Cloud computing – storing data and applications remotely rather than on your own premises – can cut IT costs dramatically and speed up your operations. Despite the rise of “public cloud platforms” offered by Amazon Web Services, Microsoft Azure, Google Cloud, and Oracle, less than 10% of the world’s data is currently stored in the cloud. But is it safe? The biggest risk is giving up control of your data to someone else using different data centers in remote places and what happens in the event of a disaster, also putting your data next to someone else’s. Also the risk that by outsourcing file and data management to a third party, however through encryption, both while the data is in “transit” and while it is “at rest” on cloud servers, the date may be safer than on one’s in-house servers. AWS, the biggest public cloud platform provider with more than a million active customers a month, has more than 1,800 security controls governing its services.
IoT is short for Internet of Things. The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems. IoT is augmented with sensors and actuators, the technology becomes an instance of the more general class of cyber-physical systems, which also encompasses technologies such as smart grids, smart homes, intelligent transportation and smart cities, and pacemakers too! Each thing is uniquely identifiable through its embedded computing system but is able to interoperate within the existing Internet infrastructure. Experts estimate that the IoT will consist of almost 50 billion objects by 2020, And yes we should be concerned!
Criminals develop new types of attack, such that companies make new adjustments to their security to address it, criminals adapt, rinse and repeat, ad infimum. Criminals unleash new types of malware that “sneaks past” antivirus” scanning, because antivirus programs don’t recognize it as malware. Eventually, AV vendors, catch on, create an identifying signature for the new malware, and update their blacklists to block it. It’s a cycle that’s glaringly visible in the way traditional antivirus works. The problem is that it may take 12-48 months, to “patch” malware. Microsoft never fully patched known vulnerabilities in Windows XP, dating back years!
Penetration testing (otherwise known as pen testing) is the process of computer system testing, network device or Web application testing to find vulnerabilities, and answering a simple question: “What could a hacker do to harm my application, or organization, out in the real world?”.
A key factor to reduce the window of exposure to potential attacks, as does proper management of vulnerabilities, primarily within organizations that may become a target of cybercriminals looking to derive some benefit. And, as time never stops, neither should the search for an ideal state of security. Continuous vulnerability assessments are therefore a highly recommended practice.
Red Teaming is a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access. This process is also called “ethical hacking” since its ultimate purpose is to enhance security. Ethical hacking is an “art” in the sense that the “artist” must possess the skills and knowledge of a potential attacker (to imitate an attack) and the resources with which to mitigate the vulnerabilities used by attackers.
“Holistic” is characterized by comprehension of the intimate parts of something interconnected and explicable only by reference to the whole-or in simple terms a company’s entire network, it’s perimeter, BYOD, and internal “insider” potential threats too.
Cyber insurance can’t protect your organization from cybercrime, but, U.S. companies currently purchase some type of cyber insurance, and cyber insurance is necessary to defray the costs for what very well may occur: getting back and paying for operations and continuity plans, plus potential civil litigation, from a cyber breach.
In order for an organization to comply with PCI DSS Requirement 12.6, a formal security awareness program, must be in place. There are many aspects to consider when meeting this requirement to develop or revitalize such a program. The best practices supplement is intended to be a starting point for organizations without a program in place, or as a minimum benchmark for those with existing programs, that require revisions to meet PCI DSS requirements, address the quickly and ever-changing data security threat environment and reinforce the organization’s business culture.
Cybersecurity is viewed as a top concern of 68 percent of C-Suite executives, and 75 percent believe a comprehensive security plan is important, one study found key executives need to be more engaged with cyber security beyond planning for security, and take more active role. 70 percent of –Suite executives think rogue individuals make up the largest threat to their organizations. 80 percent of cyberattacks are driven by highly organized crime rings in which data, tools and expertise are widely shared, a broad set of adversaries concerned the C-Suite including 54 percent who acknowledged crime rings were a concern.
A VPN or Virtual Private Network is a method used to add security and privacy to private and public networks, like Wi-Fi Hotspots and the Internet. VPNs are most often used by corporations to protect sensitive data.