decrypting myths
preventative training if
your employer doesn’t
offer it already.
Secure the network. In the
business world, it is imperative
that security teams regularly
ensure network systems are optimally
configured to withstand threats. It is also
critical to note that some applications
Ralf Sydekum, Technical Manager,
F5 Networks
are not built with a ‘security by design’
mindset, occasionally containing detail
about the development team and
organisational processes. Securing
these is a priority. In addition, all domain
and IP registries should be set up with
generic role names and identifiers
instead of individual names.
Sound phishy? It probably is. Spear
phishing has been honed to a fine
art, including the incorporation of
an impressive array of personal and
circumstantial details to crank up the
realism factor. Question everything and try
to establish sender veracity before doing
anything. Canny cybercriminals often use
high-ranking figures within an organisation
to accelerate carefree actions, such as
sending sensitive details via email.
Interrogate email headers. Attackers
frequently send email inquiries to gather
www.intelligentciso.com
|
Issue 08
IP addresses, determine mail server
software and ascertain emails traffic
flow. Do not let this happen. Check all
email headers before opening content
from unknown sources. Test your limits. Businesses should
consider periodically hiring a
penetration tester to unearth the who,
what, where, when and whys of attacker
behaviours. Today’s reconnaissance
and social engineering tests can, and
should, furnish you with invaluable
defensive insights.
Adapt or die. There is no protective
silver bullet. Any claims to the contrary
are lies. Make sure any endpoint
protection tools are behaviour-based
to help ensure lessons are learned
from successful attacks. Ultimately, the
onus is on you to stay educated and
sensible. Demand awareness-raising and Over time, we’ve become too
comfortable sharing valuable
information online and giving hackers
a clear window into our lives. Don’t
let your personal data be the gift that
keeps on giving this holiday season.
Stay smart, stay safe and don’t swallow
the bait. u
79