• Latest
  • Trending
#IRISSCON: Understanding the Reality of Cyber Threats to Improve Defenses

#IRISSCON: Understanding the Reality of Cyber Threats to Improve Defenses

November 18, 2021
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Saturday, 28 January, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

#IRISSCON: Understanding the Reality of Cyber Threats to Improve Defenses

by ITECHNEWS
November 18, 2021
in Infosec
0 0
0
#IRISSCON: Understanding the Reality of Cyber Threats to Improve Defenses

Understanding the true nature of cyber-threats is critical in enabling organizations to protect themselves, according to Ciaran Martin, Founding CEO of the National Cyber Security Centre and Professor, University of Oxford. 

During a session at IRISSCON 2021, Martin said it is important to be more realistic about the true threat cyber-attacks pose to society. For example, he had recently re-watched the classic movie WarGames, which “set a tone about the catastrophization of cybersecurity in a way that just doesn’t match reality.” In WarGames  a hacker could set off a nuclear war, and Martin commented:  “nothing remotely like this has ever actually happened” in the 38 years since it was released.

YOU MAY ALSO LIKE

Instagram fined €405m over children’s data privacy

5.7bn data entries found exposed on Chinese VPN

In reality, the vast majority of threats are “small scale,” impacting individual organizations. Martin then set out the three main categories of cyber-threats:

1. Getting Robbed

  • Cash theft – this can range from scamming individuals online to large-scale bank heists
  • IP theft
  • Data theft

2. Getting Weakened

  • Espionage – this normally involves nation-states accessing and stealing confidential data about governments and major organizations. A recent example of this is the SolarWinds attack in 2020.
  • Political interference – this encompasses a range of tactics, including hacking to ferment political discourse and leaking data about political figures e.g., Hillary Clinton in the 2016 Presidential election.
  • Prepositioning – this is where threat actors intrude into key systems, ‘implanting’ themselves on a network. Martin said this often occurs during times of peace, ensuring that should tensions escalate between nation-states, there is the capability to undertake espionage activities or launch attacks.

3. Getting Hurt

  • Destructive – this is where cyber-attacks cause physical damage to organizations. This might be reckless and accidental, such as Wannacry in 2017, and deliberate, as seen in the NotPetya attack in 2017.
  • Ransomware – Martin noted the reason ransomware has come to the attention of mainstream media is due to the physical damage these types of attacks have caused recently. For example, the recent disruption to food and fuel supplies in the US.

Board members and decision-makers should use this categorization to understand “where in this matrix is your organization? Is it a data-rich organization? Or is there a piece of IT that is strategically significant in the political system?” according to Martin.

Reducing Harm

Martin believes there is currently not enough recognition of the limitations of law enforcement in respect of cybersecurity. “We need to understand that because it limits what we can do.” This is largely because major cybercrime gangs operate from regions like Russia, China and the Subcontinent, where it is almost impossible to get traditional law enforcement mechanisms to work. Martin added: “For the first time in human history, you’re able to cause large-scale harm to a society without ever setting foot in it.”

Given this reality, the focus needs to be on defense, and Martin outlined four areas of priority:

1. Importance of basics – Martin noted that “every major incident, even the most sophisticated ones, at least part of the story, there’s some element of basic vulnerability.” Therefore, the vast majority of incidents would be prevented by basic steps, like patching and enforcing multi-factor authentication.

2. Resilience – this relates to preparation for incidents and the way systems are built. “We don’t want to be in the position where we have to rely on the heroics of people,” commented Martin. He highlighted the Colonial Pipeline ransomware attack as a key example of lack of preparedness. He pointed out the incident emerged as a result of an attack on the enterprise rather than the pipeline itself, which did not have sufficient isolation measures. “This really shouldn’t be happening – we need to design security into the systems,” he added.

3. Conversations with boards – security professionals need to ensure boards understand the reality of harm from cyber-attacks. This includes providing them with technical insights they so often lack to ensure security basics are followed. For example, “educate them about counter-phishing strategies, about how to interpret the ethical phishing stats,” said Martin.

4. Protect the digital environment – Martin stated: “I strongly believe we shouldn’t be talking about cybersecurity in militaristic terms.” Instead, it should be seen as an environment which everyone needs to live in. Therefore, it requires a clean-up, such as taking more steps to take down maliciously-hosted websites. This is especially pertinent with the growth in areas like IoT, AI and quantum. He added: “Look at the technology that’s coming and clean up the digital environment.”

James Coker Reporter, Infosecurity Magazine

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version