BreachExchange mailing list archives
Cybersecurity's naughty and nice list
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Wed, 23 Dec 2015 18:21:32 -0600
http://www.securityinfowatch.com/article/12151617/cybersecuritys-naughty-and-nice-list The past year was another challenging one for IT security, in which cyberattacks continued to increase in frequency and severity. As we welcome 2016, it’s a good time to reevaluate the IT security practices that have been working, and those that haven’t. What habits from the past year would land your organization on cybersecurity’s naughty list and which would land you on the nice list? It’s amazing how kids always know what list they’ve been on, and somehow tend to become “nicer” as the holidays near. Unfortunately, IT security pros usually can’t change that quickly, but there is good news. If you’ve been naughty for one reason or another, the New Year is a good time to implement change. Here’s a quick list of common habits that will help you figure out just how naughty you’ve been, and what you might have to do to redeem yourself in the New Year. *Assuming You’re Not a Target vs. Assuming You’ve Already Been Breached* Shockingly, recent research from the Ponemon Institute <http://info.prelert.com/half-it-security-pros-believe-they-are-unlikely-target-for-attack-finds-ponemon-institute-study>found that half of IT security practitioners in the U.S. view their organization as an unlikely target for attack. If today’s headlines are any indication, any organization that stores its data or customers’ data can become the target of a damaging data breach. Assuming you’re not a target can lead to reduced diligence in defending against and detecting advanced threat activity and land you on the naughty list for sure. To get on the nice list, you have to assume the “bad guys” have already made their way into your network. Historically, building higher walls and deeper moats kept bad actors at bay, but for today’s attacks, organizations will first need to assume they’ve been breached, and then analyze the common characteristics of intrusions to detect threats early—before significant damage is done. *Focusing Only on Known Threats vs. Utilizing Advanced Threat Detection to Look for New Threats* Organizations are asking for trouble if they assume traditional approaches to security will keep them safe from an attack. Protecting only against “known” threats such as malware, and known vectors such as email and web browsing, is proving inadequate to combat today’s advanced cybercriminals, who are continuously identifying new ways to infiltrate systems unnoticed. But if your organization is using advanced detection methods that could also identify new, unknown threats, it’s in a much safer place. One example of this is using machine learning technology that can baseline normal activity. This type of technology can analyze millions of data points each minute to identify and flag anomalous activity. This not only helps detect known threats, but also identifies unusual behaviors that may be associated with advanced threat activity and unknown threats. This is particularly critical as hackers adopt new attack methods. *Ignoring vs. Embracing the Internet of Things* If you’ve only been monitoring desktops, laptops and servers, you’re going to find a lump of coal in your stocking. Assuming that only computing devices represent risks to an organization’s data and systems creates major security gaps. Printers, scanners, POS systems, mobile devices, HVAC systems, and even drones can be exploited to enable an attacker to gain access to a network. Organizations that are serious about defending their IT infrastructure know they first need to understand the potential attack surface. This means monitoring anything with an IP address. Taking a bottoms-up approach by cataloging, classifying, and controlling each IP address on the
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Cybersecurity's naughty and nice list Inga Goddijn (Dec 24)