Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

US government hack puts sensitive data at risk of secondary phishing attacks

Matthew Finnegan | June 9, 2015
Hack highlights need for businesses and public sector organisations to upgrade security processes

"Organisations need to be continuously monitoring systems, logs and network traffic to spot abnormal behaviour and have skilled people who can analyse the event to spot successful breaches."

However, Gavin Millard, technical director of Tenable Network Security, commented that businesses and organisations seeking to reassess their security practices in the wake of the US government should not rush in with investment in new tools.

"When huge breaches are disclosed, the knee jerk reaction is often to buy more tools. But the threats faced can be addressed by many organisations just by operationalising the controls they currently have and continuously monitoring the effectiveness of them to ensure they are working optimally," he said.

"Breaches often occur not by some complex and esoteric method, but more through the lack of foundational controls working well to identify weaknesses and addressing them quickly and effectively."

Protecting against cyber attackers if not just the responsibility of security teams, with security experts highlighting the need for a fundamental rethink of security strategies in order to prevent further breaches. This means vastly improving awareness of the threats to staff.

"Security professionals, IT specialists and corporate users need to learn a new language for cyber resilience," said at Axelos.

"Traditional approaches to raising cyber awareness and thus changing behaviours has been 'one size fits all', dominated by messages that simply say 'don't do this or that' or are full of technical jargon. It should hardly come as a surprise that users don't engage.

"Cyber resilience relies on staff understanding not just the basic principles of security, but why those principles are important to their role, and why they play a key role in preventing incidents and attacks."


Previous Page  1  2 

Sign up for Computerworld eNewsletters.