As I talk to organizations in the AT&T Executive Briefing Center and learn more about the different types of business and enterprise security goals, one of the resonating themes across different industry verticals today is Digital Trust. The goal is to build trust in the system between the consumers of your services and the enterprise. To achieve this goal, it is about going to the foundational aspects of information protection.
A common discussion in the security industry is how to improve the effectiveness of detection and prevention systems. You can find tons of documentation and books about: The Defender's Dilemma, Blue Team vs Red Team, A Comprehensive Security Approach, among others. However, in any organization, it is very important to move beyond theory and implement specific solutions to detect security attacks and security threats.
Organizations usually focus on cyber threats which are external in origin. These include anti-malware, external firewalls, DDoS attack mitigation, external data loss prevention, and the list goes on. That's great, external cyber attacks are very common so it's vital to protect your networks from unauthorized access and malicious penetration. The internet and unauthorized physical access to your facilities will always be risks and they must be monitored and managed.
When analyzing malware and adversary activity in Windows environments, DLL injection techniques are commonly used, and there are plenty of resources on how to detect these activities. When it comes to Linux, this is less commonly seen in the wild. I recently came across a great blog from TrustedSec that describes a few techniques and tools that can be used to do library injection in Linux.
Watch the full video on our site. If you prefer reading, here’s the full transcript Terry Sweeney - Contributing Editor, Dark Reading Sanjay Ramnath - Associate Vice President, Product Marketing, AT&T Cybersecurity Terry Sweeney: Welcome back to the Dark Reading News Desk. We’re here at the RSA Conference in San Francisco.
Cybercrime is costing UK businesses billions each and every year. Small businesses in particular are under threat, as they often take a more relaxed approach and a ‘not much to steal’ mindset. However, this lack of diligence has caused many companies to close permanently. Let’s ensure yours isn’t one of them. Time to start making the issue a priority! Here are some practical security recommendations for you and your business.
Every week, the AT&T Chief Security Office produces a set of videos with helpful information and news commentary for InfoSec practitioners and researchers. I really enjoy them, and you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq. Watch the video here.
AT&T Cybersecurity had a big presence at Infosecurity Europe 2019 in London, June 4-6. Our theme was unifying security management with people, process and technologies. While the industry is generally moving in the right direction, IT teams still struggle with being overwhelmed on the technology side, not knowing where to begin on the process side, and finding (or being able to afford) people with the right security skill sets.
You can’t fix the flaws you don’t know about – and the clearer your sense of your organization’s overall security posture, the better equipped you are to improve it. Vulnerability assessments are a core requirement for IT security, and conducting them on a regular basis can help you stay one step ahead of the bad guys.
Cybersecurity professionals know what they’re up against. The type, number and severity of cyberattacks grows with time. Hackers display no shortage of cunning and ingenuity in exploiting security vulnerabilities, compromising important data and inflicting damage to both individuals and organizations. Cybersecurity professionals also know that their defenses must evolve along with the attacks, requiring them to display even more ingenuity than hackers when creating security tools.
Healthcare breaches continue to be featured in the news. Hospitals continue to be ideal targets for hacking and other cybersecurity threats. This is evidenced by the increasing number of cyber attacks, including sophisticated ransomware attacks on hospitals. Many hospitals are beefing up their technologies and infrastructure to address the threat of cyber attacks. But they are neglecting a major weak link in data security: the clinicians.
