[BreachExchange] Global Security in an Age of Rising Cyber Threats
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Apr 30 19:52:47 EDT 2018
https://hackernoon.com/global-security-in-an-age-of-rising-
cyber-threats-d3006c2d7e7b
Ransomware is here to stay. With the rise of IoT connected devices that
have deficient security, the fact that every business big and small is
collecting data, and how easy it’s becoming to trick people online, the
next few years are likely to be marked by more cyber security threats.
Data is increasingly becoming vital to the core of business success. More
specifically, this involves the use of cloud services to collect and
analyze data. Larger companies have better security, but it’s been proven
that even major health organizations, tech companies, and governments are
not completely immune from cyber attacks.
Who is Performing Cyber Attacks?
To the likely relief of many, one of the biggest reasons people seem to be
performing cyber attacks is for money. Hackers are stealing data, and
ransoming it back. It’s not exactly good news. It’s costing a lot of money,
but it means that when data is lost to hackers and malware, it’s likely not
beyond recovery. There’s a catch, though: a breach is a breach, and even
when the data is recovered, it has still been compromised. This type of
thing can still ruin a company and destroy the trust their customers place
in them.
Bad actors in the digital security space have realized that the more
important data becomes to the running of a business, the more likely they
are to make money by holding it to ransom. This is one of the big reasons
for the rise in ransomware over the last several months. There certainly
are professional corporate espionage and terrorist operations going on in
this space, but the majority seem to be independent people looking for
money.
This isn’t to say that the attacks are less sophisticated and dangerous.
Unfortunately, individuals and loose organizations have proven to be very
effective at defeating even some of the best security available.
Fighting Back as Cyber Attacks Become the New Normal
Data security is a constant game of chess between the people creating
security and the people trying to defeat it. There are, however, more
pieces involved than the technology. The human element of security is one
of the most exploitable.
Adjusting to the future of IT means approaching security from multiple
angles to protect your business, employees, and clients.
On the technical side, web developers and software engineers need to remain
proactive in order to avoid liability for breaches. Protecting customers
means first making sure that the technology they use is safe. That means
testing and proactive patching to get ahead of vulnerabilities.
In most cases, however, breaches don’t occur due to straight up faulty
coding. It’s the human element that’s easiest to exploit.
The Human Element of Cyber Security
Experts in cyber security, web developers, and businesses themselves need
to become teachers. We are globally connected, and it’s becoming an
increasingly important responsibility for businesses to take accountability
for the data they collect from around the world. Part of that
responsibility includes teaching employees and customers about their own
responsibilities as digital citizens of the world. Companies are
responsible for providing safe technology, yes, but the average consumer
needs to be taught to be responsible for their passwords, to be
knowledgeable about their privacy, to recognize scams and avoid unsafe
networks.
Training people is perhaps the most important and most critical job ahead
of security professionals. Examples of this includes:
Companies need to learn about managing login credentials.
Consumers need to learn to use multiple factor authentication when they log
in to services.
Employees need to learn about phishing scams and internal security risks.
These lessons and more need to be taught on a wide scale to make our
identities and businesses safe online.
In the end there is only so much that technology can do to protect us. The
more it advances, the more vulnerabilities arise, so people need to know
how to manage their own data. As emphasized by the recent senate interview
with Mark Zuckerberg, companies also need to be held to a greater degree of
accountability and data ethics. A high standard of ethics and regulation is
in the best interest of companies around the world to avoid the disastrous
consequences of breaches and mishandled data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180430/5680bb84/attachment.html>
More information about the BreachExchange
mailing list