The cybersecurity skills gap might be one of the best ways for a company to become more cyber secure. Often we look at technological solutions but training and education of workers, of employees, remains one of the most effective tactics. RedSeal CEO Ray Rothrock joins TechRepublic Senior Writer Dan Patterson for a conversation about teaching nuanced cyber defense, business strategy, and teaching leadership how to keep up with the fast shifts in security.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-02-05 11:17:542018-12-17 14:50:31Why Cybersecurity Should Be Taught at Business Schools
At the recent Black Hat USA conference, CIO asked 250 self-identified hackers for their opinion on security solutions. The answers are a good indicator for what works to protect your organization. Of all the technologies out there, the responders identified multi-factor authentication and high-level encryption as the two that are hardest to get past – 38 and 32 percent, respectively – making them the two best tools an organization can use to thwart attackers. The lesson? Your organization should invest in multi-factor authentication and strong encryption for data at rest and data in motion to make the attackers’ job much more difficult.
Another surprising revelation – more than 90 percent of respondents find intrusion prevention systems, firewalls, and anti-virus easy to overcome. This is because attackers use technologies to encode their payload (i.e. disguise their software so it isn’t detected). They also realize that it is much easier to ‘hack’ the weakest link, the human element. Let’s say an attacker shows up and tells the receptionist she has an interview. Then the attacker explains, with an exasperated look on her face, that she didn’t have time to swing by a print shop to print her resume. The attacker then asks the receptionist to print it. As human beings, we feel empathy and we want to help. The receptionist sticks the USB drive into a computer, finds the resume, and prints it – firing off the payload attached to the USB document.
Does this mean that the money and man hours spent on firewalls, intrusion prevention systems, and antivirus is wasted? The answer is no. These technologies help thwart the most basic and greatest number of automated attempts at breaking into your organization. The example I used above is called a social engineering attack. Attackers will put together payloads and either email them out, attach them to resumes and apply for jobs, or physically go to your location and drop USBs on the ground. In fact, 85 percent of those surveyed prefer these types of attacks because of how successful they are. Each of these attacks makes your perimeter security useless. CIOs and ISOs need to harden the internal security of their organization as well. They need to train their employees for these types of attacks, tell them what to look out for, and breed an environment where it is okay and even expected to challenge people.
Understanding your network and the actions that attackers take to compromise your environment will help your organization develop contingency plans. These contingency plans will help your organization maintain a resilient network. You can’t just protect your network and expect that to be enough anymore. The question all leaders in security should be asking is, “what do we do when an attacker gets in and how do we lessen the damage done to our organization?”
That is the beginning of building a resilient network.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Nate L. Cash, Senior Director, Federal Professional Services/ Director of Information Securityhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngNate L. Cash, Senior Director, Federal Professional Services/ Director of Information Security2017-08-18 05:00:182023-01-24 11:22:09Advice from Hackers at Black Hat
In order to provide you with the best experience possible we might sometimes track information about you. Sometimes this may involve writing a cookie. We use this information for things like experience enrichment, analytics and targeting advertising. We recommend allowing these functions to get the most out of your experience.
We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
Other external services
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
