If hackers can compromise a large political party, then they can come to your business data or your personal information. Make no mistake .: everyone is a target for hackers
was brought in last month news of the compromise of systems of US Democratic National Committee (DNC) ans Light. Recently, speculation has it that more than tens of thousands of e-mails "missing" and assumed to be the injury been exfiltrated while. Industry experts have attributed the incident to a state-sponsored cyber attack and in the four corners of the world, speculation and sharp comment rumbles on.
What did we learn from this?
When considering the steps that you have to defend your own systems, it is not helpful to think about , the attacked the DNC or why . The focus should instead be on what actually happened, what sophisticated tools or techniques were used and, above all think about what it means for you . The DNC could an obvious target, but any organization, business, and individual needs will be prepared
As we have seen in the news, every company and every person is at risk . - Retail, Healthcare, Financial Services, Government, games and more. These are just some of the industries that have made big headlines.
Does your current security situation, these Defense-in-depth approach, which is necessary to thwart actors the poor who your business firmly in their crosshairs?
Defense in-depth based on the military believes that the increasingly complex and multifaceted a defense system is, the more difficult it is to defeat an enemy in comparison to a single barrier. Similarly, in the information security context, this model promotes the harmonized use of infrastructure technologies (physical and virtual), architectural patterns (segmentation) and security best practices (zero trust model) to protect the confidentiality, integrity and availability of systems and data, in a company. Unlike traditional point security technologies that can not address the increasing complexity of attacks, defense-in-depth is a multi-layered approach that has the ability to effectively prevent the penetration of the beginning
Make no mistake. Your systems will be attacked. It is not a case of if, or when, but how well you can put off and how fast you can recognize, respond and remediate.
As we have seen with countless other injuries in recent years, finally detected the attacks successfully, and was known the extent of the intrusion. The trick is not the injury when searching for themselves, but to quantify the extent of damage. It is not uncommon for Advance Persistent Threat (APT) attacks dormant, undetected to lie for many months and so you must be ready to respond to the exposure and ultimately, to limit, keep your reputation.
educate As the cornerstone of the defense-in-depth strategy, your employees about the risks of social engineering and spear phishing. Make programs and perform drills regularly. Your people are a human firewall. Many APT attacks are launched by spear phishing attacks, where malware is deployed as a result of someone clicking a seemingly harmless link in an e-mail
According to Symantec Internet Security Threat Report (April 2016) .: Cyber attackers the long game against big companies that play, but all companies of all sizes are vulnerable targeted attacks. , in fact, the number of spear phishing campaigns employees rose 55% in 2015
Small businesses targeting had a 1 in 40 (3 percent) chance to be targeted, a convergence of attacks on fewer organizations indicates. Medium-sized enterprises had a 1 in 6.8 (15 percent chance of attack, while large companies that have a 1 in 2.7 (38 percent had) a chance, a much broader focus of attacks suggesting a higher frequency.
Together with people Check, technology plays a major role in any modern security situation. Make sure you have monitoring systems that can detect intrusions early. be prepared to respond quickly. your network architecture and segment . your physical and virtual systems and equipment, to limit the scope of the attacks
not only on passwords leave your systems to protect -. if the attacker gets the password, it makes it more difficult, poor activity of the ordinary course of business filtering This is where the non-negotiable need two-factor or multi-factor authentication for remote access and should be stored and retrieved from internal devices such as corporate PCs
in the case of for quality intellectual property DNC be considered.
have been more than one attacker involved. Any attack increased in sophistication and the bad guys do not wait in line . Do not be complacent and hat relax once you have dealt with a penetration. Keep looking for anomalies and automatic responses using close off access when anomalies are detected.
The attacks were not on the main databases . It is reported that the communications systems research and server were connected. Also Look over your less obvious systems. Attackers know that they are less generally protected and assemble offer for the discerning malware foot and propagate. No single vendor can defend the wide range of systems that you use in your organization and in the cloud. Ask your provider what to protect them, and to understand how the whole picture fits together.
The attacks were part of a broader pattern . The same types of attacks were reported against the wider political community, including journalists and activists. Understand your own community and look combines an intelligence-sharing partnership. It will help you focus your defense-in-depth efforts.
This time succeeded the attacks. You need to do the best for your organization, but think more broadly. organizations that have a mature defense-in-depth approach and can effectively detect, deter to respond, and to remediate against attacks, make the world a better place. This is true, whatever your political stance.
0 Komentar