Author Archives: Lior Div

Cyber crime has been commercialized. Infecting computers with ransomware or using an advanced persistent threat to pilfer intellectual property no longer requires deep technical knowledge. Just use Google to learn how to access the Dark Web, and you can find hackers who, for a price, are more than happy to write malware, create highly effective spear phishing campaigns and develop bogus websites for harvesting login credentials.

+ Also on Network World: DDoS-for-hire services thrive despite closure of major marketplace +

Major companies (think Fortune 500 organizations) understand that cyber crime as a service has changed how they handle defense. But for organizations still maturing their defensive measures, here’s what the transformation of cyber crime into an industry means for how you approach information security.  

To read this article in full or to leave a comment, please click here

The recent document leak detailing CIA spying campaigns and hacking techniques has fostered conversations and news stories on how to balance intelligence gathering with privacy, as well as discussions on the agency’s extensive spying capabilities. What hasn’t been discussed as much is what enterprises (and governments in one case) can learn from the WikiLeaks Vault 7 leak.

To me, three key takeaways are that leaks can happen to any organization, figuring out what entity carried out an attack is difficult to do, and we’re in an era when nation-state weapons end up in the hands of criminals. Collectively, these development make practicing information security more complex than ever. Now, let’s explore each one in more detail.

To read this article in full or to leave a comment, please click here

Information security is forever weaved into our daily lives. From the massive data breaches impacting Target, Yahoo and Anthem to IoT-powered DDoS attacks that take down substantial portions of the internet for extended periods of time, information security impacts everyone.

The reality is providing protection in this kind of environment is so challenging that no single entity, whether it’s a company or a government agency, can accomplish this task alone. There needs to be some kind of cooperation between the private and public sectors. This leads to the questions of what kind of relationship should the government and companies have, how can they work together and what’s preventing this process from happening?

To read this article in full or to leave a comment, please click here

Keeping companies safe from attackers is no longer just a technical issue of having the right defensive technologies in place. To me, this is practicing IT security, which is still needed but doesn’t address what happens after the attackers infiltrate your organization (and they will, despite your best efforts to keep them out).

I’m trying to draw attention to this topic to get security teams, businesses executives and corporate boards to realize that IT security will not help them once attackers infiltrate a target. Once this happens, cybersecurity is required.  

+ Also on Network World: Recruiting and retaining cybersecurity talent +

In cybersecurity, the defenders acknowledge that highly motivated and creative adversaries are launching sophisticated attacks. There’s also the realization that when software is used as a weapon, building a stronger or taller wall may not necessarily keep out the bad guys. To them, more defensive measures provide them with additional opportunities to find weak spots and gain access to a network.

To read this article in full or to leave a comment, please click here

Cybersecurity needs to be a top priority for the administration of Donald Trump. The first task should be shoring up government IT systems. As recent attacks have shown, adversaries aren’t afraid to go after political organizations. There’s no reason to suspect they won’t continue to target political entities such as the Democratic National Committee or step up attacks on government agencies.

Emphasize that information security applies to all agencies

Ideally, a cabinet meeting for all new secretaries should be held within three months of the inauguration to underscore that information security is essential for all agencies to complete their missions. Even secretaries whose agencies are not typically associated with either information security or IT need to be included.

To read this article in full or to leave a comment, please click here

When a criminal robs a store, the police visit the scene, conduct an investigation and try to bring the perpetrator to justice. What happens when a criminal breaches that same store’s server and makes off with its customer’s credit-card numbers? I’d argue that the response to the physical crime would be much greater and effective than how the cyber crime would be handled, although cyber attacks have the potential to cause more damage than robberies.

Blame cyber criminals, not nation-states, for attacks

While nation-states are typically blamed for breaches, the culprits are usually cyber criminals who are using nation-state techniques and procedures. Companies likely claim infiltration by nation-state attackers because it provides them with some cover from lawsuits and preserves business deals and partnerships. (Yahoo is using this tactic with little success.) The reasoning could look like this: how could our organization protect itself from attackers who have the support and resources of a major government? We’re simply outgunned.

To read this article in full or to leave a comment, please click here

Our increasingly connected world gives hackers even more ways to exploit technology for malicious purposes. We’re now entering a period when cyber attacks could cause major physical damage. To protect people from these combined cyber and physical threats, information security experts and law enforcement, which traditionally handles physical security, will have to share strategies.

+ Also on Network World: The IoT is uranium +

After all, the boundaries between cyber and physical attacks are already blurring. In March, the U.S. Department of Justice claimed seven Iranians hacked the control systems of a small dam in New York state in 2013. The dam was offline for repair, preventing the hackers from controlling the flow of water. However, the incident demonstrated that hackers could take over infrastructure that was controlled by computers.

To read this article in full or to leave a comment, please click here

Enterprises are fighting a cyber war against very sophisticated and highly organized adversaries. Yet companies still approach cybersecurity with a strictly defensive mindset. They operate under the belief that having the best defense will keep them safe from advanced adversaries. But attackers know how to break any defense, guaranteeing they’ll eventually infiltrate a company.

Organizations need to approach security by thinking about how they can stop offense. How is this different from having a strong defense? When you’re stopping offense, you don’t stand on the sidelines waiting for an attacker to breach your network, hoping that the security measures you have in place will be enough to stop them.

To read this article in full or to leave a comment, please click here