Tag Archive for: essay

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

/in


APIs have become a security nightmare for SMBs and enterprises alike.

Hackers don’t discriminate based on the number of employees or the size of the IT budget. The same types of security risks impact businesses, whatever their size.

Related: Using employees as human sensors

Day in and day out, small-to-medium businesses are targeted by cyberattacks. They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. A primary culprit of these attacks is the lack of understanding of application programming interfaces, or APIs.

SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

These types of attacks can allow hackers to steal massive amounts of sensitive data, disrupt operations, and even take down websites. To protect against these attacks, businesses need to implement a wide range of strong API security measures such as authentication, authorization, encryption, and vulnerability scanning. The sheer number of options has a direct impact on the budget.

The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security. Storing authentication credentials for the API is a significant issue. This can be compounded by certain enterprises using the Internet of Things (IoT) that don’t have good security.

Sitbon

Companies are realizing that they have to keep putting out fires on personal devices, leaving them vulnerable to attacks. The other issue with APIs is that once one is compromised, it’s likely that all of your accounts are affected because whoever does gain access will just use your username and password to log in to other sites, apps, etc.

The threat that API security breaches pose to enterprises should not be taken lightly. A breach should always trigger a comprehensive crisis communication plan involving the board, C-suite, and other stakeholders. This communication plan should specify how governing bodies will stay informed should there be a data breach…

Source…

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

/in


When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home.

Related: T-Mobile breach reflects rising mobile device attacks

DevOps Experience

For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going.

Not familiar with Grand Theft Auto? Let’s try Super Mario Bros. then. As Mario makes his way through eight increasingly difficult worlds, each of them is protected by a castle. As Mario reaches the end of each castle, he can defeat Bowser.

This is not unlike the mindset of modern cyber attackers – they’re wreaking havoc and becoming pros at finding ways to get away with it.Living-off-the-land (LotL) attacks are providing a way for adversaries to stay under cover. Attackers use tools and features that are already available in the systems they’re targeting so they look like legitimate users — until they steal your crown jewels.

But you can fight back. There are several methods of active defense that companies can utilize to safeguard their networks, and it’s time for CISOs to start picking. To date, the main goal in mind has been to prevent attackers from breaching your defenses and making their way into the castle, but the reality is this approach is flawed.

Israeli

Attackers will get in, it’s only a matter of time. Traditional network security solutions, such as firewalls, are not effective at detecting and stopping lateral attack movement – and that’s where the real damage is done. Many forms of access control and endpoint protection, such as EDR, are nothing more than a checkpoint that provides unfettered access once defeated – like Mario raising a flag after beating a level.

To take the analogy further, only after defeating Bowser does Mario learn that it wasn’t the real Bowser after all and that “our princess is in another castle.” Rather than just keeping Mario out of the castle entirely – i.e. deploying traditional perimeter defenses – in this scenario, Bowser deployed an advanced threat protection by sending…

Source…

W&M senior pens winning essay about cybersecurity in the age of ‘Internet of Things’ – William & Mary News

/in

W&M senior pens winning essay about cybersecurity in the age of ‘Internet of Things’  William & Mary News

Essay winner: Luke Schwenke ’20, a data science major from Warrenton, Virginia, earned first place in the Intermediaries & Reinsurance Underwriters …

“cyber warfare news” – read more