Cyber Defense eMagazine December 2019
Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group with Pierluigi Paganini, Yan Ross as International and US Editors-in-Chief and many more hard working amazing contributors!
Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group with Pierluigi Paganini, Yan Ross as International and US Editors-in-Chief and many more hard working amazing contributors!
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
107<br />
It’s Time for A Tough Conversation About Trust<br />
By Gary Golomb, co-founder and chief scientist, Awake Security<br />
The lay reader may think computer and network security is mostly about controlling for malware, rogue<br />
code, exploits, ransomware, nation state attacks, and the like. In reality, computer and network security<br />
are mostly about controlling for trust – whether between software processes, or people in business<br />
processes.<br />
Because adversaries are successful when you trust them, they often masquerade as – and even use –<br />
the services you trust most. This means you can no longer blindly trust many of the things you used to.<br />
For example, employees using personal devices for email, or storing sensitive data on cloud applications<br />
like Google Docs that everyone has access to, may have once seemed like convenient ways to get things<br />
done. But these negligent actions are serious threats that can negatively impact business. These types<br />
of workers may not mean to put organizations at risk, but their lack of awareness or poor security<br />
judgement can still cause major harm.<br />
Negligence aside, the reality is collusive and malicious threats are almost always waiting to strike within<br />
the enterprise. Attackers have evolved to primarily use existing tools and processes, in addition to stolen<br />
credentials, to compromise networks. In most cases, the majority of the usage appears business justified,<br />
allowing an attacker to “hide in plain sight” and “live off the land” without detection. These evolutions have<br />
been very difficult for traditional security technologies to identify and remediate.<br />
The platforms these types of attackers use to deliver exploits, control their victims, and exfiltrate sensitive<br />
data are the very same platforms you probably use every day for business purposes: Gmail, Google