The security landscape has radically changed and evolved over the past 10 years. Hacking has gained the same infamy as the bank heist or spy games. Today, thieves often operate online by utilizing flaws in companies’ data security infrastructure to extract valuable information.
Over the last five years, cloud computing has exploded and companies want to take advantage of the numerous benefits the cloud offers. With that in mind, it is important to understand the risks and implications of not properly apply robust security in the cloud. The top threats are always changing, whether it is a new breed of malware or a novel take on a classic social engineering attack. So far, 2016 has been a groundbreaking year in terms of the magnitude and variety of attacks.
Ransomware, an approach that infiltrates a device or network with the intent of denying the user access to files, plagued the security community across industries. The challenge of retrieving “locked” files has forced organizations from an LA hospital to a municipal police department to pay ransom fees. While paying may seem morally uncomfortable, all too often it is the only financially viable solution. Even the bill for a security consultant to investigate an attack can cost more than the typical ransom.
— Júlio César Melo (@JulioCyberSec) April 10, 2016
Hackers already have the advantage of choosing from hundreds of potential failure points, from application vulnerabilities to human behavior. The current shortage in cybersecurity skills only augments their advantage. IT security salaries have skyrocketed, making it difficult for institutions with traditionally limited IT security budgets like hospitals, police stations, and schools to compete. Relief may come in the form of cloud-based applications, which effectively outsource elements of security for a cost-effective, user-friendly solution.
Targets of opportunity. Understaffed IT staff, difficult user experiences. Not a good combo…. https://t.co/T8ZgdAFrN0
— Randy Marchany (@randymarchany) April 10, 2016
Hacking exposes 55-M voters to identity theft in the Philippines… https://t.co/99bVYthkb2
— Dan Lohrmann (@govcso) April 11, 2016
The Panama Papers data breach left law firm Mossack Fonseca reeling. The mega leak consisted of 2.6 terabytes worth of sensitive documents, almost every single file in Mossack Fonseca’s possession. The hack forces enterprises to question the security of their business partners, especially those with sensitive data like law firms. Whereas law firms may not consider themselves typical hacking targets, cybercriminals and hacktivists alike have their eyes on sensitive client data.
I did a pentest 13 years ago at a major law firm. They said the results were not a problem because nobody targets lawyers. Ha!
— s (@selil) April 11, 2016
In companies with widespread security shortcomings, it can take an effort from the top to turn things around. If the urgency is not there, it may be because business leaders are frequently unversed in the risks of cyber attacks. According to a recent study by Deloitte, board members are not up to speed with current security events and do not know how to prevent future disasters. Lack of technical knowledge is not the only reason. 90% of corporate executives said that they do not understand cybersecurity reports, but 40% do not even believe they are responsible in the event of a breach. This underlines the importance of a CISO to an enterprise security strategy. It is the CISO’s task to educate the board by translating cybersecurity jargon into the needs of the business.
A CISO not knowing how businesses really work is like a mechanic not knowing how to drive
— Justin Somaini (@JustinSomaini) April 12, 2016