Summary of Gregory C. Rasner's Cybersecurity and Third-Party Risk
By IRB Media
()
About this ebook
Please note: This is a companion version & not the original book. Book Preview:
#1 On December 10, 2020, ESET researchers announced they had found that a chat software called Able Desktop, part of a widely used business management suite in Mongolia, was exploited to deliver the HyperBro backdoor, the Korplug RAT, and another RAT named Tmanger.
#2 On December 13, 2020, FireEye, a global leader in cybersecurity, published the first details about the SolarWinds Supply-Chain Attack, a global intrusion campaign that inserted a trojan into the SolarWinds Orion business software updates to distribute the malware.
#3 The most recent attack reflects a particular focus on the United States and many other democracies, but it also provides a powerful reminder that people in virtually every country are at risk and need protection.
#4 On December 17, 2020, ESET Research announced that it had detected a large supply-chain attack against the digital signing authority of the government of Vietnam, the website for the Vietnam Government Certification Authority. The website was hacked as early as July 23rd, and no later than August 16, 2020. The compromised toolkits contained malware known as PhantomNet.
IRB Media
With IRB books, you can get the key takeaways and analysis of a book in 15 minutes. We read every chapter, identify the key takeaways and analyze them for your convenience.
Read more from Irb Media
Summary of Tiago Forte's Building a Second Brain Rating: 4 out of 5 stars4/5Summary of David R. Hawkins's Letting Go Rating: 4 out of 5 stars4/5Summary of Anna Lembke's Dopamine Nation Rating: 4 out of 5 stars4/5Summary of Jessie Inchauspe's Glucose Revolution Rating: 5 out of 5 stars5/5Summary of Joe Dispenza's Breaking the Habit of Being Yourself Rating: 4 out of 5 stars4/5The Untethered Soul by Michael A. Singer | Key Takeaways, Analysis & Review: The Journey Beyond Yourself Rating: 4 out of 5 stars4/5Summary of Mark Wolynn's It Didn't Start with You Rating: 4 out of 5 stars4/5Summary of Dr. Mindy Pelz's The Menopause Reset Rating: 3 out of 5 stars3/5Summary of Dr. Julie Smith's Why Has Nobody Told Me This Before? Rating: 4 out of 5 stars4/5Summary of J.L. Collins's The Simple Path to Wealth Rating: 5 out of 5 stars5/5Summary of Al Brooks's Trading Price Action Trends Rating: 5 out of 5 stars5/5Summary of Clarissa Pinkola Estés's Women Who Run With the Wolves Rating: 5 out of 5 stars5/5Summary of Lindsay C. Gibson's Adult Children of Emotionally Immature Parents Rating: 5 out of 5 stars5/5Summary of Erin Meyer's The Culture Map Rating: 5 out of 5 stars5/5Summary of Ryan Daniel Moran's 12 Months to $1 Million Rating: 5 out of 5 stars5/5Summary of James Nestor's Breath Rating: 5 out of 5 stars5/5Summary of Uma Naidoo's This Is Your Brain on Food Rating: 5 out of 5 stars5/5Summary of Mark Douglas' The Disciplined Trader™ Rating: 5 out of 5 stars5/5Summary of Brendan Kane's One Million Followers Rating: 0 out of 5 stars0 ratingsSummary of Haemin Sunim's The Things You Can See Only When You Slow Down Rating: 5 out of 5 stars5/5Summary of Lindsay C. Gibson's Self-Care for Adult Children of Emotionally Immature Parents Rating: 5 out of 5 stars5/5Summary of Gino Wickman's Traction Rating: 4 out of 5 stars4/5Summary of Gabor Mate's When the Body Says No Rating: 0 out of 5 stars0 ratingsSummary of Thomas Erikson's Surrounded by Idiots Rating: 1 out of 5 stars1/5Summary of Devon Price's Unmasking Autism Rating: 5 out of 5 stars5/5Summary of Gordon Neufeld & Gabor Maté's Hold On to Your Kids Rating: 5 out of 5 stars5/5Summary of Bronnie Ware's Top Five Regrets of the Dying Rating: 4 out of 5 stars4/5Summary of Rebecca Fett's It Starts With The Egg Rating: 0 out of 5 stars0 ratingsSummary of Benjamin P. Hardy's Be Your Future Self Now Rating: 5 out of 5 stars5/5
Related to Summary of Gregory C. Rasner's Cybersecurity and Third-Party Risk
Related ebooks
The Five Anchors of Cyber Resilience: Why some enterprises are hacked into bankruptcy, while others easily bounce back Rating: 0 out of 5 stars0 ratings8 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Information Protection: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsFortify Your Data: A Guide to the Emerging Technologies Rating: 0 out of 5 stars0 ratingsCyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk Rating: 0 out of 5 stars0 ratingsIT Security Concepts: 1, #1 Rating: 5 out of 5 stars5/5Smiling Security: The Cybersecurity Manager's Road to Success Rating: 0 out of 5 stars0 ratingsInformation Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsCyber Resilience: Defence-in-depth principles Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Cases Studies and Solutions Rating: 0 out of 5 stars0 ratingsCyber Hygiene A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsMobile Computing: Securing your workforce Rating: 0 out of 5 stars0 ratingsRisk and Cybersecurity Third Edition Rating: 0 out of 5 stars0 ratingsSecurity 2020: Reduce Security Risks This Decade Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsThe CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam Rating: 0 out of 5 stars0 ratingsThe Human Fix to Human Risk: 5 Steps to Fostering a Culture of Cyber Security Awareness Rating: 0 out of 5 stars0 ratingsPhysical Security for IT Rating: 5 out of 5 stars5/5Cybersecurity Awareness A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsStay Cyber Safe: What Every CEO Should Know About Cybersecurity Rating: 0 out of 5 stars0 ratingsCybersecurity Risk Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsInformation Security Best Practices: 205 Basic Rules Rating: 0 out of 5 stars0 ratingsInformation security Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsTransformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors Rating: 0 out of 5 stars0 ratingsStart-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit Rating: 0 out of 5 stars0 ratingsExecutive's Guide to Cyber Risk: Securing the Future Today Rating: 0 out of 5 stars0 ratingsIBM QRadar A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsSecurity Operations Center A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsThreat model A Complete Guide Rating: 5 out of 5 stars5/5
Business For You
Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5The Book of Beautiful Questions: The Powerful Questions That Will Help You Decide, Create, Connect, and Lead Rating: 4 out of 5 stars4/5How to Write a Grant: Become a Grant Writing Unicorn Rating: 5 out of 5 stars5/5Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5Confessions of an Economic Hit Man, 3rd Edition Rating: 5 out of 5 stars5/5Carol Dweck's Mindset The New Psychology of Success: Summary and Analysis Rating: 4 out of 5 stars4/5Robert's Rules Of Order Rating: 5 out of 5 stars5/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5The Everything Guide To Being A Paralegal: Winning Secrets to a Successful Career! Rating: 5 out of 5 stars5/5Real Artists Don't Starve: Timeless Strategies for Thriving in the New Creative Age Rating: 4 out of 5 stars4/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5Law of Connection: Lesson 10 from The 21 Irrefutable Laws of Leadership Rating: 4 out of 5 stars4/5The Five Dysfunctions of a Team: A Leadership Fable, 20th Anniversary Edition Rating: 4 out of 5 stars4/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5Just Listen: Discover the Secret to Getting Through to Absolutely Anyone Rating: 4 out of 5 stars4/5Set for Life: An All-Out Approach to Early Financial Freedom Rating: 4 out of 5 stars4/5Capitalism and Freedom Rating: 4 out of 5 stars4/5Lying Rating: 4 out of 5 stars4/5Buy, Rehab, Rent, Refinance, Repeat: The BRRRR Rental Property Investment Strategy Made Simple Rating: 5 out of 5 stars5/5
Reviews for Summary of Gregory C. Rasner's Cybersecurity and Third-Party Risk
0 ratings0 reviews
Book preview
Summary of Gregory C. Rasner's Cybersecurity and Third-Party Risk - IRB Media
Insights on Gregory C. Rasner's Cybersecurity and Third-Party Risk
Contents
Insights from Chapter 1
Insights from Chapter 2
Insights from Chapter 3
Insights from Chapter 4
Insights from Chapter 5
Insights from Chapter 6
Insights from Chapter 7
Insights from Chapter 8
Insights from Chapter 9
Insights from Chapter 10
Insights from Chapter 11
Insights from Chapter 12
Insights from Chapter 13
Insights from Chapter 14
Insights from Chapter 15
Insights from Chapter 16
Insights from Chapter 1
#1
On December 10, 2020, ESET researchers announced they had found that a chat software called Able Desktop, part of a widely used business management suite in Mongolia, was exploited to deliver the HyperBro backdoor, the Korplug RAT, and another RAT named Tmanger.
#2
On December 13, 2020, FireEye, a global leader in cybersecurity, published the first details about the SolarWinds Supply-Chain Attack, a global intrusion campaign that inserted a trojan into the SolarWinds Orion business software updates to distribute the malware.
#3
The most recent attack reflects a particular focus on the United States and many other democracies, but it also provides a powerful reminder that people in virtually every country are at risk and need protection.
#4
On December 17, 2020, ESET Research announced that it had detected a large supply-chain attack against the digital signing authority of the government of Vietnam, the website for the Vietnam Government Certification Authority. The website was hacked as early as July 23rd, and no later than August 16, 2020. The compromised toolkits contained malware known as PhantomNet.
#5
The malware was used for lateral movement. It allowed the attacker to move around the network and collect and transfer information about the computer, user accounts, and victim. In the post-attack forensics, no data was discovered.
#6
On January 2, 2020, networking device maker Zyxel announced that over 100,000 of their firewalls, VPN gateways, and access point controllers contained a hardcoded administrator backdoor account, which gives root-level access.
#7
The only way to resolve this issue is to unplug and replace the devices to ensure security posture. The hardcoded user account zyfwp and password PrOw!N_fXp were stored in visible plaintext.
#8
The third party attack phenomenon continued in 2020, with several incidents targeting nearly a whole country. The attackers were all APTs and were stealthy enough to remain undetected for months or longer. They would target the weakest link in the chain, which in many cases was a vendor.
#9
There are hundreds of examples of third parties compromising the data of companies and their customers. These breaches cost these companies large amounts of money, which directly affects consumers, and extensively damages the companies' reputations.
#10
The most successful companies at preventing their systems from being compromised go beyond what a regulator or regulation mandates them to do for compliance. They are not reliant on the government to set the standard for what to do and how to do it.
#11
Third-party risk, or what another company is doing to lower your risk, might seem like it places a CISO and the cybersecurity organization at a disadvantage because they cannot control what goes on at another entity. However, that is a myth.
#12
Security is an ongoing activity, while compliance is a checklist-based process that takes place at a specific point in time. Security is about making sure data is not lost, while compliance is about making sure a company meets the minimum requirements for specific regulations.
#13
Health Fitness, a fitness company, released the names and IDs of its employees, as well as the names and IDs of physicians. Washoe County School District, which serves over 100,000 students in Nevada, had their emails, usernames, and passwords exposed by Edmodo.
#14
There were dozens of breaches in 2020 that exposed the personal information of millions of people. Some of the largest include: Bank of America, Caused by an unnamed third party merchant, Paycheck Protection Plan application details were released; T‐Mobile, due to an email