Below is a roundup of the some of the most popular cybersecurity stories from the past month.

Despite Growing Threats, Many Organizations Still Unprepared

The vast majority of organizations still lack a formal cybersecurity incident response plan (CSIRP) that’s applied consistently across the organization, according to a new report from the Ponemon Institute. Paradoxically, the institute’s third annual study on cyber resilience found that organizations feel much more positive about their readiness than they did last year.

The survey is a study in contrasts. Despite their newfound confidence, 57 percent of respondents said that it’s taking longer to resolve incidents. Meanwhile, just 31 percent said they had sufficient budget for cyber resilience and 29 percent reported having the ideal staffing level. Given the IT skills shortage, look to artificial intelligence (AI) and machine learning to help alleviate the crisis.

Are You Ready for Anything?

IBM Security General Manager Marc van Zadelhoff couldn’t have been more prescient when he stated in a March 27 blog post that “cybercriminals are stealing your data. You’re scrambling to respond, hustling to contain, scurrying to an emergency board meeting. … You may be thinking that this isn’t going to happen to you, but many recent headlines say otherwise.” Indeed, in the days immediately following his pronouncement, a bevy of new breaches splashed across the headlines.

If preventing a breach is becoming ever more difficult, is there any hope for organizations to recover and even thrive in the aftermath of a cyber incident? This topic was covered in depth at the IBM Think event last month, where speakers offered security professionals guidance on how to prepare for the if and respond to the when. In the keynote “Ready for Anything: Build a Cyber Resilient Organization,” experts explained how to prepare through practice and runbooks, and covered what skills you need to quickly stop the damage in a crisis, recover and resume operations.

Celebrating Women in Security

Bridgette Pepper never expected to pursue a career in security, even though she was good with technology and loved solving problems. She studied political science in college, intending to become a lawyer, but took a risk, switched majors and has never looked back. Pepper, who is now a project manager for global solution design at IBM Security, is one of six women interviewed in an article celebrating International Women’s Day. The diverse group included interns and senior IBM executives talking about what attracted them to cybersecurity. The thrill of constant change, solving problems and making a difference were common themes in their remarks.

Speaking of making a difference, a panel of top IBM Security female executives also convened this month for a webinar titled “Why the Future for Women in Security Is Now.” A highly recommended watch for cybersecurity professionals of all levels and genders, this webinar offers powerful insights on the challenges facing the industry — but will nonetheless leave you feeling optimistic about what lies ahead.

Security Pros Get Their Own IBM Community

The bad guys are getting better at collaborating, so shouldn’t the good guys do the same? That’s the thinking behind the launch of the IBM Security Community, a place where security professionals can network with their peers, discuss cybersecurity news, learn about events and meetings, and improve their skills using IBM’s expanding portfolio of security products. The community will be run by its members, but IBM subject matter experts will be available to answer questions.

Guidance for the CISO

A good chief information security officer (CISO) is always open to taking advice or trying a new approach where an old one has proven unsuccessful. There were valuable insights in several recent articles that any CISO or security leader could benefit from.

In “Signs That Your Security Program Is Going Nowhere Fast,” Kevin Beaver explained how even organizations with the strongest security policies, most advanced tools and regular training are liable to overlook major security gaps. Instead of going through the motions, security leaders should set clear goals and measure the organization’s performance to identify areas in need of improvement. Otherwise, minor oversights can add up and become formidable challenges for the security team.

Meeting these goals requires buy-in from the entire enterprise, from the board of directors to rank-and-file employees. That’s why it’s crucial for the CISO to exert his or her influence within the organization to strengthen security culture, as Christophe Veltsos wrote in “Putting the ‘I’ in CISO: Why the Security Leader Must Become an Influencer.” Becoming an influencer doesn’t mean asserting absolute authority, however. Instead, the CISO must be proficient in the art of listening, forging strong alliances among line-of-business (LOB) managers and communicating the value of security in terms that executives can understand.

But before the CISO can communicate security concerns to lines of business, he or she must establish a proper framework to efficiently analyze threat intelligence and translate it into actionable insights. In “Security Intelligence at the Strategic, Operational and Tactical Levels,” Bob Gourley, a former naval intelligence officer, explained the differences between strategic, operational and tactical threat data and how they inform incident response planning, day-to-day decision-making and tactical operations during a breach.

Stay Tuned for More Cybersecurity News

Along with May flowers, April showers will inevitably bring new threats, trends and cybersecurity surprises. As we finally spring into a warmer season, stay tuned for more cybersecurity news next month.

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…