BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Cybersecurity's naughty and nice list

From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Wed, 23 Dec 2015 18:21:32 -0600
http://www.securityinfowatch.com/article/12151617/cybersecuritys-naughty-and-nice-list

The past year was another challenging one for IT security, in which
cyberattacks continued to increase in frequency and severity. As we welcome
2016, it’s a good time to reevaluate the IT security practices that have
been working, and those that haven’t. What habits from the past year would
land your organization on cybersecurity’s naughty list and which would land
you on the nice list?

 It’s amazing how kids always know what list they’ve been on, and somehow
tend to become “nicer” as the holidays near. Unfortunately, IT security
pros usually can’t change that quickly, but there is good news. If you’ve
been naughty for one reason or another, the New Year is a good time to
implement change. Here’s a quick list of common habits that will help you
figure out just how naughty you’ve been, and what you might have to do to
redeem yourself in the New Year.

 *Assuming You’re Not a Target vs. Assuming You’ve Already Been Breached*

Shockingly, recent research from the Ponemon Institute
<http://info.prelert.com/half-it-security-pros-believe-they-are-unlikely-target-for-attack-finds-ponemon-institute-study>found
that half of IT security practitioners in the U.S. view their organization
as an unlikely target for attack. If today’s headlines are any indication,
any organization that stores its data or customers’ data can become the
target of a damaging data breach. Assuming you’re not a target can lead to
reduced diligence in defending against and detecting advanced threat
activity and land you on the naughty list for sure.

 To get on the nice list, you have to assume the “bad guys” have already
made their way into your network. Historically, building higher walls and
deeper moats kept bad actors at bay, but for today’s attacks, organizations
will first need to assume they’ve been breached, and then analyze the
common characteristics of intrusions to detect threats early—before
significant damage is done.

 *Focusing Only on Known Threats vs. Utilizing Advanced Threat Detection to
Look for New Threats*

Organizations are asking for trouble if they assume traditional approaches
to security will keep them safe from an attack. Protecting only against
“known” threats such as malware, and known vectors such as email and web
browsing, is proving inadequate to combat today’s advanced cybercriminals,
who are continuously identifying new ways to infiltrate systems unnoticed.

 But if your organization is using advanced detection methods that could
also identify new, unknown threats, it’s in a much safer place. One example
of this is using machine learning technology that can baseline normal
activity. This type of technology can analyze millions of data points each
minute to identify and flag anomalous activity. This not only helps detect
known threats, but also identifies unusual behaviors that may be associated
with advanced threat activity and unknown threats. This is particularly
critical as hackers adopt new attack methods.

 *Ignoring vs. Embracing the Internet of Things*

If you’ve only been monitoring desktops, laptops and servers, you’re going
to find a lump of coal in your stocking. Assuming that only computing
devices represent risks to an organization’s data and systems creates major
security gaps. Printers, scanners, POS systems, mobile devices, HVAC
systems, and even drones can be exploited to enable an attacker to gain
access to a network.
 Organizations that are serious about defending their IT infrastructure
know they first need to understand the potential attack surface. This means
monitoring anything with an IP address.  Taking a bottoms-up approach by
cataloging, classifying, and controlling each IP address on the

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: