Six Emerging CyberSecurity Risks

Uploaded on 2015-10-07 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers, TECHNOLOGY--Resilience

 

Here are six takeaways from the panel; they should provide valuable input for both individuals and businesses seeking to stay ahead of cyber-threats:

1.While preventative information-security measures are obviously a necessity, businesses and people must still assume that hackers will ultimately penetrate their infrastructure despite all of the security technologies in place. Remember, the odds are dramatically in an attacker’s favor–he or she needs to get just one attack through, a defender needs to stop all attacks. As such, segmenting data–i.e., not putting all of your eggs in one basket–is critically important. It is also wise to understand who might be interested in attacking your organization, what their motives may be, and what resources they are likely to have–without such knowledge you may misallocate your valuable resources.

2. Deception can be a useful component of a security strategy. If you include fake servers and fake, traceable data within your network, hackers may not be able to identify what data is valuable and what is not, and you may improve your chances of catching anyone who targets you (e.g., if a criminal attempts to use stolen, traceable, phony data). Deceptive practices can also help by forcing attackers to expend time analyzing data, which may encourage them to turn their attention elsewhere.

3.Cyberterrorism has begun. Almost half of the energy-sector organizations polled for a recent cybersecurity study reported that attackers had attempted to delete or destroy information on their systems. From a practical standpoint if a utility goes offline it does not matter much to those without power, gas, or water whether the attackers were nation-states, terrorist groups, hacktivists, or others. Of course, from a national security standpoint the nature of the enemy is important, and, the common belief is that cyber-terrorism, and attempts at cyber terrorism, are likely to grow dramatically worse with time. As I mentioned in a prior article, both Eugene Kaspersky (CEO of Kaspersky Labs) and a senior member of the AT&T security team have told me that they believe that a major cyber-terrorism-type incident is likely to happen in the not so distant future.

4. Nearly every person and business today relies on the information-security of third-parties for many mission critical tasks. Several major recent breaches have been achieved, at least in part, by hackers attacking vendors or suppliers of the firms ultimately being targeted. Make sure businesses with which you are dealing don’t become your Achilles heel. Businesses should proactively collaborative with their suppliers–sharing expertise and, if appropriate, technology. It can sometimes be more cost effective to provide such resources to third parties than to conduct complex audits of their systems, make demands, and, possibly be forced to find alternative providers with better security.

5..Humans are often the weakest point in the security chain. Many high profile breaches have begun with criminals gathering information inappropriately posted on social media, crafting targeted phishing emails based on that data, and penetrating organizations by exploiting human mistakes. Security technology can be rendered entirely ineffective by people’s errors; make sure to address human risks as part of your security strategy.

6.Emerging technologies are obviously great targets, and, as such, the attacks that we have seen on Mobile and Internet-Of-Things technologies, as well as against cars, are the tip of the iceberg of what is to come. Likewise, the success of zero-day attacks–that is, attacks that exploit vulnerabilities previously unknown to the public–and the lack of solid defenses against them–almost guarantees that sophisticated hackers will seek to identify and exploit such weaknesses in the future. Technologies that identify and report about anomalous activity within your infrastructure may help secure against some of these risks.

Inc.com: http://bit.ly/1OMlI5z

 

« 'Hackers for Hire'- Major Police Effort To Fight Criminal Gangs.
Hackers Burrow Into Apple's Walled Garden »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

DefCamp

DefCamp

DefCamp is the most important annual conference on Hacking & Information Security in Central Eastern Europe.

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

The mission of the PNP Anti-Cybercrime Group is to implement and enforce pertinent laws on cybercrime and other cyber related crimes and pursue an effective anti-cybercrime campaign.

Cryptika

Cryptika

Cryptika is a fully integrated IT security and managed services provider, specialized in Next-Generation Cyber Security Technologies.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

TekSek Cyber Security

TekSek Cyber Security

Preparing you for tomorrow's security threats.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Telindus

Telindus

Telindus is the strategic IT partner for the flexible organization of the future. We build optimal IT infrastructure with four components: networking, cloud, cybersecurity and data & AI.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

ExactTrak

ExactTrak

ExactTrak provide embedded cyber security solutions for your digital devices – whenever and wherever you need them.

C/side (cside)

C/side (cside)

At c/side, we're creating the ultimate delivery, performance and detection mechanism for browser-side fetched 3rd party Javascript.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.