simulations.Ensure Continuous Monitoring, Detection, & Response (MDR)Every organization should invest in an appropriate level of MDR services based upon the cyber threats their organization encounters or anticipates. The key is to rapidly detect intrusions to quickly contain and eradicate the malware to reduce negative impacts upon the information system and data assets.Invest in Business Continuity Planning/Disaster Recovery to Ensure ResilienceGiven the high probability of a cyber data breach, it is essential to have a reliable and secure off-line data back-up system to ensure minimal impact to the organization’s operational performance, and protection of the most valuable digital assets from loss or damage.Source: 10 Cybersecurity Trends of 2018 and Key Recommendations for 2019 - REDWCyber Security for Connected Healthcare