Six Emerging CyberSecurity Risks

Uploaded on 2015-10-07 in NEWS-News Analysis, FREE TO VIEW, TECHNOLOGY--Hackers, TECHNOLOGY--Resilience

 

Here are six takeaways from the panel; they should provide valuable input for both individuals and businesses seeking to stay ahead of cyber-threats:

1.While preventative information-security measures are obviously a necessity, businesses and people must still assume that hackers will ultimately penetrate their infrastructure despite all of the security technologies in place. Remember, the odds are dramatically in an attacker’s favor–he or she needs to get just one attack through, a defender needs to stop all attacks. As such, segmenting data–i.e., not putting all of your eggs in one basket–is critically important. It is also wise to understand who might be interested in attacking your organization, what their motives may be, and what resources they are likely to have–without such knowledge you may misallocate your valuable resources.

2. Deception can be a useful component of a security strategy. If you include fake servers and fake, traceable data within your network, hackers may not be able to identify what data is valuable and what is not, and you may improve your chances of catching anyone who targets you (e.g., if a criminal attempts to use stolen, traceable, phony data). Deceptive practices can also help by forcing attackers to expend time analyzing data, which may encourage them to turn their attention elsewhere.

3.Cyberterrorism has begun. Almost half of the energy-sector organizations polled for a recent cybersecurity study reported that attackers had attempted to delete or destroy information on their systems. From a practical standpoint if a utility goes offline it does not matter much to those without power, gas, or water whether the attackers were nation-states, terrorist groups, hacktivists, or others. Of course, from a national security standpoint the nature of the enemy is important, and, the common belief is that cyber-terrorism, and attempts at cyber terrorism, are likely to grow dramatically worse with time. As I mentioned in a prior article, both Eugene Kaspersky (CEO of Kaspersky Labs) and a senior member of the AT&T security team have told me that they believe that a major cyber-terrorism-type incident is likely to happen in the not so distant future.

4. Nearly every person and business today relies on the information-security of third-parties for many mission critical tasks. Several major recent breaches have been achieved, at least in part, by hackers attacking vendors or suppliers of the firms ultimately being targeted. Make sure businesses with which you are dealing don’t become your Achilles heel. Businesses should proactively collaborative with their suppliers–sharing expertise and, if appropriate, technology. It can sometimes be more cost effective to provide such resources to third parties than to conduct complex audits of their systems, make demands, and, possibly be forced to find alternative providers with better security.

5..Humans are often the weakest point in the security chain. Many high profile breaches have begun with criminals gathering information inappropriately posted on social media, crafting targeted phishing emails based on that data, and penetrating organizations by exploiting human mistakes. Security technology can be rendered entirely ineffective by people’s errors; make sure to address human risks as part of your security strategy.

6.Emerging technologies are obviously great targets, and, as such, the attacks that we have seen on Mobile and Internet-Of-Things technologies, as well as against cars, are the tip of the iceberg of what is to come. Likewise, the success of zero-day attacks–that is, attacks that exploit vulnerabilities previously unknown to the public–and the lack of solid defenses against them–almost guarantees that sophisticated hackers will seek to identify and exploit such weaknesses in the future. Technologies that identify and report about anomalous activity within your infrastructure may help secure against some of these risks.

Inc.com: http://bit.ly/1OMlI5z

 

« 'Hackers for Hire'- Major Police Effort To Fight Criminal Gangs.
Hackers Burrow Into Apple's Walled Garden »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

TNO Cyber Security Lab

TNO Cyber Security Lab

TNO Cyber Security Lab is a dedicated facility for innovative and experimental research with the goal of a safe and resilient cyberspace.

Reblaze Technologies

Reblaze Technologies

Reblaze provides the world’s best security technologies in a cloud-based website security platform.

Niksun

Niksun

Niksun's forensics-based cyber security and network performance monitoring products provide customers with actionable insight into security threats, performance issues, and compliance risks.

CSIRT-CY

CSIRT-CY

CSIRT-CY is the National Computer Security Incident Response Team for Cyprus.

NETAS

NETAS

Netas offers solutions in information and communication technologies including end-to-end value added solutions, system integration and technology services to providers and corporations.

LightEdge Solutions

LightEdge Solutions

LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

Pelion

Pelion

Pelion Connected Device Services are the easiest way to securely connect and manage your devices, allowing you to focus on forging your future.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Eastern Cyber Resilience Centre (ECRC)

Eastern Cyber Resilience Centre (ECRC)

The Eastern Cyber Resilience Centre is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Ibento Global

Ibento Global

Ibento organises the CyberX series of cybersecurity conferences.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

Cloudflare

Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

SecurityStudio

SecurityStudio

SecurityStudio is a continuous cybersecurity risk management platform that allows decision-makers to quickly identify the most immediate threats and make confident risk informed decisions.

Supra ITS

Supra ITS

Supra ITS is a leading full-service technology partner offering IT Consulting, Cloud Services, 24x7 Managed IT & Cybersecurity Services, and IT Project Support.