“Take every risk, drop every fear” — this is potentially good advice for someone facing a mid-life crisis, but for network security professionals, it is a recipe for disaster. Now more than ever, it is important for individuals, companies and institutions to understand what risk is, and isn’t. It’s not only understanding who is behind cyberattacks targeting their business. It’s about understanding the threat surface of the entire organization, across your networks, partners and providers.
Dan Holden, director of Arbor’s Security Engineering and Response Team (ASERT), explores the different kinds of threats that exist and why situational awareness is just as important as the threat protection software and services used today in this video.
There are many different kinds of cybercrime. Some “typical” cybercrime efforts go after personal information, typically for identity theft and credit card data. These are the high-profile data breaches we’ve heard so much about. At the corporate level, these attacks could be trying to extort a company or even drive them out of business. Then there are attacks backed by nation states that involve some type of cyber espionage. The Stuxnet case was probably the most famous where an offensive cyber tool was used. Countries like Iran and North Korea have both allegedly used offensive cyber weapons. Although these things are happening every day and have been increasing over the last six years, the average citizen hasn’t seen them.
The growth of these types of attacks makes situational awareness of risk more important than ever. The security industry extolls threat intelligence, but it is the understanding, not the collection, that is most important. Knowing why a threat might be coming at you or your company and how you may be opening yourself up to this risk is critical. Companies and executives need to assess their risks as threats arise and realize how they may be putting themselves at risk, regardless of where the potential threat is coming from. Some have had to learn this lesson the hard way. You need to look at your situation to see whether you are creating additional risk, perhaps by partnering with another company, setting a particular policy in a public way or even having a company executive talking to the media. Everything your company and your people do might change your risk posture. It is critically important to take measure of that as a key step in managing your risk of potential cyberattacks.
The post Take every risk, drop every fear appeared first on Arbor Insights - Our People, Products and Perspective.