Intelligent CISO Issue 08 | Page 79

decrypting myths preventative training if your employer doesn’t offer it already. Secure the network. In the business world, it is imperative that security teams regularly ensure network systems are optimally configured to withstand threats. It is also critical to note that some applications Ralf Sydekum, Technical Manager, F5 Networks are not built with a ‘security by design’ mindset, occasionally containing detail about the development team and organisational processes. Securing these is a priority. In addition, all domain and IP registries should be set up with generic role names and identifiers instead of individual names. Sound phishy? It probably is. Spear phishing has been honed to a fine art, including the incorporation of an impressive array of personal and circumstantial details to crank up the realism factor. Question everything and try to establish sender veracity before doing anything. Canny cybercriminals often use high-ranking figures within an organisation to accelerate carefree actions, such as sending sensitive details via email. Interrogate email headers. Attackers frequently send email inquiries to gather www.intelligentciso.com | Issue 08 IP addresses, determine mail server software and ascertain emails traffic flow. Do not let this happen. Check all email headers before opening content from unknown sources. Test your limits. Businesses should consider periodically hiring a penetration tester to unearth the who, what, where, when and whys of attacker behaviours. Today’s reconnaissance and social engineering tests can, and should, furnish you with invaluable defensive insights. Adapt or die. There is no protective silver bullet. Any claims to the contrary are lies. Make sure any endpoint protection tools are behaviour-based to help ensure lessons are learned from successful attacks. Ultimately, the onus is on you to stay educated and sensible. Demand awareness-raising and Over time, we’ve become too comfortable sharing valuable information online and giving hackers a clear window into our lives. Don’t let your personal data be the gift that keeps on giving this holiday season. Stay smart, stay safe and don’t swallow the bait. u 79