Page 3 - Cyber Warnings
P. 3
Wrapping Up an Incredible Year of Cyber Attacks what s next?
Friends,
This year, cybercrime has surpassed global drug crime, reaching $600B USD –
that’s six hundred billion dollars, according to Worldbank. Whereas a more
violent form of crime, drug crime, topped just over $500B USD – nearly $100B
USD shy of cybercrime.
So, it’s been proven this year, that cybercrime is very lucrative and with all the
advances in cyber security, it all boils down to human error, poor training, poor
retention of best practices, new easier targets like small to medium size
enterprises (SME’s) and ultimately social engineering 101 seems to win the day. Yes, it’s more sophisticated
by way of SMS messages to infect smartphones, spear phishing email attacks to deploy ransomware and
remote access Trojans (RATs) but no matter how many times you train your company or ask your employees
not to do something it’s as if you told them on Halloween “don’t take candy from strangers” – they are going to
keep doing it. While the value of Security Information Events Management (SIEMs) continues to grow, helping
take millions of events and simplify the reporting, in real-time, it’s still usually too late. By the time the SIEM
tells you ‘we have ransomware’ or ‘we’re infected’, it comes too late, after the damage is done and the data is
encrypted or stolen. In addition, the average SME has not deployed a SIEM, nor would they have the staff to
manage them properly.
As I look forward to making my own cyber security predictions for 2017, which will be our traditional cover story
of the RSA Conference 2017 print edition of Cyber Defense Magazine, we have other writers who have been
itching to share their thoughts about the future, so we have included some in this edition of Cyber Warnings.
Meanwhile, I would like to share my thoughts about what has been wrong in the cyber security industry. So
much time, energy and money has been spent looking at the symptoms and not the diseases. For example,
antivirus will scrub and scan and clean, after you’ve been infected – typically, today’s best anti-virus product
finds about 50-70% of infections, if you are lucky, the rest slip by for up to a year, sometimes even longer (just
look at the Yahoo! breach and the RAT malware that lived on their network for years before discovered and
many other similar stories – Anthem.com, OPM.gov, the Carbanak attack against Russian banks, etc.). SIEMs,
Anti-virus, IDS, IPS, Firewalls all are reactive systems. I think a next generation approach to malware must
replace anti-virus. I believe anti-phishing has become so important it must be required in your InfoSec arsenal
– through tools, training, new techniques to get ahead of the RATs and ransomware.
Look at all the breaches, focusing on the root cause, I would suspect lack of encryption, best practice key
management, no continuous data protection or frequent (tested) backups, typical (last generation) anti-virus
software, poor or no anti-phishing program and infrequent employee training. With that said, in 2017, we
should focus on Breach Prevention, not Breach Reaction or Remediation. This is where the Next Generation of
INFOSEC defenses should be focused. Let’s see what’s in store on the trade show floor at RSA Conference
2017 with these proactive security thoughts in mind, shall we?
To our faithful readers, Enjoy
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, [email protected]
3 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide