• Latest
  • Trending
#IRISSCON: Understanding the Reality of Cyber Threats to Improve Defenses

#IRISSCON: Understanding the Reality of Cyber Threats to Improve Defenses

November 18, 2021
Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

May 18, 2022
Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

May 18, 2022
Tesla announces the date for its second AI day

Tesla announces the date for its second AI day

May 18, 2022
AMD and Qualcomm to Optimize FastConnect Connectivity for AMD Ryzen Processors

AMD and Qualcomm to Optimize FastConnect Connectivity for AMD Ryzen Processors

May 18, 2022
Ericsson to Take Part at GSMA’s Mobile 360 Convention in Riyadh

Ericsson to Take Part at GSMA’s Mobile 360 Convention in Riyadh

May 18, 2022
InterSAT and SES renew partnership to accelerate digital inclusion across Africa

InterSAT and SES renew partnership to accelerate digital inclusion across Africa

May 18, 2022
Applications open for Google Black Founders Fund Africa

Applications open for Google Black Founders Fund Africa

May 18, 2022
Hackers nail Zambia’s Central Bank

Hackers nail Zambia’s Central Bank

May 18, 2022
Western Digital UltraStar DC SN650 NVMe SSDs Announced

Western Digital UltraStar DC SN650 NVMe SSDs Announced

May 18, 2022
OWC Announces Envoy Pro mini Pocket-Sized USB-C and USB-A SSD

OWC Announces Envoy Pro mini Pocket-Sized USB-C and USB-A SSD

May 18, 2022
Transcend Grade 112-Layer 3D NAND SSDs With DRAM Cache

Transcend Grade 112-Layer 3D NAND SSDs With DRAM Cache

May 18, 2022
VMware Certification for Pavilion NVMe-oF Flash Array

VMware Certification for Pavilion NVMe-oF Flash Array

May 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Thursday, 19 May, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

#IRISSCON: Understanding the Reality of Cyber Threats to Improve Defenses

by ITECHNEWS
November 18, 2021
in Infosec
0 0
0
#IRISSCON: Understanding the Reality of Cyber Threats to Improve Defenses

Understanding the true nature of cyber-threats is critical in enabling organizations to protect themselves, according to Ciaran Martin, Founding CEO of the National Cyber Security Centre and Professor, University of Oxford. 

During a session at IRISSCON 2021, Martin said it is important to be more realistic about the true threat cyber-attacks pose to society. For example, he had recently re-watched the classic movie WarGames, which “set a tone about the catastrophization of cybersecurity in a way that just doesn’t match reality.” In WarGames  a hacker could set off a nuclear war, and Martin commented:  “nothing remotely like this has ever actually happened” in the 38 years since it was released.

YOU MAY ALSO LIKE

US and EU Move Closer on Cyber in New Trade Pact

Hackers can steal your Tesla Model 3, Y using new Bluetooth attack

In reality, the vast majority of threats are “small scale,” impacting individual organizations. Martin then set out the three main categories of cyber-threats:

1. Getting Robbed

  • Cash theft – this can range from scamming individuals online to large-scale bank heists
  • IP theft
  • Data theft

2. Getting Weakened

  • Espionage – this normally involves nation-states accessing and stealing confidential data about governments and major organizations. A recent example of this is the SolarWinds attack in 2020.
  • Political interference – this encompasses a range of tactics, including hacking to ferment political discourse and leaking data about political figures e.g., Hillary Clinton in the 2016 Presidential election.
  • Prepositioning – this is where threat actors intrude into key systems, ‘implanting’ themselves on a network. Martin said this often occurs during times of peace, ensuring that should tensions escalate between nation-states, there is the capability to undertake espionage activities or launch attacks.

3. Getting Hurt

  • Destructive – this is where cyber-attacks cause physical damage to organizations. This might be reckless and accidental, such as Wannacry in 2017, and deliberate, as seen in the NotPetya attack in 2017.
  • Ransomware – Martin noted the reason ransomware has come to the attention of mainstream media is due to the physical damage these types of attacks have caused recently. For example, the recent disruption to food and fuel supplies in the US.

Board members and decision-makers should use this categorization to understand “where in this matrix is your organization? Is it a data-rich organization? Or is there a piece of IT that is strategically significant in the political system?” according to Martin.

Reducing Harm

Martin believes there is currently not enough recognition of the limitations of law enforcement in respect of cybersecurity. “We need to understand that because it limits what we can do.” This is largely because major cybercrime gangs operate from regions like Russia, China and the Subcontinent, where it is almost impossible to get traditional law enforcement mechanisms to work. Martin added: “For the first time in human history, you’re able to cause large-scale harm to a society without ever setting foot in it.”

Given this reality, the focus needs to be on defense, and Martin outlined four areas of priority:

1. Importance of basics – Martin noted that “every major incident, even the most sophisticated ones, at least part of the story, there’s some element of basic vulnerability.” Therefore, the vast majority of incidents would be prevented by basic steps, like patching and enforcing multi-factor authentication.

2. Resilience – this relates to preparation for incidents and the way systems are built. “We don’t want to be in the position where we have to rely on the heroics of people,” commented Martin. He highlighted the Colonial Pipeline ransomware attack as a key example of lack of preparedness. He pointed out the incident emerged as a result of an attack on the enterprise rather than the pipeline itself, which did not have sufficient isolation measures. “This really shouldn’t be happening – we need to design security into the systems,” he added.

3. Conversations with boards – security professionals need to ensure boards understand the reality of harm from cyber-attacks. This includes providing them with technical insights they so often lack to ensure security basics are followed. For example, “educate them about counter-phishing strategies, about how to interpret the ethical phishing stats,” said Martin.

4. Protect the digital environment – Martin stated: “I strongly believe we shouldn’t be talking about cybersecurity in militaristic terms.” Instead, it should be seen as an environment which everyone needs to live in. Therefore, it requires a clean-up, such as taking more steps to take down maliciously-hosted websites. This is especially pertinent with the growth in areas like IoT, AI and quantum. He added: “Look at the technology that’s coming and clean up the digital environment.”

James Coker Reporter, Infosecurity Magazine

ShareTweetShare

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

May 18, 2022
Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

May 18, 2022
Tesla announces the date for its second AI day

Tesla announces the date for its second AI day

May 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

May 18, 2022
Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

May 18, 2022

Recent News

  • Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU May 18, 2022
  • Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs May 18, 2022
  • Tesla announces the date for its second AI day May 18, 2022
  • AMD and Qualcomm to Optimize FastConnect Connectivity for AMD Ryzen Processors May 18, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version