Pratum Blog

Every single information security breach investigation performed by our team in 2014 had a malware component. This isn’t to say that the hack was the result of the malware attack. It just means that the security breach was aided in some way by the malware. How in the year 2015 is a statistic like this still possible?

Quite simply, finding mismanagement of the anti-malware tools and a lack of security monitoring is common in security breach investigations. In all cases we investigated in 2014, the anti-malware tools were either not configured properly or not updated on a regular basis. Couple that with the fact that no one was checking to make sure the tools were working properly or looking for malware detections and you see the problem. Folks are betting the farm on a flawed system.

Lots of money is spent on technology each year. However, if you don’t have the right people and process behind the technology, your risk of getting hacked and being the victim of a security breach rises exponentially. People, Process, Technology. There’s a balance to be found. Do you have it?

This article I found at Nextgov.com is a great reminder that the cyber espionage and surveillance that was once reserved for the movies is now a real threat. If you are a corporate executive or IT administrator you should assume you are being watched and tracked. The cyber security rules are different when you are on an international trip. An abundance of caution is needed.

Read this article and think about how it applies to you. Should you use burner phones or “dummy” laptops and tablets? Should you disable wireless LAN capabilities and force only trusted wired connections? Is the government of the country you are visiting hostile to your company, your industry or your home country?

There is a balance between paranoia and preparedness when it comes to cyber security and cyber espionage. Don’t assume the stuff of fiction and movies isn’t in the real world. As Mark Twain said, “Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't”.

Just a reminder to join us for the ISSA chapter meeting on 2/23.  FBI Special Agent Jordan Loyd will be presenting on the state of information security and an update on some breach investigations here in the Midwest.  Visit http://desmoines.issa.org for more info.  Lunch orders must be placed by 8:30am Monday morning.

Register Here:  http://www.eventbrite.com/e/february-2015-meeting-of-the-des-moines-issa-chapter-tickets-15741556419

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.