ViewsBoth of us! Some thoughts…..MODIFY AS YOU SEE FIT!!!!!!
(DAVID)
So, in conclusion, we’ve tried to relay that security management is also risk management. I can speak from experience that my job is now less about architecture and firewalls, and more about data, privacy, compliance, reputation, and risk reduction.
(PATTY)
And to reduce risk, a sound security strategy is an important foundation. And it doesn’t matter the make-up of your school, or whether you are a CIO or CISO, security and risk reduction go hand in hand.
(DAVID)
I agree, no matt what your role, it is in your best interest to speak the security mission, at all levels and in all areas. We’ve provided some areas that you can use to either to add to your program, or to benchmark what you have in place. At the very least, we hope that they have made you think.
(PATTY)
And while focused on security, you’ll also be reducing risk. Stuxnet
Cyber attack on the Iranian nuclear program
Sabotaged centrifuges at a uranium enrichment facility
Attack on German steel mill (ThyssenKrupp)
Control systems disrupted, preventing blast furnace from being shut down
Caused “massive” physical damage
Saudi Aramco
Shamoon malware delivered to computer network
Significantly impacted computer network and infrastructure
Deleted digital contents of computer hard drives, affecting approximately 30,000 computers
Groups like Lizard Squad, the Armada Collective, and the Syrian Electronic Army (SEA) appear to have almost completely ceased all operations. The CyberFacts collected by SurfWatch Labs backs this up, with 2015 being the last time any significant conversation took place among the three groups. Understand the risks your business is facing with relevant, accurate and timely cyber threat intelligence that can be easily integrated with your security environment via the SurfWatch Analytics API. SurfWatch provides you with critical intel on relevant threats, the impact of.
212
From Embeds
Number of Embeds
ActionsDownloads
Comments
Likes
Embeds 0
(DAVID)
So, in conclusion, we’ve tried to relay that security management is also risk management. I can speak from experience that my job is now less about architecture and firewalls, and more about data, privacy, compliance, reputation, and risk reduction.
(PATTY)
And to reduce risk, a sound security strategy is an important foundation. And it doesn’t matter the make-up of your school, or whether you are a CIO or CISO, security and risk reduction go hand in hand.
(DAVID)
I agree, no matt what your role, it is in your best interest to speak the security mission, at all levels and in all areas. We’ve provided some areas that you can use to either to add to your program, or to benchmark what you have in place. At the very least, we hope that they have made you think.
(PATTY)
And while focused on security, you’ll also be reducing risk.
Cyber attack on the Iranian nuclear program
Sabotaged centrifuges at a uranium enrichment facility
Attack on German steel mill (ThyssenKrupp)
Control systems disrupted, preventing blast furnace from being shut down
Caused “massive” physical damage
Saudi Aramco
Shamoon malware delivered to computer network
Significantly impacted computer network and infrastructure
Deleted digital contents of computer hard drives, affecting approximately 30,000 computers
As time passes, it seems that espionage cyber-attacks are getting more frequent every week, at least that's the general feeling if you follow infosec news.
Barely five and a half months have passed in 2016, and the total number of cyber-espionage-linked incidents is up to 300, says security firm SurfWatch Labs, who released statistics about the groups and attacks that managed to get the most media attention this year so far.
The company points out that cyber-espionage operations have been mainly aimed at central government structures, which is no surprise, taking into account that, in the vast majority of cases, previous cyber-attacks against government entities have gone unsanctioned and unpunished.
Hacking groups didn't only target government entities, though. Software companies were the second most attacked category overall, followed by Information Technology businesses, the consumer publishing sector, military and security forces, higher education institutions, and other media entities.
The most discussed cyber-espionage group, according to SurfWatch's data, is Group 27, which is linked to China and was very active at the start of the year.
Arbor Networks issued a report on the group's operations, called Operation Seven Pointed Dagger, in which the company detailed Group 27's malware arsenal, mainly composed of the Trochilus remote access trojan.
Other APT groups that managed to get the media and the public's attention include Scarlet Mimic, Poseidon APT, Firas Dardar, and Operation Pawn Storm. If the names confuse you, then you'll find more information in this APT Groups and Operations cheatsheet, which contains alternative nicknames, along with links to various security reports.
Most discussed espionage-related actors in 2016, so far