Posts Tagged ‘breach’
The worry to organizations however, is the number of these hackers who have never studied computer science but have an ambition to be a software developer and see it as a challenge to try to break into a businesses network undetected. Although this may seem an innocent personal challenge to them, this is ultimately aligned with greed and more often than not these people want to go for bigger and better.
Security teams need to be aware of methods to detect and instantly act upon this type of malicious hacking from so called “amateurs.” The IBM X-Force 2012 Mid-year Trend and Risk Report details the variety of attacks that a business could expect a hacker to use (read more here). A key point highlighted is the complexity of an organization’s network, moving from a traditional office only model to a world of interconnected devices and services. This has made it increasingly difficult to get a clear real-time snapshot of what is happening in the network, making it easier for amateur hackers to get in without raising any alarms.
In a recorded webcast with SCMagazine UK, Chris Poulin, IBM Security Systems Strategist details how to combat these young hackers, through QRadar’s anomaly detection capabilities and advanced forensic analysis, to quickly identify when a breach is occurring on your network. Click here to view.
Posted by Heather Howland in Cybersecurity
It’s not news to security experts; they’ve been saying it for ages. But for the rest of us (and by us, I mean people like me, who work in marketing, accounting, and so forth, and have little understanding of how our behaviors online could be compromising network security) one of the more recent Anonymous breaches is a strong reminder that it’s people who are the weakest link in any security policy.
This might come across as a “duh” moment, but organizations who make it a practice to constantly train ALL employees on online security practices are going to have a huge advantage when it comes to staying safe. As a marketeer, I am online all the time. I do my best to keep things locked down:
– bolt my lap top to my desk
– follow prompts and reminders to keep my passwords varied and secure
– remember to send passwords in separate emails if I need to share log in information with new users
–Encrypt and password protect attachments
–Check with security when I’m not sure about a link I’ve been sent
You get the gist. I work for a security company, so of course, we have people out there looking to make sure we follow the rules. And knowing that someone is watching me makes me all the more vigilant (you can call me a brown-noser, but I hate getting in trouble!).
It always amazes me when I see these articles and am reminded that not all organizations operate this way, even though really, we all should be. In today’s hacker-fueled “targets of choice” environment, it’s really important that security professionals take their job to the next level. That means not only relying on technology and policies to keep their networks safe; it means investing time and energy to make sure that everyone with network access has been trained and retrained and possibly certified. Some people might see that as over kill, but I just see it as being prepared.
What are you doing to make sure your employees are taking necessary precautions to keep your network safe? Please share your insights below.
According to a recent tweet from the well known hacktivist group Anonymous, they are back in action and taking requests. Then again, they never really were out of action, but with all the SOPA, PIPA, and now ACTA debates lately, they are making their voice heard.
Anonymous has always been vocal on many social media sites, but has never actually opened up for requests. This brings the concept of being a “target of choice” to a whole new level, don’t you think? Before the public onslaught of hactivism over the past year or so, it was assumed that these decisions about “who to hack” were taking place covertly in the background via encrypted messages, IRC, forum threads, etc. While it certainly is intimidating for the organizations being called out, it gives others warning that they might not have had before.
Looking back a couple years, would you have predicted hactivist organizations exposing themselves on social sites such as Facebook, Twitter, and YouTube to gain a consensus on who their next target(s) should be?
This past weekend I watched a documentary on More4 that delved into the Wikileaks scandal. “Wikileaks: Secrets & Lies” went into great detail explaining how Julian Assange served as a middleman in this scandal. Although Julian Assange is viewed as the face and spokesperson for Wikileaks, the documentary showed that Assange would not have had any global status if it weren’t for insiders who are willing to send sensitive information to the organization.
This programme was not broadcasting how a hacker could break into a network and steal information; it uncovered a deeper concern of how an insider can revolt, stealing privileged information from inside the network and causing havoc along the way.
This threat is a concern that should be top of mind for organizations. In a report published by Verizon on Business Data Breaches, they found that 48% of total data breaches were caused by insiders and 48% of breaches involved a misuse of an insider’s privileges.
Although identifying the risk of an insider threat was highlighted, the documentary really drove home the need for better security measures, so these incidents can be prevented or halted as they occur and the people responsible can be identified and punished.
For companies without proper security technology, identifying the “rogue insider” is not an easy task. Wikileaks is an excellent example of why traditional perimeter security defenses, such as firewalls and anti-virus software, are no longer sufficient in the “post-perimeter” world. To prevent these types of incidents, organizations should deploy automated technologies that continuously monitor and correlate user activities across various sources (such as network devices, OS logs and applications). This Total Security Intelligence will allow rapid detection of unusual activities such as a large number of sensitive documents being downloaded from a SharePoint server during off-hours or from a remote access location.
To learn more about how Total Security Intelligence can help combat these insider threats and how organizations are using QRadar as the key component for their IT Security, click here.
In a post published earlier this week, I invited you to read the latest article written by Chris Poulin for SecurityWeek. In this article, Chris presented his belief that full breach disclosure and better collaboration among security professionals is key to thwarting today’s cyber threats.
In line with this belief, proposed breach legislation is also attempting to make disclosure and collaboration a center point of the nation’s cyber security strategy. According to an article on CNN’s Security Clearance blog, such legislation would “enable the intelligence community to share classified information with the private sector while at the same time addressing the concerns private companies have with providing information about attacks on their systems to the government.”
This addresses weaknesses outlined in an INSA study published this past summer, in which the authors suggested both private industry and public agencies have a responsibility to defend the country against cyber attack. In this proposed law, not only would businesses be required to share information about attacks with the government, the government would also share intelligence with security-cleared organizations. This would open up communication channels in the cyber-intelligence community immensely, creating the type of collaborative environment Poulin describes in his article.
What do you think? Can collaboration between the federal government and private industry help defend the country from a major cyber attack? Does it seem too idealistic to imagine that these sectors can work together? Share your thoughts below!