events
TRANSCRIPT
EVENTS
FEATURE/CALENDAR
20Computer Fraud & Security January 2014
...Continued from page 19 laterally and deeper into network file
shares. The malware will conduct reconnaissance and will map out the network infrastructure, identify key assets, and establish a network foot-hold on target servers.
Dynamic defences
Instead of reactive solutions that rely on known vulnerabilities, organisations today should consider dynamic defence systems that can accurately analyse network traffic to counter advanced threats in real-time. Protection must also function across many protocols and throughout the pro-tocol stack, including the network layer, operating systems, applications, browsers and plug-ins. Traditional security tools are not only unable to keep pace with the highly dynamic, multi-vector and multi-stage attacks that have emerged in recent years, but the over-reliance on these woe-fully outdated tools has also left many organisations with a dangerous false-sense of security. This fatal complacency has largely contributed to the dangerous gap in the security defences of many UK enterprises.
“An investment in people with the right skills should be a top priority for IT decision-makers. After all, it is now a case of when rather than if an organisation is targeted”
In addition to much-needed invest-ment in the best possible technologies to combat the threat, education is an equally important part of any efficient cyber-security strategy. Those looking to bolster defences would be wise to com-mit to the education of enterprise teams around the evolving risks, as the weakest link in a company’s security armoury remains the human layer. Indeed, spear-phishing attacks still account for the majority of successful attacks on enter-prises. Education is therefore a crucial step in protecting a business against
the escalating cyber-threat, which has reached crisis point in the UK.
The greatest challenge, aside from identifying and preventing advanced attacks, is often having the right exper-tise on hand to assist in the event of a cyber-incident. An investment in people with the right skills should be a top pri-ority for IT decision-makers. After all, it is now a case of when rather than if an organisation is targeted.
While the acceleration of next-genera-tion cyber-attacks shows no sign of slow-ing, the advice for organisations urgently looking to mitigate the risks to their busi-ness is clear. An investment in best-of-breed technology, as well as the education of the personnel tasked with maintain-ing an organisation’s security posture, is crucial. With the stakes higher than ever, it is vital to ensure that robust layers of protection and a cyber-savvy team are in place, in order to effectively secure an organisation’s most valuable corporate assets and entry points from attack.
About the authorJason Steer joined FireEye in January 2013. In his role as product manager for EMEA, he provides expertise in a sales capacity for prospects, partners and strate-gic business alliances. Steer has more than 13 years of experience in the IT security industry and has worked for companies including Cisco, IronPort Systems, Veracode and Silver Tail Systems. He graduated from Edith Cowan University with a degree in management information systems.
References1. Advanced Threat Report 2H
2012’. FireEye. Accessed Jan 2014. http://www2.fireeye.com/WEB2012ATR2H_advanced-threat-report-2h2012.html.
2. ‘Gartner Says Worldwide Security Software Market Grew 7.9% in 2012’. Gartner, 30 May 2013. Accessed Jan 2014. www.gartner.com/newsroom/id/2500115.
3. ‘Cyber-security in the Trenches’. Ponemon Institute, February 2013.
4–6 February 2014Smart SurveillancePerth, Australiahttp://fp7.ecu-sri.org/
12–15 February 2014NullConGoa, Indiahttp://nullcon.net/website/
24–28 February 2014RSA Conference 2014San Francisco, USwww.rsaconference.com
26–28 February 2014Engineering Secure Software and SystemsMunich, Germanyhttps://distrinet.cs.kuleuven.be/events/essos/2014/
17–21 March 2014TroopersHeidelberg, Germanywww.troopers.de
24–25 March 2014International Conference on Cyber Warfare and Security (ICCWS)West Lafayette, Indiana, USAhttp://academic-conferences.org/iciw/iciw-home.htm
25–28 March 2014Black Hat AsiaSingaporewww.blackhat.com
1–3 April 201413th European Security Conference & ExhibitionThe Hague, Netherlandshttp://bit.ly/18uLlPn
7–9 April 2014InfoSec World Conference & ExpoOrlando, Florida, UShttp://bit.ly/infosecworld