For would-be attackers, cloud services like Dropbox offer a convenient end-run around the perimeter-based firewalls, intrusion detection systems, web gateways and anti-malware sandboxes commonly used by many enterprises. Employees and contractors regularly bring personal devices into their enterprise networks, while some organizations openly allow cloud services to operate within their managed domains. The convenience and rapid adoption of cloud-based file storage makes it an almost ubiquitous problem for enterprise security.
Breaches happen not because of a single point of failure but because of a series of failures.
The core foundation of cyber security needs to be reinforced from the exposed limitations of legacy controls that have outlived the compliance and signature based paradigm. The new paradigm for Enterprise Risk Management (ERM) is based on real evidence from active behavior recognition, reducing false positives (the fog) through automation that augments human-level IQ, real-time threat intelligence sharing to enrich context, and partnerships that streamline workflow.
Yesterday we learned about yet another massive data breach, this time at Anthem, Inc., the second largest U.S. health insurance provider.
While we don't yet have any specific information on how this data breach occurred, as a cyber security professional, it reminds me of how simple mistakes at small companies can lead to big problems up the supply chain.
Today, standard operating procedure for security organizations dealing with increasing threats is bolting on increasingly sophisticated technologies: anti-virus, router ACL lists, firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), web reputation services, web application firewalls, Security Information Event Management (SIEM), anti-malware gateways, endpoint virtualization, etc.
It’s become a daily occurrence to learn of the latest breach when reading the news each day during your morning coffee. They are so frequent, and the volume of records breached so astronomical, that people are starting to get desensitized. This is both good and bad for information security professionals. On the positive side, there is no longer any issue convincing management that malware, hacking and breaches are serious issues.
One of the nation’s largest financial institutions, J.P. Morgan Chase & Co., is still reeling from a massive cyber-assault which compromised the personal information of millions of their customers.
Cyber-attacks continue to rear their ugly head as a major security threat to American infrastructure. Private- and public-sector entities alike are finding themselves victims of security breaches and data swipes. Hackers can come from anywhere – inside or outside the United States – and their goals can vary. Some are after state or industrial secrets, while others are after that valuable 21st-Century commodity, customer data. Still more hackers simply want to cause chaos, disrupting commerce and peoples’ lives for cheap thrills. But since cyber-attacks are launched against government
Last week, the Senate Select Committee on Intelligence passed legislation intended to help the U.S. Government and American companies thwart cybersecurity attacks, the Cyber Information Sharing Act (CISA). Should this legislation pass Congress and be signed into law, it would be a big step towards tightening our nation’s security online.
Recent reports from Capitol Hill suggest that the Senate is making progress on a bill to address our nation’s pressing cyber security concerns. Intelligence Committee Chair Dianne Feinstein (D-Calif.) and Ranking Member Saxby Chambliss (R-Ga.) have hammered out draft cybersecurity legislation, and are currently circulating it for comment from interested parties on and off the Hill.