Wednesday, February 18, 2015

Everything seems quiet, but cyber war goes on

"Many organizations are not addressing key issues in the IT security landscape today. The technology to be protected against them does exist. For example, there are solutions to avoid leaks of information from one place to another or to securize 100% of our files, but the reality is that only 1% of corporations worldwide is fully protected." Mario Garcia, CEO of Check Point for Spain and Portugal, said that in the context of current challenges for corporate security at the Cybersecurity Forum 2015.

In such debate, they were pointed out several critical issues of business-focused security and the lack of security awareness in senior leadership. Traditional defenses do not longer work, according to FireEye’s latest study on the state of the art in cybersecurity. They have changed both objectives and attack methods, so the company needs to stay updated.

Yesterday we discussed here about Equation Group, which is a “new” threat allegedly signed by some governmental intelligence agency. In this regard, CIGTR’s collaborator Pablo F. Iglesias reviews this topic in depth, emphasizing how weak both companies and users are against sophisticated attacks like GrayFish ones. GrayFish is a spyware that infects hard drives in a persistent and practically invisible way. On the other hand Fanny, which was the precursor of Stuxnet and Flame, was able to recognize the identity and function of any system within a network, and inform to the decentralized APT control center while moving towards its final target.

The CEO at Check Point also spoke about "how easy it is to infect a cell phone today," which is the reason why "mobility must be integrated throughout a company’s security strategy as a fundamental pillar." 16 million Android handsets were infected in 2014, which means that malware and attacks on mobile devices outweigh desktop ones for the first time in history.

One of cyber crime main goals is to access personal data and steal user credentials. Therefore it should be remarked the vast list of services that suffered security breaches in recent years. Many of them were due to malpractice on the internal management of the system or poor security.

Taking this difficult landscape into consideration, INCIBE emphasizes the problems experienced by professionals on industrial control systems to maintain acceptable security standards. There are a lot of lives at stake.

Risks that went unnoticed for decades show up now to remind us that war is not ended, and you must keep your eyes wide open. 


Post a Comment