Cyber Defense eMagazine January Edition for 2022

More documents

Recommendations

Info

The concept of modern penetration testing was dreamed up in the 1960s, and in 1967, more than 15,000 computer security experts, government and business analysts gathered together at the annual Joint Computer Conference to discuss concerns that computer communication lines could be penetrated. Early penetration testing was carried out primarily by the RAND corporation and the government, and most systems immediately failed the tests, confirming the validity of the concerns. Today, penetration testing has evolved to enable ethical hackers to test a system’s vulnerabilities through simulated cyber attacks. A recent survey found that 70% of organizations perform penetration tests as a way to measure their security level and 69% do so to prevent breaches. But these tests are flawed. Simulations using threat signatures are not enough to ensure defenses are adequate, and testing the capabilities of cyber protections in this way is akin to testing a bulletproof vest by firing blanks. The biggest difference between attack simulation and attack emulation is that attack emulation showcases a threat actor’s strengths and weaknesses. In an attack simulation, it is possible to recreate Cyber Defense eMagazine – January 2022 Edition 110 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
the exploitation aspect, but if testers aren’t using the same tools and making the same mistakes that threat actors do, they will be unable to create defenses that detect those same mistakes. Another problem is that current methods dictate the use of customized and refined attacks to test cyber defenses, when in reality, it’s essential to replicate exactly what the system will be responding to in a real-life scenario, utilizing the same tools and the same mistakes that threat actors use during security tests. Those that rely on a machine learning or AI-based solution also have to contend with the possibility of causing the program to learn the wrong behavior during simulated attacks, because the attacks are not based on the latest threat intelligence or indicative of what threat actors are using. Additionally, because attack simulations are not real attacks, they run the risk of not being recognized by security controls as a threat, making it impossible to be sure the controls will work in a real-world scenario. Experts who weighed in on the FBI breach pointed to the possibility that the lack of malicious email attachments was simply due to the hackers finding the vulnerability without a concrete plan to exploit it. Cyber Defense eMagazine – January 2022 Edition 111 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
“Owning Your Identity” Through
Page 3 and 4:
WatchGuard Technologies’ 2022 Pre
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - January 2
Page 9 and 10:
MUST ATTEND REPLAY AVAILABLE ON-DEM
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
But in spite of this threat, consum
Page 41 and 42:
How To Thwart Fraud with Phone Numb
Page 43 and 44:
mutable and dynamic by continually
Page 45 and 46:
Phishing: How To Improve Cybersecur
Page 47 and 48:
organizations gather data all in on
Page 49 and 50:
offers comprehensive firmware prote
Page 51 and 52:
Why Hackers Attack Mobile Devices a
Page 53 and 54:
the network. This is a good indicat
Page 55 and 56:
About the Author Nicole Allen, Mark
Page 57 and 58:
Know your customer As spam and phis
Page 59 and 60: Microsoft Successfully Defended The
Page 61 and 62: However, you can’t rely 100% on t
Page 63 and 64: Why Americans Joined Europe in Not
Page 65 and 66: Have a good backup policy. A good p
Page 67 and 68: Secure Apart from reporting, the af
Page 69 and 70: Taking a hard look at the current s
Page 71 and 72: There are plenty of organizations t
Page 73 and 74: 5. The impact of the talent shortag
Page 75 and 76: The industry is already embracing a
Page 77 and 78: WatchGuard Technologies’ 2022 Pre
Page 79 and 80: Users, especially professionals, ha
Page 81 and 82: What Are DeFi Flash Loans & How to
Page 83 and 84: DeFi hackers can easily exploit fla
Page 85 and 86: 3. Get audited Getting a smart cont
Page 87 and 88: Protecting Critical Infrastructure
Page 89 and 90: • They use penetration tools to g
Page 91 and 92: Three Key Facts About AI-Driven Net
Page 93 and 94: About the Author Eyal Elyashiv is t
Page 95 and 96: Tyler Farrar, CISO, Exabeam “What
Page 97 and 98: Protecting unstructured data will l
Page 99 and 100: change again before they’re done.
Page 101 and 102: Samantha Humphries, head of securit
Page 103 and 104: Due to their successes, adversaries
Page 105 and 106: Paul Farrington, chief product offi
Page 107 and 108: In 2022, it is going to become cruc
Page 109: Our Cyber Defenses Need to Be Battl
Page 113 and 114: 12 Tips for Improving Access Contro
Page 115 and 116: weak passwords. Password management
Page 117 and 118: Four Cybersecurity Predictions Fede
Page 119 and 120: 4. Cyber Funding Gets Granular In F
Page 121 and 122: Of course, these recommendations ar
Page 123 and 124: Cybersecurity Tips to Help Your Org
Page 125 and 126: Organizations can achieve true cybe
Page 127 and 128: quarter. Put simply, any organizati
Page 129 and 130: Cyber Defense eMagazine - January 2
Page 149 and 150: Free Monthly Cyber Defense eMagazin
Page 155 and 156: THE Q1/Q2 GAME CHANGER… CYBERDEFE
show all

Cyber Defense eMagazine January Edition for 2022

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?