Thursday, April 3, 2014

I like the headline "Lower the ROI of hackers"


Means, make it hard for hackers.

Nothing new, good presentation of ideas (mainly, data security and defence-in-depth)


According to the article:- 

That is the consensus of other experts. “If you make it more difficult and less rewarding for the non-targeted, financially motivated attacker, she or he will likely move on to an easier mark,” said Deena Coffman, CEO of IDT911 Consulting.

Few things that the hackers are after and need to be protected

  • Credit cards remain a valuable asset for enterprises, “and the one that is easiest to sell.”
  • Customer emails, “are the foundation of any business. They are sold and rented on underground forums for a specific amount of money. Often they are sold to multiple cyber-criminals, so the profit, even if small, is constant.”
  • Source code is another asset that prompts mixed opinions. Coffman described its value as, “very high as the attackers now know how to compromise the application in a way that is unlikely to be detected.”
  • Corporate intellectual property (IP), which has, “a very limited set of buyers – the competitors of the company – so when it is targeted it is likely a nation state or a focused effort sponsored by a pre-identified buyer of the data.”
  • Social Security numbers (SSN) can be enormously valuable, “because we are still using them as a means for verifying identity



Few Layers of Protection

Strong encryption
Install patches promptly
focus more on restricting access
(I would also add endpoint protection)



The link below has more information:-

No comments:

Post a Comment