www.infosecurity-magazine.com Open in urlscan Pro
3.167.152.32  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.infosecurity-magazine.com/search/

<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
  <input type="search" name="q" class="form-control" placeholder="Search site…" aria-label="Search keywords" required="required">
  <button type="submit" class="form-button with-icon">
    <svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" role="img" aria-label="Search">
      <path d="M15 15L21 21M10 17C6.13401 17 3 13.866 3 10C3 6.13401 6.13401 3 10 3C13.866 3 17 6.13401 17 10C17 13.866 13.866 17 10 17Z" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
    </svg>
  </button>
</form>

GET https://www.infosecurity-magazine.com/search/

<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
  <input type="search" name="q" class="form-control" placeholder="Search Infosecurity Magazine…" aria-label="Search keywords" required="required">
  <input type="submit" value="Search" class="form-button">
</form>

Text Content

 * Log In
 * Sign Up

 * 

 * News
 * Magazine Features
 * Opinions
 * News Features
 * Interviews
 * Editorial
 * Blogs
 * Reviews
 * Slackspace
 * Next-Gen Infosec
 * Webinars
 * White Papers
 * Podcasts
 * Industry Events & Training
 * Magazine Events
 * Online Summits
 * Company Directory

 * Application Security
 * Automation
 * Big Data
 * Business Continuity
 * Cloud Security
 * Compliance
 * Cybercrime
 * Data Protection
 * Digital Forensics
 * Encryption
 * Human Factor
 * Identity Access Management
 * Industry Announcements
 * Internet Security
 * Malware
 * Managed Services
 * Mobile Security
 * Network Security
 * Payment Security
 * Physical and Information Security Convergence
 * Privacy
 * Risk Management
 * The Internet of Things

 * Log In
 * Sign Up

 * 
 * News
 * Topics
 * Features
 * Webinars
 * White Papers
 * Podcasts
 * EventsEvents & Conferences
 * Directory
 * * 

Infosecurity Magazine Home » News » IRISSCON: Organizations Still Falling Victim
to Predictable Cyber-Attacks


IRISSCON: ORGANIZATIONS STILL FALLING VICTIM TO PREDICTABLE CYBER-ATTACKS

News 6 Nov 2024


WRITTEN BY


JAMES COKER

Deputy Editor, Infosecurity Magazine

 * Follow @ReporterCoker

 * 
 * 
 * 

Despite most cyber threats, like ransomware, being both known and predictable,
many orgnaizations are still underprepared.

Experts speaking at the IRISSCON 2024 conference in Dublin noted that many
incidents are indeed preventable.

Analyzing the findings from Verizon’s Data Breach Investigations Report (DBIR)
2024, Phillip Larbey, Associate Director for EMEA at Verizon, said that the vast
majority of cyber incidents involve at least one of three elements – human
error, social engineering and ransomware.

“Organizations should know what’s coming,” stated Larbey.

Ransomware and extortion made up 32% of attacks in the DBIR. Attackers
frequently use a combination of vulnerability exploitation and stolen
credentials to gain initial access and then achieve lateral movement to enter
the most sensitive systems and data without detection.

Both tactics are normally preventable. Larbey highlighted DBIR figures which
showed that 47% of vulnerabilities are still unremediated 60 days after
discovery, while 8% are unremediated after 365 days.

Therefore, organizations must become more agile and proactive with their
vulnerability management strategies.

Regarding credential theft, Larbey noted that unnecessarily high privilege
levels are prevalent in organizations, which means compromised accounts makes
moving around networks far easier for attackers.

“User account privileges are way beyond what users want or are even aware of,”
he said.

In addition to addressing excessive privileges, it is straightforward for
organizations to learn if any of their user credentials have been compromised.
Larbey urged firms to use services that can provide weekly reports on whether
any of their credentials have been published on the dark web.

“Getting ready is the most critical part that isn’t happening,” he commented.


PREPARING FOR BLACK SWAN EVENTS

Separately, Dave Lewis, Global Advisory CISO at 1Password, and Rich Mogull, SVP
Cloud Security at FireMon, explained that ‘Black Swan’ cyber events – those
viewed as unforeseen – can and should in fact be planned for.

This includes widespread cyber incidents like the 2017 NotPeyta malware attack.

“You can’t predict when they’ll happen or what they’ll look like, but know
they’ll happen,” said Mogull.

He advocated for incident response processes used by emergency services to
ensure an effective response to unexpected cyber incidents. This involves a
triage system, which recognizes what needs to be addressed as a priority to
enable fast recovery.

Simple triage and rapid remediation model. Source: Dave Lewis, Global Advisory
CISO at 1Password, and Rich Mogull, SVP Cloud Security at FireMon

“It’s about having a system and process to account for the unknown,” said
Mogull.

There are incident response frameworks designed for real-world emergencies that
are relevant to cybersecurity. This includes the US National Incident Management
System (NIMS), which has clear steps and procedures in areas like communication
and command and control infrastructure.




YOU MAY ALSO LIKE


 1. #IRISSCON: 12 WAYS TO DEFEND AND RESPOND TO CYBER-ATTACKS EFFECTIVELY
    
    News19 Nov 2021


 2. CORPORATE CYBER-ATTACKS SPIKE 50% IN 2021
    
    News11 Jan 2022


 3. THE CYBER WAR ON OUR CRITICAL INFRASTRUCTURE AND HOW TO WIN
    
    Opinion25 Aug 2021


 4. CRITICAL NATIONAL INFRASTRUCTURE: THE GROWING THREAT
    
    Magazine Feature7 Jul 2021


 5. #IRISSCON: RANSOMWARE SHIFTS TO USE AFFILIATE DISTRIBUTORS, AND INFECT VIA
    RDP
    
    News21 Nov 2019


WHAT’S HOT ON INFOSECURITY MAGAZINE?

 * Read
 * Shared
 * Watched
 * Editor's Choice


FIN7 GANG HIDES MALWARE IN AI “DEEPNUDE” SITES

News3 Oct 2024
1


US SAYS RUSSIA BEHIND FAKE HAITIAN VOTERS VIDEO

News4 Nov 2024
2


PAKISTANI HACKERS TARGETED HIGH-PROFILE INDIAN ENTITIES USING CUSTOM RAT

News5 Nov 2024
3


NIGERIAN HANDED 26-YEAR SENTENCE FOR REAL ESTATE PHISHING SCAM

News4 Nov 2024
4


US AND ISRAEL WARN OF IRANIAN THREAT ACTOR’S NEW TRADECRAFT

News1 Nov 2024
5


HOW TO BACKUP AND RESTORE DATABASE IN SQL SERVER

Blog27 Mar 2023
6



CISA LAUNCHES FIRST INTERNATIONAL CYBERSECURITY PLAN

News30 Oct 2024
1


NORTH KOREAN HACKERS COLLABORATE WITH PLAY RANSOMWARE

News31 Oct 2024
2


GOOGLE RESEARCHERS CLAIM FIRST VULNERABILITY FOUND USING AI

News4 Nov 2024
3


SUSPICIOUS SOCIAL MEDIA ACCOUNTS DEPLOYED AHEAD OF COP29

News29 Oct 2024
4


CHENLUN’S EVOLVING PHISHING TACTICS TARGET TRUSTED BRANDS

News29 Oct 2024
5


CISA WARNS OF CRITICAL SOFTWARE VULNERABILITIES IN INDUSTRIAL DEVICES

News1 Nov 2024
6



THE FUTURE OF FRAUD: DEFENDING AGAINST ADVANCED ACCOUNT ATTACKS

Webinar18 Jul 2024
1


HOW TO PROACTIVELY REMEDIATE RISING WEB APPLICATION THREATS

Webinar30 May 2024
2


HOW TO MANAGE YOUR RISKS AND PROTECT YOUR FINANCIAL DATA

Webinar30 Oct 2024
3


NEW CYBER REGULATIONS: WHAT IT MEANS FOR UK AND EU BUSINESSES

Webinar10 Oct 2024
4


HOW TO UNLOCK FRICTIONLESS SECURITY WITH DEVICE IDENTITY & MFA

Webinar11 Apr 2024
5


HOW TO OPTIMIZE THIRD-PARTY RISK MANAGEMENT PROGRAMS THROUGH NIST CSF 2.0

Webinar16 May 2024
6



#CYBERMONTH: SOFTWARE UPDATES, A DOUBLE-EDGED SWORD FOR CYBERSECURITY
PROFESSIONALS

News Feature10 Oct 2024
1


RUSSIA'S SVR TARGETS ZIMBRA, TEAMCITY SERVERS FOR CYBER ESPIONAGE

News11 Oct 2024
2


#CYBERMONTH: HOW TO OUTSMART NOVEL PHISHING TACTICS AND TECHNIQUES

News Feature1 Oct 2024
3


IVANTI: THREE CSA ZERO-DAYS ARE BEING EXPLOITED IN ATTACKS

News9 Oct 2024
4


#CYBERMONTH: HOW TO PROTECT YOUR DIGITAL LIFE, SIX WAYS TO STAY SAFE ONLINE

News Feature8 Oct 2024
5


31 NEW RANSOMWARE GROUPS JOIN THE ECOSYSTEM IN 12 MONTHS

News8 Oct 2024
6



THE MAGAZINE

 * About Infosecurity
 * Meet the team
 * Contact us


ADVERTISERS

 * Media pack


CONTRIBUTORS

 * Forward features
 * Op-ed
 * Next-gen submission

 * 
 * 
 * 

 * Copyright © 2024 Reed Exhibitions Ltd.
 * Terms and Conditions
 * Privacy Policy
 * Intellectual property statement
 * Cookies Settings
 * Cookie Policy
 * Sitemap




We use cookies to analyse and improve our service, to improve and personalise
content, advertising and your digital experience. We also share information
about your use of our site with our social media, advertising and analytics
partners. Cookie Policy
Accept All Cookies
Cookies Settings



COOKIE PREFERENCE CENTRE

We process your information, to deliver content or advertisements and measure
the delivery of such content or advertisements, extract insights, and generate
reports to understand service usage; and/or accessing or storing information on
devices for that purpose.

You can choose not to allow some types of cookies. However, blocking some types
of cookies may impact your experience of the site and the services we are able
to offer. Click on the different category headings to find out more, to change
our default settings, and/or view the list of Google Ad-Tech Vendors.


Cookie Policy



MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY COOKIES

Always Active
Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.



Cookies Details‎

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.

Cookies Details‎

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.

Cookies Details‎

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. If you do not allow these cookies, you will
experience less targeted advertising.

Cookies Details‎
Confirm My Choices

Back Button

Back


PERFORMANCE COOKIES



Vendor Search Search Icon Filter Icon


Clear Filters

Information storage and access
Apply
Consent Leg.Interest

All Consent Allowed

Select All Vendors
Select All Vendors
All Consent Allowed

Confirm My Choices