Security 101

Previous Blogs:

Here is another monthly cyber breach infographic for cyber attacks reported during January 2015. To see previous infographics see August 2014, September 2014, October 2014, November 2014 and December 2014. The month of January didn’t bring us many new breach notifications, but most of the ones we did learn about involve the compromise of POS (point of sale) systems. Such activity is likely the result of the growing capability of organized crime syndicates to perpetrate these more sophisticated attacks, combined with the ready ability to monetize the results by selling cardholder information to the black market.

The new era of cyber security threats highlights the difference between known and unknown cyber threats. Known threats are considered “old news,” easily identified through signatures by anti-virus and IDS engines, or through domain reputation blacklists. Unknown threats, on the other hand, are attacks for which no signature exists. Several technologies have come to market, and are presented as capable of detecting unknown threats via static and dynamic file analysis, either at the endpoint or in a simulated environment (also known as sandboxing).

The continued and relentless pace of enterprise breach announcements and escalating associated costs clearly convey the the current state of the IT Security industry: beleaguered and squirming in agony. The “bad guy” attackers have the advantage in the current battle, and the IT security operator “good guys” are severely under-equipped for the fight. Largely, this is a result of a confluence of factors:

Below is an Incident Response Plan and the basic steps that you should take when you are preparing for, and responding to a breach on your network. If you would like a downloadable PDF version, just let us know. We can divide incident response to 6 main steps: Preparation: get ready to handle an incident by having a CSIRP ready. Identification: detect the incident. Containment: limit the impact of the incident.

2014 was definitely a year to be remembered when it comes to cyber attacks, but how much do you remember? Take this 2 minute quiz (7 questions) and test your memory. See what sort of cyber security pro you really are and share your result with your friends: