Friday, December 19, 2014

A quick approach to cybersecurity in 2015

The picture you can see attached to this article is commonly used in Internet memes about ironic situations: a college of architecture and planning so badly designed that there is not space for the first letter of the sign? Well, last year ended in a similar way in terms of cybersecurity: a well known retail chain called Target (target) became target of cybercriminals in one of the most famous operations carried out so far.


But Target’s story is still making headlines. The researcher Stephen Cobb has analyzed the 12 months following such assault and extracted some lessons for the future: you must pay attention to internal accounts and networks; you must add good technology, good people and good leadership; you must assume that politicians are not doing enough, and companies themselves either; and it should be clear that smart chips alone are not going to end cybercrime.

Cobb is not the only one who has raised some lessons for the future recently. The expert James McFarlin (@jimmcfarlin) has done the same at Security Week in regard of a topic much closer to the present: What are the implications of the recent #SonyHack for next year? His approach is interesting: "How will the world of cyber threats be in 2015? Will the new year be a continuation, perhaps an escalation, of data breaches such as the ones experimented by Home Depot, JP Morgan and many others in 2014? Or it will be unpredictability, such as the recent attacks to Sony, what will leave cybersecurity in a totally different state in 2015?".

In any case, the smell of easy money will still provoking nightmares in 2015. In a recent report, the specialized firm Sophos warns of an increasing level of threats to the banking sector due to the rise of crimeware-as-a-service. This is adaptable malware from botnets, what leads to a better ‘return of the investment’ for cybercrime than the infection of individual devices. For instance, a researcher has found a hidden Trojan on the comments of the social network Pinterest, which works only on Internet Explorer and it addressed to banking clients in South Korea. So malware creators have learned how to segment their victims for their attacks.

Speaking of social networks and segmentation, at Net Security they also alert us of major risks in 2015. They are five: ransomware; Trojans hidden behind "horrible" videos; scams by working-from-home job offers; more scams coming from Popular searches; and malvertising on social networks. All of them target the weakest link: the user.

However let’s welcome the weekend with a smile. The member of CIGTR’s team Pablo Olmeda (@pabloolmeda) put us on the track of something discovered by Yolanda Amatriaín (@YAmatriain), a amusing video by the Argentine agency Nextperience about the figure of Security Manager, or... in others words, what it would happen if a person was expert in security and social networks. Watch out this answer from its protagonist: "Taking care of social networks... It is not different at all from looking after people: it is about paying attention to everything permanently".

Social networks and security. Also here in the CIGTR. Follow us on our channels. Please, find the links on the sidebar. See you there! Have a nice Friday and a great weekend !

0 comments:

Post a Comment