Six Emerging CyberSecurity Risks

Uploaded on 2015-10-07 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers, TECHNOLOGY--Resilience

 

Here are six takeaways from the panel; they should provide valuable input for both individuals and businesses seeking to stay ahead of cyber-threats:

1.While preventative information-security measures are obviously a necessity, businesses and people must still assume that hackers will ultimately penetrate their infrastructure despite all of the security technologies in place. Remember, the odds are dramatically in an attacker’s favor–he or she needs to get just one attack through, a defender needs to stop all attacks. As such, segmenting data–i.e., not putting all of your eggs in one basket–is critically important. It is also wise to understand who might be interested in attacking your organization, what their motives may be, and what resources they are likely to have–without such knowledge you may misallocate your valuable resources.

2. Deception can be a useful component of a security strategy. If you include fake servers and fake, traceable data within your network, hackers may not be able to identify what data is valuable and what is not, and you may improve your chances of catching anyone who targets you (e.g., if a criminal attempts to use stolen, traceable, phony data). Deceptive practices can also help by forcing attackers to expend time analyzing data, which may encourage them to turn their attention elsewhere.

3.Cyberterrorism has begun. Almost half of the energy-sector organizations polled for a recent cybersecurity study reported that attackers had attempted to delete or destroy information on their systems. From a practical standpoint if a utility goes offline it does not matter much to those without power, gas, or water whether the attackers were nation-states, terrorist groups, hacktivists, or others. Of course, from a national security standpoint the nature of the enemy is important, and, the common belief is that cyber-terrorism, and attempts at cyber terrorism, are likely to grow dramatically worse with time. As I mentioned in a prior article, both Eugene Kaspersky (CEO of Kaspersky Labs) and a senior member of the AT&T security team have told me that they believe that a major cyber-terrorism-type incident is likely to happen in the not so distant future.

4. Nearly every person and business today relies on the information-security of third-parties for many mission critical tasks. Several major recent breaches have been achieved, at least in part, by hackers attacking vendors or suppliers of the firms ultimately being targeted. Make sure businesses with which you are dealing don’t become your Achilles heel. Businesses should proactively collaborative with their suppliers–sharing expertise and, if appropriate, technology. It can sometimes be more cost effective to provide such resources to third parties than to conduct complex audits of their systems, make demands, and, possibly be forced to find alternative providers with better security.

5..Humans are often the weakest point in the security chain. Many high profile breaches have begun with criminals gathering information inappropriately posted on social media, crafting targeted phishing emails based on that data, and penetrating organizations by exploiting human mistakes. Security technology can be rendered entirely ineffective by people’s errors; make sure to address human risks as part of your security strategy.

6.Emerging technologies are obviously great targets, and, as such, the attacks that we have seen on Mobile and Internet-Of-Things technologies, as well as against cars, are the tip of the iceberg of what is to come. Likewise, the success of zero-day attacks–that is, attacks that exploit vulnerabilities previously unknown to the public–and the lack of solid defenses against them–almost guarantees that sophisticated hackers will seek to identify and exploit such weaknesses in the future. Technologies that identify and report about anomalous activity within your infrastructure may help secure against some of these risks.

Inc.com: http://bit.ly/1OMlI5z

 

« 'Hackers for Hire'- Major Police Effort To Fight Criminal Gangs.
Hackers Burrow Into Apple's Walled Garden »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

mile2

mile2

Mile2 develop and deliver proprietary vendor neutral professional certifications for the cyber security industry.

DKCERT

DKCERT

DKCERT (Danish Computer Security Incident Response Team) handles security incidents on forskningsnettet, the National Research and Education Network (NREN) in Denmark.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

4Stop

4Stop

4Stop is a global KYC, compliance and anti-fraud risk management company.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

Nexum

Nexum

Nexum takes a comprehensive approach to security, from detecting and preventing network threats, to equipping you with the information, tools and training you need to effectively manage IT risk.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

BluescreenIT (BIT)

BluescreenIT (BIT)

BluescreenIT is an IT Security Consultancy and IT and Cyber Security Training company supporting industry, local authorities, MoD and governmental IT departments.

Marcum Technology

Marcum Technology

Marcum Technology consultants are focused on helping you reach your company’s full potential by exploring creative ways to integrate tomorrow’s technology into your business today.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.

Post-Quantum Cryptography Alliance (PQCA)

Post-Quantum Cryptography Alliance (PQCA)

The alliance seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.