Cyber Experts on Duty
Take a glance at the most discussed topics of the week.
CTO’s or CISO’s cybersecurity responsibility?
Information Age on July 20, 2018
Cyber attacks increase in regularity and complexity and all organizations from SMEs to global ones need a person who has entire responsibility for security. However, who must be responsible is an unsolved question.
Having mainly technology background, CISOs traditionally controlled risk management, resilience, and recovery. They now must also balance security concerns and help companies harness the most recent technologies to become forward-looking and competitive.
Cybersecurity is usually included in a major facet of a CTOs’ duties, but their responsibilities are too broad and do not allow to concentrate.
Nonetheless, if you want to answer the question concerning CTOs or CISOs, you should outline the perfect types of both titles with regard to the size, maturity, and complexity of the business. Here individual strategy takes place.
41 world’s most skilled hackers
Business Insider on July 22, 2018
The FBI has 41 items on its “Cyber’s Most Wanted” page that is a list of the most dangerous hackers in the world. Their cyber crimes range from state-sponsored espionage and hacking US universities to holding episodes of “Game of Thrones”. The crooks are wanted mostly for identity theft and fraud.
For instance, Mohammad Saeed Ajily is known for making software which supports aerodynamics analysis and design for projectiles and sold the stolen software to Iranian entities, including universities, military, and government entities.
Pentesters always finding your dirty laundry
Dark Reading on July 24, 2018
According to a new report, penetration testers are mostly able to gain complete administrative control of the target network. Software and credentials are two points of security issues that embarked while speaking about the network security. Hackers take advantage of software vulnerabilities and exploit them to obtain control over a critical networked resource. And there is a significant increase in this rate. User credentials are another most reliable point of entry. Testers reported that simple password-guessing game seems to be the most effective technique.
Based on the report, it is prohibited to include a company name or the word “Password” in passwords. It is better that passwords are longer than 10 characters. If an intruder is not detected within the first day, it is likely that they will exist in your network long enough and do serious damage. Defenses are great, but there is a ton of work to do when it comes to securing that internal network.
Singapore security challenges
The Business Times on July 24, 2018
According to a study, Singapore is one of the most technologically developed economies and ranked high in cybersecurity preparedness. Nonetheless, there is a lack of knowledge, and cyber safety is still not included in strategic discussions at the board level.
The challenges must be solved as soon as possible since both financial and reputational costs of cyber attacks to businesses as well as the cost of remediation can mount. In 2017, Singapore companies lost nearly $43 million due to attacks. Finance and HR departments that closely connected with the use of private employee and customer information are most likely to click on suspicious phishing e-mails. The recent SingHealth incident exemplifies the increasing complexity of attacks and emphasizes once again that no one is safe from hackers. Cybersecurity must be woven into the entire organization and requires cybersecurity training to be a continuous process that evolves just as cyber threats do.