Why Security Attacks Occur And How You Can Prevent Them

History has much to teach, but above all, it reminds us that the past is inevitable and repeatable if we decide not to learn from our mistakes. Leaving security behind (i.e., risk assessment, control updates, assessment, and configuration management) can start a downward spiral that leaves an organization open to attack, damages, and confidential data loss.

Take a moment to examine some causes of security attacks:

Lack of updates
Outdated inventory
Not informed promptly about exploitable vulnerabilities.
Delayed cleanup allows attacks to occur, which increases downtime and could lead to financial losses.

Why security fails

Presently, any certified security practitioner can describe procedures and policies for strengthening a business and increasing its security position, but why are there still severe failures? For one, falling behind in any area leads to a security breach.

Many of those companies that fortified their security position woke up again with major disruptions and losses for several years along the way in a warning story. New security and administrative staff, combined with growing networks, have begun to lose control.

Also, these companies failed to:

Sustain asset management
Make sure updates are timely.
Perform risk assessment and management.

Everything that helped prevent attacks began to slide backward, opening massive loopholes for future attacks eventually. If your organization is lagging, now is the time to gain back control.

Preventing future attacks

Even the best security systems get attacked in one way or another. It is not that you will prevent all viruses, worms, and attacks, but rather that you will detect, rectify and prevent future attacks. For example, Juniper once found a hack in its source code, exposed during a code review. They quickly fixed the problem. Other manufacturers also began to conduct their own code reviews. Juno's fast response is an example of identifying and correcting an exploit, then reviewing how to improve and prevent it in the future.

Sometimes the exploitation of security is self-induced. In essence, a mistake that the company makes on purpose creates an exploit. In a bid to make it easier to obtain customer service labels, Dell executed a self-signed certificate (eDellRoot) on its laptops in late 2015. The private key to the certificate was compromised, which means a middle-man-style attack was not only possible, but it probably happened. Dell did not detect the mistake; an external programmer figured it out and reported the problem. While Dell should be given kudos for the quick release of instructions on terminating the certificate, it has been publicly criticized for not initially detecting and fixing the issue.

Evaluating your security

Is your company lagging in terms of security? Can you detect and fix new vulnerabilities and exploits? Here are some of the things to focus on that might help you with your assessment:

Are my security knowledge and skills up to date?
Is my asset management up to date?
Is my company pursuing a suitable risk management procedure, including security assessments and change/configuration management?

History reminds us that being proactive with security practices prevents major disruptions and financial losses. Today, with several attacks on our private information and valuable data, isn't it worth taking the time to make sure you're doing your best to prevent the next possible attack?

from Scholars Globe - How To, Science and Tech Tips https://ift.tt/3d22CKM
via IFTTT

CIT Daily

Breaking News

United says it will cut flights this summer as airlines brace for an economic slowdown

Charging accessory deals from UGREEN, ASUS, and Best Buy

Instagram and Facebook are hardly social media apps anymore. Here's the proof.

Scientists may have finally cracked the code on flexible batteries

The company involved in the NYC helicopter crash is shutting down immediately, the FAA says

I've conducted over 100 technical interviews at Amazon. I ask myself 4 questions about every candidate.