Page 3 - Cyber Warnings December 2015
P. 3
Will 2016 Be A Year of Better Cyber Security or More Breaches?
Friends,
You might say this is a silly question. I’m guessing most of our readers
are thinking what I’m thinking – that we’ll continue to face exponential
breaches next year. It’s been a trend – so why can’t we turn it around?
Are the cyber hackers and online criminals that much smarter than the
average INFOSEC professional or IT staff? Do they know something we
don’t know? Looking back at 2015, it seems that a common trend in
breaches was lack of proper training so that just about any employee
could be victimized by a spear phishing attack, with the deployment of a Remote Access Trojan
(RAT). In addition, while firewalls are designed to guard the gates, the best cyber criminals are able
to ‘parachute’ their malware in, behind the firewall and easily circumventing even the best anti-virus
protection.
Then, there’s encryption. As we, at CDM, have been proponents of all time, everywhere encryption,
this seems to run counter to the reality of large database breaches such as the OPM.gov and
Anthem breach, to name a few (both totaling, together, over 102,000,000 records with much
medical and personally identifyable information beyond a typical credit card breach of a retailer). In
addition, with the NSA and other international government agencies wanting backdoors into all
TELCO and INFOSEC equipment, especially those that use encryption, there’s a privacy battle
raging, whereby these backdoors end up in security products, not only accessable by governments
but by cyber criminals as recently proven in the case of Cisco, Juniper and Huawai firewalls.
So, we leave 2015, looking back at a year of massive cyber security failure. Is it that difficult to
convince the Board and CEO and CFO that there should be a budget for regular employee
INFOSEC training, especially against spearphishing and other social engineering attacks? Is it that
difficult for one of the top 50 anti-virus vendors to have some kind of genius epiphany and actually
make an AV system that works? It seems, for 2015, in both these cases, just look at
privacyrights.org and virusbtn.com for your answers – too many breaches and too much new
malware beating the AV vendors.
My predictions for 2016 are that we will continue to see exponential growth in zero-day malware,
RATs and breaches. Don’t let your organization be the next victim – stand up for what’s right –
better INTRANET DEFENSES, stronger ENCRYPTION, smarter AV tools, NEXT GEN security
solutions and more consistent EMPLOYEE TRAINING. Do these and your 2016 will be a
productive and profitable year!
To our faithful readers, Enjoy
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, [email protected]
3 Cyber Warnings E-Magazine – December 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
