Column

New ways to navigate advanced security threats

Kathleen Richards, features editor
Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Cyberthreats: Know thy enemy."

Download it now to read this article plus other related content.

One month into 2014 and we have already faced landmark data breaches of major U.S. retailer Target Corp. and online search turned media company, Yahoo. The extent of both attacks is further reaching than first (publicly) thought in December. Target admits that it faced a malware attack that exposed the credit and debit card data of 40 million, make that 70 million, no wait, it's 110 million customers. The fallout continues as the public at large gives a collective shrug and considers returning to cash when they shop at the once-beloved retailer.

Kathleen RichardsKathleen Richards

These advanced threats will keep on coming in 2014. "Defending a network has never been harder," says Johannes B. Ullrich, dean of research at the SANS Technology Institute and the Internet Storm Center. Ullrich examines the advanced threat techniques to watch out for this year. High on his list, more watering hole attacks and sophisticated spear phishing, driven by social engineering and automation to produce mass customization of emails as malware lures.

Meanwhile, global scanning services and reputation management techniques are evolving to help security organizations head off advanced threats and heed earlier warning signs. "Because these systems are collecting data from actual Internet traffic, they can serve as better early warning systems when new infections start moving across the globe," writes technology journalist, David Strom, who reports on advanced malware detection techniques this month.

Some consumers are going back to cash; others are using Bitcoin.

Some consumers are going back to cash, others are using Bitcoin. Security veteran Adam Rice dives beneath the surface and explores the underbelly of the deep Web. Facilitated by Tor Networks and Bitcoin (coming soon to an ATM near you), "employee participation in unapproved activities on the deep Web can take many forms," warns Rice.

We also welcome a new column on mobile security authored by Kevin Johnson, founder and CEO of Secure Ideas, to help you evaluate all those gadgets that showed up at work after the holidays.

About the author:
Kathleen Richards is the features editor of Information Security magazine. Follow her on Twitter @RichardsKath.

Send comments on this column to feedback@infosecuritymag.com.

This was first published in February 2014

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: