Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
 
News

How cyber-criminals are exploiting the World Cup event

Cisco : 01 July, 2014  (Technical Article)
The EMEA Managing Director of Cisco, Graham Welch, explains why everyone should be on their guard when using internet connected devices to follow World Cup progress
How cyber-criminals are exploiting the World Cup event

A certain major sporting event got underway last month with the eyes of the world glued to their televisions, smartphones, tablets and laptops looking for the latest news coming out of Brazil and the fate of their national sides and favourite players.

The cybercriminal gangs know this as well, and you can bet that they will be doing all they possibly can to snag the unwary into doing something that would compromise their internet security.

It is true that we are all getting a little wiser to the threat. Most people are not likely to click on a link in an email to a cuddly kitten site sent by a stranger, but if the email suggests a key player in the national side is set to miss the rest of the tournament and click for an update, we might just do that.

Unfortunately, the truth remains that we as individuals are the weakest link in the battle against cyber criminals. Many people continue to click on links or open attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment.

And we know it only takes one click to for an attacker to establish a foothold in the target’s systems. The 2013 Verizon Data Breach Investigations Report finds that sending just three emails per phishing campaign gives the attacker a 50 percent chance of getting one click. With six emails the success rate goes up to 80 percent and at 10 it is virtually guaranteed.

So with the world watching the news and matches in Brazil this coming few weeks, what chance does the Chief Security Officer in the companies we work for have in protecting the business networks we use day to day? After all we all know that work time or not, employees will be watching for the latest news and analysis of the matches and games taking place. And no matter what corporate policy says, you can be sure most will be using their corporate devices to access that information.

We know that security as a people problem is not going away anytime soon, and the advent of the Internet of Everything is going to make this even more of a problem. Not only will users be able to inadvertently expose their systems to malware from their laptops and tablets, they will also be able to click on links from their smartwatches, cars, etc. It won’t take long once that malware is on their device for it to proliferate across the entire network and any connected devices, simply from a seemingly trusted news link sent from a “friend’s” email address.

In order to address this growing concern, we need to move beyond securing devices and data to addressing the people and process aspects of this problem via education. Organisations must recognize this gap in their security and implement internal programs to ensure users know how to recognize and cease to click on potential malware. They must also understand when and how to inform the organisation of any suspicious occurrences so future attempts can be minimized and/or blocked. Raising awareness and offering simple suggestions such as hovering over a link without clicking to view the intended URL, or not opening attachments you didn’t request, can go a long way in the fight against cyber-attacks.

Even with the best of education, malware will still make its way onto the network. So organisations need security solutions that couple visibility and control to help protect against these inevitable attacks.

After all you can’t protect what you can’t see. So you need comprehensive visibility into the devices, users, applications and systems that connect to your network day in and day out with the right context. Security solutions that have contextual awareness can see and intelligently correlate extensive amounts of event data related to IT environments—applications, users, devices, operating systems, vulnerabilities, services, processes, network behaviours, files and threats. They can also correlate that local data with global intelligence for even greater insights. This correlation provides the context needed to make more informed decisions. To turn those decisions into immediate action and protect your organisation from today’s advanced threats, security solutions must be able to give you control to automatically and flexibly tune and enforce policies across the entire network.

In the same way the attackers are continually learning as they hone their skills to increase the chances of success, we as defenders need to do the same. Education is an essential component of any well-rounded security strategy but it needs to be combined with visibility and control. That way we can all enjoy the football and at the same time help minimize cyber-attacks and protect our networks.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo