“Security professionals tend to think about the ‘latest and greatest’ and the next big thing, such as how AI will be the next great tool in security. But hackers are beating defenses with basic tradecraft. It’s usually not anywhere near the level of sophistication one might think. The challenge companies face is getting security in place that is useful and helps people do their jobs, but keeps bad user behavior from being a persistent threat. Also, the cybersecurity talent shortage is becoming a real issue – there is no simple answer except greater reliance on security software.”
Security Complications of the IoT
“The IoT is going to continue to be an issue as threats grow in size and scope. Even as people become more aware of security risks, and developers try to work harder to secure connections, in many cases security isn’t a consideration at all, or it’s only added at the end. When a botnet occurs, such as the Reaper botnet, we have no idea how big it is, or the motivations, or what is already affected. Things like smart toys and the next cool, connected thing are making this scenario more complicated.”
Risk Assessment before Advancements
“You can’t have the conversation of what to prioritize until you’ve completed a risk assessment on gaps and openings from an attack vector standpoint. Rather than going after the new, shiny object, companies should focus on the basics of good enterprise credential hygiene and best practices of access controls.” Read more.