Six Emerging CyberSecurity Risks

 

Here are six takeaways from the panel; they should provide valuable input for both individuals and businesses seeking to stay ahead of cyber-threats:

1.While preventative information-security measures are obviously a necessity, businesses and people must still assume that hackers will ultimately penetrate their infrastructure despite all of the security technologies in place. Remember, the odds are dramatically in an attacker’s favor–he or she needs to get just one attack through, a defender needs to stop all attacks. As such, segmenting data–i.e., not putting all of your eggs in one basket–is critically important. It is also wise to understand who might be interested in attacking your organization, what their motives may be, and what resources they are likely to have–without such knowledge you may misallocate your valuable resources.

2. Deception can be a useful component of a security strategy. If you include fake servers and fake, traceable data within your network, hackers may not be able to identify what data is valuable and what is not, and you may improve your chances of catching anyone who targets you (e.g., if a criminal attempts to use stolen, traceable, phony data). Deceptive practices can also help by forcing attackers to expend time analyzing data, which may encourage them to turn their attention elsewhere.

3.Cyberterrorism has begun. Almost half of the energy-sector organizations polled for a recent cybersecurity study reported that attackers had attempted to delete or destroy information on their systems. From a practical standpoint if a utility goes offline it does not matter much to those without power, gas, or water whether the attackers were nation-states, terrorist groups, hacktivists, or others. Of course, from a national security standpoint the nature of the enemy is important, and, the common belief is that cyber-terrorism, and attempts at cyber terrorism, are likely to grow dramatically worse with time. As I mentioned in a prior article, both Eugene Kaspersky (CEO of Kaspersky Labs) and a senior member of the AT&T security team have told me that they believe that a major cyber-terrorism-type incident is likely to happen in the not so distant future.

4. Nearly every person and business today relies on the information-security of third-parties for many mission critical tasks. Several major recent breaches have been achieved, at least in part, by hackers attacking vendors or suppliers of the firms ultimately being targeted. Make sure businesses with which you are dealing don’t become your Achilles heel. Businesses should proactively collaborative with their suppliers–sharing expertise and, if appropriate, technology. It can sometimes be more cost effective to provide such resources to third parties than to conduct complex audits of their systems, make demands, and, possibly be forced to find alternative providers with better security.

5..Humans are often the weakest point in the security chain. Many high profile breaches have begun with criminals gathering information inappropriately posted on social media, crafting targeted phishing emails based on that data, and penetrating organizations by exploiting human mistakes. Security technology can be rendered entirely ineffective by people’s errors; make sure to address human risks as part of your security strategy.

6.Emerging technologies are obviously great targets, and, as such, the attacks that we have seen on Mobile and Internet-Of-Things technologies, as well as against cars, are the tip of the iceberg of what is to come. Likewise, the success of zero-day attacks–that is, attacks that exploit vulnerabilities previously unknown to the public–and the lack of solid defenses against them–almost guarantees that sophisticated hackers will seek to identify and exploit such weaknesses in the future. Technologies that identify and report about anomalous activity within your infrastructure may help secure against some of these risks.

Inc.com: http://bit.ly/1OMlI5z

 

« 'Hackers for Hire'- Major Police Effort To Fight Criminal Gangs.
Hackers Burrow Into Apple's Walled Garden »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

CCL Solutions Group

CCL Solutions Group

CCL is one of Europe’s leading digital investigation specialists, supporting law enforcement, government and organisations across both public and private sectors.

CyberESI

CyberESI

CyberESI is a Managed Security Service Provider providing 24x7 remote security monitoring and management of your mission-critical networks.

NextVision

NextVision

NextVision is a Cybersecurity and Technology company offering a range of solutions and services for Security, Compliance and IT Infrastructure Management.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

Cymptom

Cymptom

At Cymptom our purpose is to enable security managers to see at a glance all urgently risky gaps  in their organizations’ security posture at any given moment.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

Aspire Technology Solutions

Aspire Technology Solutions

Aspire is an award-winning IT Managed Service and Cyber Security Provider. We specialise in cyber security, cloud, connectivity, managed services, unified communications and IT support.

FOSSA

FOSSA

FOSSA is a leading SBOM (software bill of materials) and software supply chain risk management platform.

SecAI

SecAI

SecAI is an innovative threat intelligence-driven, and AI-powered vendor aiming at cyber threat detection and response.