While dozens of U.S. banks are in the midst of reviewing their information security policies after falling victim to recent successful network intrusions resulting from cyber-attacks, The New York Times, The Wall Street Journal, The Washington Post and even Twitter have joined the ranks of other high-value companies to have been targeted by hackers, most notably from China and Iran. While U.S. officials debate over what new measures, if any, to put in place to protect our economic interests, firms – both public and private \u2013 should consider what they can do to thwart these attacks from re-occurring, or to at least minimize the collective threat they pose to American business. Given the mutual dependency of our economic and military infrastructure on the continuous availability and flow of confidential and high integrity data, one solution to solving the perpetual network probes and vulnerability scanning challenging U.S. companies is to retrain IT workers in the short term until long-term measures are put in place to protect our information infrastructure.<\/p>\n","protected":false},"excerpt":{"rendered":"
While the majority of network breaches are caused by social engineering \u2013 that is, leveraging the end user as an attack vector though which unauthorized access is gained to sensitive computing assets such as communication and database servers \u2013 some other protective measures are available now and should be implemented immediately to effectively curb future exploits that can threaten even the most protected computer enclaves. <\/p>\n
Although social engineering points to a failure at the top of the organization to link information security with corporate strategy (as well as a lack of end user training that could effectuate a first line of defense against would-be attackers), more frequent reviews of corporate strategies needs to be done, with special attention paid to ensuring that the firm\u2019s information security strategies are aligned with business strategies. <\/p>\n
Infected USB drives, for example, sprinkled in corporate parking lots and commuter trains floors is a common attack methodology used by adversaries to gain access to computer networks with miniscule effort, since the workers themselves are culpable of spotting them, picking them up, and inserting them into their computers when they arrive at work. <\/p>\n
Locating IP addresses (the addressing scheme the Internet uses to relay information) of misconfigured devices is a trivial task, since one can simply search online search to learn how to perform \u2018penetration testing\u2019 , and since most laptop and tablet users don\u2019t know how to configure their devices and user accounts properly before plugging into the Internet, it becomes even easier to hack into systems. <\/p>\n
The overall objective here, of course, is to bring about a highly skilled IT workforce that possessed, for example, a thorough understanding of proper incident handling techniques so when breaches do occur, they can quickly be identified, contained, and eradicated, not to mention the payoff that firms acquire when reviewing recent unsuccessful hacking attempts and adjusting the firm\u2019s overall security strategy. <\/p>\n
Furthermore, insight into common attack methods, malware analysis capabilities, network defense-in-depth techniques, and sound information security governance and policy frameworks that can boost the defensive postures of all firms and is also a necessary component of responding to the threats from network-based attacks. <\/p>\n
This fact, coupled with the relatively miniscule amount of proven cyber warriors available today ultimately limits the ability of most firms to simply keep up with the ever-morphing catalog of millions of computer worms and viruses that grow by the thousands each day, hence the call for more certified IT security practitioners.<\/p>\n
To protect against the potential devastation that the nefarious activities by hackers everywhere pose to all of us, it is vital stay in lockstep with the protocols being used by the most sophisticated malware purposefully designed to evade the most cleverly configured intrusion prevention & intrusion detection systems currently used throughout U.S. companies, but we are falling short. <\/p>\n
Link: http:\/\/thehill.com\/blogs\/congress-blog\/homeland-security\/283481-us-must-do-better-in-preparing-professionals-to-help-fight-cyber-attacks<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-969","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=969"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/969\/revisions"}],"predecessor-version":[{"id":3456,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/969\/revisions\/3456"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}