Cybercriminals can spend months inside organizations, storing away information for a future attack or piecing data together that will get them to the prize they are after. They will also create measures to protect themselves from detection. Sometimes they create diversionary tactics to draw your attention away from what they are doing and where they have succeeded, as EY’s Global Information Security Survey 2015 shows. Cyberattacks impact both business decisions, mergers/acquisitions and competitive positions.
All about Virtualization and Cloud Security | Recent Articles:
Recent cybersecurity incidents have left organizations and companies struggling to implement the necessary resources to minimize IT risks, regardless of how much security budgets have increased. More than 71 percent of organizations fear zero-day attacks and strongly believe they’re the most serious threats, and over 74 percent believe that it’s likely and very likely that their organization will be hit by an APT (Advanced Persistent Threat).
Some argue that successful information security is a matter of getting the technology right. Others contend that it’s more about training and education. I think both views are valid, but neither is complete. Good information security is about technology design and deployment, to be sure. But it’s also about people and the right processes being in place.
One of the hottest topics in IT these days is the Internet of Things (IoT). This is partly hype for sure, but IoT is nevertheless something all IT and security executives should be learning about, if not actually focusing on as a corporate strategy.
Cyber attacks involving destructive malware will become a bigger problem for organizations. A growing trend in cyber attacks has been the unleashing of destructive malware such as Cryptolocker and Shamoon. Only 38 percent of respondents in a recent survey by Ponemon Institute they have a strategy to deal with destructive software.
The Internet of Things will soon become the biggest vector of attacks on companies, as the number of connected devices is set to reach between 20 billion and 50 billion units by 2020.
The definition of corporate “endpoints” is constantly evolving, and securing those endpoints is becoming increasingly complex for enterprises. As the SANS Institute points out in its March 2016 Endpoint Security Survey, endpoints now include non-traditional computing devices or "things," and IT professionals are becoming aware of the fact that those endpoints require different thinking around security.
With more than 24 billion Internet of Things (IoT) devices estimated to hit the market by 2020 and spending on IoT solutions over the next five years to reach nearly $6 trillion, organizations cannot afford not to start preparing for adoption.
It seems no matter how hard enterprises try, no matter what investments in security controls and processes they make, and no matter how much they strive to harden their systems, data breaches, data manipulation, cyber extortion and other attacks on availability are going to happen. Just like taking precautions to protect themselves from fraud and theft, or natural disasters like hurricanes, tornados, earthquakes and fires. Industry takes steps to mitigate these risks, but can’t eliminate these risks. Cybersecurity is much the same.
Life in the SOC has grown a lot more complicated in the last few years as the major forces of cloud and software-defined networking (SDN) adoption have started to converge on enterprise IT in a very big way.
With cybercriminals making millions – if not billions – of dollars from ransom requests, companies have also been targets of opportunity. While file encrypting ransomware such as CryptoWall have been known to cause financial losses topping $18 million, variants that encrypt the NTFS MFT (Master File Table) – Petya for instance – have been raising concern, as recovery from it involves complete endpoint downtime and significant IT challenges.
It’s one of the more famous quotes about computer programming:
To err is human, but to really foul things up requires a computer.