Mandiant have recently published their 2015 M-Trends report which highlights the new attack trends they have identified through their role as security incident first responders over the last year. It is an interesting and informative report which is worth a read, and can be found here (registration is required, I’m afraid!). A couple of key points from the report caught my attention, most notably how attackers are exploiting remote access facilities such as VPNs. […]
It’s that time of year again – Verizon has just released its data breach report looking back over the reported security incidents and confirmed breaches that occurred during 2014. One of the key findings were that more than 92% of security incidents collected by Verizon over the last 10 years matched just nine attack patterns, providing at least a straw of hope to cling on to if you are an information security professional feel overwhelmed by the seemingly innumerable number of security threats out there. Below is the stats-infested list of nine:
Most homes and businesses have physical security controls including strong locks on doors and windows, a security alarm and CCTV that will deter a thief from attempting to break-in, make a robbery attempt fail or subsequent arrest inevitable. In the UK if a criminal is caught committing a robbery the sentence is from 12 months to life depending on the circumstances.
Theft of customer information, personal details and trade secrets are just three of the key areas in which cyber-crime is increasing, and in many cases, the crime will go unnoticed until the information is used to commit a real-world crime. […]
In recent months it has been hard to avoid hearing the latest business buzz phrase of cybersecurity. Unfortunately, despite searches of popular retail sites, fully functional sonic screw drivers, as used by Doctor Who to defeat the cybermen, are not yet available. However, three key weapons that are available for cybersecurity are:
- Information Security: Ensures that Confidentiality, Integrity and Availability are appropriately addressed;
- Application Security: Provides assurance that the systems and applications are not vulnerable; and
- End-User Education: Potentially the most powerful weapon to prevent an attack taking hold and causing damage.