Category: IT Security

This article argues that organizations need to move beyond focusing purely on the prevention of security incidents, and start to concentrate on what they will do when an incident occurs. IT security "fire drills," supported by executive management should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. This includes recovering evidence, identifying and resolving the root cause of the incident (not just the symptoms), and undertaking a forensic investigation.

 

Read the full article here.

It is that time of the year when every “Expert” / “Consultant” / “Visionary” will have their predictions for 2015. Here are a pick of them for your reading:

 

1) Websense 2015 Security Predictions Report – highlights of which are:

 

a) Healthcare will see a substantial increase of data stealing attack campaigns.
b) Attacks on the Internet of Things will focus on business use cases, not consumer products.
c) Credit card thieves will morph into information dealers.
d) Authentication consolidation on the phone will trigger data-specific exploits, but not for stealing data on the phone.
e) New vulnerabilities will emerge from decades-old source code.
f) Email threats will take on a new level of sophistication and evasiveness.
g) As companies increase access to cloud and social media tools, Command and Control instructions will increasingly be hosted on legitimate sites.
h) There will be the new (or newly revealed) players on the global cyber espionage/cyber war battlefield.

 

2) Trend Micro Security Predictions for 2015 and Beyond – highlights of which are:

 

a) More cybercriminals will turn to darknets and exclusive-access forums to share and sell crimeware.
b) Increased cyber activity will translate to better, bigger, and more successful hacking tools and attempts.
c) Exploit kits will target Android, as mobile vulnerabilities play a bigger role in device infection.
d) Targeted attacks will become as prevalent as cybercrime.
e) New mobile payment methods will introduce new threats.
f) We will see more attempts to exploit vulnerabilities in open source apps.
g) Technological diversity will save IoE/IoT devices from mass attacks but the same won’t be true for the data they process.
h) More severe online banking and other financially motivated threats will surface.

 

3) Kaspersky Security Predictions for 2015 – highlights of which are:

 

a) Cybercriminals Merge with APT Groups, Tactics
b) APT Groups Fragment, Attacks Increase and Diversify
c) New Bugs in Old, Widely Used Code
d) Hackers Target Points of Sale, ATMs
e) The Rise of Apple Malware
f) Targeting Ticketing Machines
g) Pawning Virtual Payment Systems
h) Apple Pay in the Crosshairs
i) Compromising the Internet of Things

 

Let us see how these pan out in the coming year. Here is wishing you all a very Happy, Prosperous and “Secure” 2015.