Current Filter: Network>>>>>News>

   

Ken Westin, security analyst at Tripwire, comments, "Although this issue is currently getting a lot of attention in the media, it is a problem that has existed for quite some time. The Russian website making these feeds public is creepy, however it provides the public with visibility into what security researchers and malicious hackers have had access to for years. The silver lining of this is that people will become more aware of default settings of cameras and general security vulnerabilities in these devices." Because of this, vendors are being challenged to force users to apply a suitably strong password before being able to complete installation. This once again makes the point that humans are the security flaw we seem to do little about.

Security specialist at ESET, Mark James adds his voice saying, "One of the biggest problems with international boundaries is that the rules are governed by the country hosting the server. It is and always will be the problem with the internet until changes are made by an organisation with global authority, but the chances of that happening are extremely slim."

Picking up on my point that the human element requires some attention, the Chartered Institute for IT, BCS, is calling on business leaders to ensure that their employees are "cyber security savvy" by making sure that their employees are up to speed with cyber security. They point to research by the Department for Business, Innovation and Skills showing that 31 per cent of the worst security breaches in businesses in the year were caused by inadvertent human error: a further 20 per cent was deliberate misuse of systems by staff.

Albeit at a different level, unveiling her new counter-terrorism bill, Home Secretary Theresa May is leading the charge saying that, "We are engaged in a struggle that will go on for many years" and that the "Time is right for police, security and intelligence agencies to be given more powers to defend the UK." Whether it's a compromised CCTV camera or something much more serious, we must all take some level of responsibility, accepting in turn that it's the small things that make up the whole.

Jon Buttriss, CEO of BCS Learning & Development explains that, "Business leaders cannot disregard cyber security issues or pretend that they don't apply to them. In every organisation… everyone has a role to play in cyber security."

While it is the creation of advanced information technology and the connecting networks that also creates the platform for cyber-crime and more, the organisations that create this technology are heavily involved in research and development and they must be encouraged and rewarded for playing their part. If advantage is to be gained, all of the received wisdom we so comfortably accept needs to be discarded and replaced with something new that reflects the challenge.

One such example would be Privileged Accounts. System, server and network administrators clearly have to be granted system access for configuration and troubleshooting. They do not require contiguous open ended, unmonitored and unregulated access though. CyberArk has recently reported that, "Some of the world's most renowned cyber security forensics teams have pinpointed exploitation of privileged accounts as a signature in targeted attacks."

Udi Mokady, CEO at CyberArk says that, "What the research discovered was the exploitation of privileged accounts occurs in almost every targeted attack, and is the primary reason why attacks are so hard to discover and stop. These accounts empower attackers to access secure networks and databases, destroy breach evidence, avoid detection and establish backdoors that make it nearly impossible to dislodge them from networks. Securing privileged accounts represents the new first line of defence in the ongoing cyber-battle companies are fighting."

Page   1  2