What We’re Reading this Week
There are numerous options out there for enterprises looking to boost their cyber defenses – from downloadable freeware to seemingly impenetrable premium solutions, the array of options can seem endless. Though useful and important, nothing will keep today’s motivated cyber attackers from getting through. By now, many organizations have accepted this sobering truth, and have shifted their focus from keeping attackers OUT, to finding out what they are doing once they get IN. What motivates them? And how are they going to try to get what they’re after? We’ll examine this, and other topics that caught our attention this week, in today’s news bulletin.
In this InfoWorld article, Roger Grimes writes, “We’d all love a magic bullet to stop hackers.” Truer words have never been spoken, and as a security consultant of more than 25 years we can all believe Grimes when he says one doesn’t exist yet. Despite this, week after week companies hype solutions that claim to be a cure-all for many cybersecurity issues plaguing businesses. One by one, Grimes tackles five of these well-known security defenses that he says just don’t cut it: two-factor authentication, biometrics, heuristics, “super-secure” programs and data analytics. Grimes writes that each of these has value, but don’t comprehensively cover all angles necessary to protect an organization’s most valuable assets. It’s time for a different approach – one that focuses on gathering the intelligence needed to detect, assess and respond to attacks as they’re happening.
In this Washington Technology article, Elizabeth Hight cites McAfee’s 2013 Threat Predictions Report that states “cyber threats have more than kept pace and...this year will [bring] an even more sophisticated assault on businesses, private citizens, and government organizations.” Organizations no longer need to just be prepared for an attack, they need strategies in place to handle attacker behaviors that could cripple systems and corrupt data once inside the network. She opines that the public and private sector are in a unique position to share information and combat this problem.
For our final article for this week’s news bulletin, we would like to highlight an article by Robert Lemos in Dark Reading. Contrary to what many people would like to hope, not everything can immediately return to ‘normal’ once a breach is discovered. For some – particularly those whose information was compromised – their problems are just beginning. According to research conducted by the Javelin Security, Risk & Fraud Group, a victim whose data is stolen in the past year will have a 1-in-4 chance of becoming a fraud victim – that’s up from 1-in-10 chance in 2010. More importantly, the piece calls attention to a very sobering fact – “The bad guys are getting better at using the information obtained from breaches to commit fraud,” said Alphonse R. Pascual, senior analyst in Javelin’s Security, Risk & Fraud Group. “They are getting better at mining the data, and they are getting better at selling it.” As major companies like LinkedIn, eHarmony and Twitter with immense amounts of data continue to experience data breaches, the need for an active cybersecurity defense has never been greater.