Cyber Defense eMagazine December 2019

More documents

Recommendations

Info

109 Hindsight Is 2020: Three Security Visions for The Start of The New Decade By Dan Cole, Director, Product Management, ThreatConnect With the advent of the next decade upon us, predictions for the future are sure to abound. Prophets will prophesy, forecasters will forecast, augurs will augur, and soothsayers will… sooth… say… But we don’t need to be consulting oracles and interpreting bones – it’s a fool’s errand anyway, especially in the world of infosec, which moves at a level of speed and unpredictability not seen in other sectors. Instead, information security leaders should focus on the known, and ready themselves by putting into practice a clear security vision for the near future. As we head into 2020, there are three concrete cybersecurity concerns which should be at the top of every cyber analyst’s mind. The California Consumer Privacy Act (CCPA) While not quite as famous as California Senate Bill 420, the CCPA is far more likely to get your legal bills high. The CCPA is a California bill which will create new consumer rights relating to personal information collected by businesses. The bill takes effect at the exact start of the New Year. Much like California’s
110 former governor, this bill also fights predators. The intentions of the Act are to provide residents with a suite of rights, including the rights to: • Know what personal data is being collected about them. • Know whether their personal data is sold or disclosed and to whom. • Refuse the sale of their personal data. • Access their personal data. • Request a business to delete any personal information collected on them. • Sue companies which collected data that was later stolen or breached. • Protection against discrimination for exercising such privacy rights. Much like GDPR, the CCPA will impact businesses far beyond its immediate geographic borders. Any company which serves California residents and has at least $25 million in annual revenue will need to comply with the law. In addition, companies that have personal data on at least 50,000 people or that collect more than half of their revenues from the sale of personal data will also be required to comply. From an IT perspective, the CCPA will necessitate that security teams work closely with database administrators. Tools for dealing with the issue will need to have full visibility into data stored across a range of the internal corporate environment, while still ensuring that access to such data is properly secured. If the data is stored on the cloud, the problem becomes even more complicated. But hey, your companies will have a whole 30 days to figure that out before it can be fined for violations. And it’s only up to $7,500 per record. So, if you meet the minimum threshold of 50,000 people that’ll only cost around… 375… million… dollars… The 2020 Elections Hoo boy, here’s a big one. Election fraud has been gaining an increasingly acute level of scrutiny, especially following accusations of Russian meddling in 2016. While paper ballots have significant pros over electronic ones, it seems that many electorates are all aboard the electric train, so we need to find ways to prepare to roll with the punches. As Bruce Lee said, “Be water, my friend.” In an act that is unprecedented in U.S. history, seven government agencies have issued a joint statement warning that foreign powers intend to manipulate the 2020 elections. While your SecOps team might not be responsible for protecting voting booths, if your organization is tasked with stewarding any appreciable volume of personally identifiable information, you could still come under attack. Any sort of personal information could be used by malicious actors to target groups or areas that may be crucial in the upcoming election. While this threat may not imply some sort of qualitative break with the past, it means that the threat level we can expect for the next year to be higher, putting an even greater level of pressure and responsibility on cybersecurity teams. SecOps teams should be on the lookout for DDOS attacks , phishing, and malware attacks against infrastructure and networks that may be deemed critical to the elective process. While these are standard threats that cyber analysts have been dealing with for years, their level of sophistication is increasing, and the channels for attack are sure to multiple alongside the spread of 5G and IoT.
Page 1 and 2:
1 8 Most Common Cybersecurity Mista
Page 3 and 4:
2
Page 5 and 6:
4 The Internet Got Safer In 2019: A
Page 7 and 8:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 9 and 10:
8
Page 11 and 12:
10
Page 13 and 14:
12
Page 15 and 16:
14
Page 17 and 18:
16
Page 19 and 20:
18
Page 21 and 22:
20 8 Most Common Cybersecurity Mist
Page 23 and 24:
22 You can prevent (or decrease) th
Page 25 and 26:
24 While it’s not feasible to res
Page 27 and 28:
26 The major difference is the addi
Page 29 and 30:
28 Oh, my! PerCSoft’s Irony By Ch
Page 31 and 32:
30 • Conduct cybersecurity traini
Page 33 and 34:
32 Persistent Cybersecurity Industr
Page 35 and 36:
34 Automation is welcome and seen a
Page 37 and 38:
36 Protecting Against Modern Cybera
Page 39 and 40:
38 Conclusion Unfortunately, no tec
Page 41 and 42:
40 For 2020 The Death of Traditiona
Page 43 and 44:
42 The Next Five Years The End of E
Page 45 and 46:
44 Government Agencies Are Prime Ta
Page 47 and 48:
46 It’s a basic fact of contempor
Page 49 and 50:
48 simpler way to approach these pr
Page 51 and 52:
50 Why Outsmart Cyber Attackers Whe
Page 53 and 54:
52 Depending on how you look at it,
Page 55 and 56:
54 devices. Russian actors can extr
Page 57 and 58:
56 How to Become a Cybersecurity Sl
Page 59 and 60: 58 industry. Perform online searche
Page 61 and 62: 60 The Security Challenges of Robot
Page 63 and 64: 62 The typical approach in providin
Page 65 and 66: 64 The Blockchain And Wireless Tech
Page 67 and 68: 66 systems. As is quite well-known,
Page 69 and 70: 68 Benefits of Having an SSL Certif
Page 71 and 72: 70 Google has made SSL compulsory s
Page 73 and 74: 72 This year, privacy and security
Page 75 and 76: 74 The Perspectives Of The 5th Indu
Page 77 and 78: 76 The balance between offense and
Page 79 and 80: 78 The Rise of Cybercrime-As-A-Serv
Page 81 and 82: 80 About the Author Mark Belgrove i
Page 83 and 84: 82 the conflict. Practically, it’
Page 85 and 86: 84 fact is something that would see
Page 87 and 88: 86 Furthermore, Tessian in 2019 del
Page 89 and 90: 88 Automatic for The SOC People How
Page 91 and 92: 90 Allows Transparency and Drive Le
Page 93 and 94: 92 Only large enterprises can benef
Page 95 and 96: 94 The Growing Costs of Cyber Attac
Page 97 and 98: 96 After suffering a cyber attack m
Page 99 and 100: 98 Some of the most damaging Inside
Page 101 and 102: 100 Out-Smarting the Cybersecurity
Page 103 and 104: 102 Empower Other Teams Network and
Page 105 and 106: 104 New Security Report Highlights
Page 107 and 108: 106 The Threat Lab team also analyz
Page 109: 108 Drive, AWS, Office 365, etc. It
Page 113 and 114: 112 I mean, if you want to be able
Page 115 and 116: 114 Is It Safe to Connect to Public
Page 117 and 118: 116 5. Safe Browsing Additional dil
Page 119 and 120: 118 flawed method in which Evernote
Page 121 and 122: 120 Really, Imagine a Day Without W
Page 123 and 124: 122
Page 125 and 126: 124
Page 127 and 128: 126
Page 129 and 130: 128
Page 131 and 132: 130
Page 133 and 134: 132
Page 135 and 136: 134
Page 137 and 138: 136
Page 139 and 140: 138 Meet Our Publisher: Gary S. Mil
Page 141 and 142: 140 Free Monthly Cyber Defense eMag
Page 143 and 144: 142
Page 145 and 146: 144
Page 147 and 148: 146 Nearly 8 Years in The Making…
Page 149 and 150: 148
Page 151: 150
show all

Cyber Defense eMagazine December 2019

Create successful ePaper yourself

Delete template?

Save as template?