[BreachExchange] Time to clean up our cybersecurity streets

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jul 25 18:46:37 EDT 2016


http://www.csoonline.com/article/3096092/security/time-to-clean-up-our-cybersecurity-streets.html

What if I told you that by not protecting your business against
cyber-attacks you were being selfish?

Yes, selfish.

Being a victim of a cyber-attack or fraud isn't just your problem. It's
everyone's problem. Here's why.

Many of the top cyber-security threats spread via compromised computers

Infecting a computer, then using it to spread the infection further isn't a
new strategy - it's exactly how viruses have worked for decades. Today,
compromised systems can have a greater impact than ever before.

Bot-nets are a group of computers that have been compromised and can be
coordinated like a zombie army. They're used to spread their own software,
spam, viruses, ransomware, or perform denial-of-service attacks.

Your system can be part of a bot net, spreading spam or malware and you
never know.

Having your website attacked no longer means hackers simply "crashing it"
or defacing it. More often they're much subtler. Imagine if they put a
virus on it that spread automatically when someone visited. There is now
ransomware that can do exactly that. No download required.

With every victim, cyber-criminals are encouraged to do more

I remember a time when "hacking" was more about status than money. That's
changed.

The incredible "success" of Cryptolocker, which is estimated to have made
more than $30 million in its first 100 days (in 2013) and $325 million
overall led to a massive number of ransomware threats.

Stealing private information through social engineering has become so
common that most of us laugh it off. Did you get a call from Microsoft or
Dell telling you about a security threat on your computer? If people didn't
fall for it, the scammers would stop trying.

CEO fraud is one of the biggest financial threats right now. With more than
$2 billion lost to fraudsters, every company should take notice and put
appropriate controls in place. But most companies haven't yet. Can you
imagine being the CEO who lost $40 million or $50 million? Of course, for
every whale there's hundreds who lost a few thousand. Every penny earned by
these fraudsters means they'll continue trying.

Every time there is another victim, the criminals become more confident and
the market gets larger.

It's time to clean up our community

In many areas, people have gathered together as a community to clean up
their streets, drive the drug dealers out, and make their areas better for
everyone.

It's time for us to do that with our businesses. Close the door on malware,
shut down the bot-nets, laugh in the face of the fraudsters and scammer.
And every time we do this, we reduce their power.

Yes, new attacks appear daily, but if you have a good security program in
place, you're at a much lower risk for being a victim.

Every business, from a sole-proprietor to international conglomerate,
should have a security program in place. How the program is implemented
will vary from business to business but the key elements are always the
same:

 The program needs to be driven from the company's leadership
An understanding of risks and security is integrated into every part of the
business
Everyone in the company receives security awareness training. They're all
part of the solution
Security is a cycle, not a point in time. Your business and its threats are
changing and your security needs to reflect that

As the leader, your first step is to get educated and start having the
right conversations with your team.

It's time to stop being selfish. Your community needs you to take the lead
and secure your business and make hackers' lives more difficult.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160725/597e3b2b/attachment.html>


More information about the BreachExchange mailing list