Looking
back at 2017, there was a rapid onslaught of cyber threats. The SC Magazine
published a good article on some of the top cybersecurity threats of 2017 https://www.scmagazine.com/the-top-cybersecurity-threats-for-2017/article/720097/
which included the exploit called KRACK (Key Reinstallation AttaCKs). KRACK empowered
attackers to access any Wi-Fi device using WPA2 and remotely read and
steal sensitive personal information. What was even more troubling, was the DDoS-for-Hire
Services being offered online, publicly! Tech Republic
published an article on ‘The top 5 cybersecurity threats of 2017’ https://www.techrepublic.com/article/report-the-top-5-cybersecurity-threats-of-2017/
and listed DDoS-for-Hire Services being offered by attackers as a major threat
during 2017.
It is not
very difficult to identify sources of information for threats, vulnerabilities,
updates, and security news; the important thing is to make sure these sources
are credible. Several sources I consider to be credible are:
- https://www.securityweek.com/. This organization provides an all-encompassing set of security news on malware and threats, cybercrime, risk and compliance, and the list goes on. It is a source that I review every week, just so I can stay on top of the latest data breaches and the latest on cybercrime happening around the world. There is a very interesting article on “the other side of terrorism” https://www.securityweek.com/online-other-side-terrorism which details how terrorism groups are using the latest technology to wage war beyond our physical and geographical barriers.
- https://www.ftc.gov/. The purpose of the Federal Trade Commission collaborates with law enforcement partners in the United States and around the world to protect consumers and promote competition. They have a very helpful Tips & Advice section for consumers and businesses, and their News & Events section has the latest information on fighting attackers and cyber threats.
- https://www.fbi.gov/ is probably my favorite place to look for information on threats, vulnerabilities, updates, and the latest security news. The News section on their homepage gives information on their top stories and latest busts, and it brings some idea of comfort, knowing that the government is actively going after attackers. Currently the FBI investigates computer and network intrusions, ransomware, identity theft, etc.: information that is very relevant to companies and consumers.
- https://www.sans.org/ provides some extremely informative white papers on threats, vulnerabilities, and security news. Their reading Room section has a wealth of information that corporations and organizations can use to prepare themselves to combat latest security threats. One of their latest papers, ‘PCAP Next Generation: Is Your Sniffer Up to Snuff?’ https://www.sans.org/reading-room/whitepapers/detection/pcap-generation-sniffer-snuff-38335 has some very useful information.
- https://csrc.nist.gov/ Computer Resource Security Center contains great publications on threats and vulnerabilities. Their Security and Privacy section contains papers on cryptography, privacy, and risk management among others. The Laws and Regulations identify many federal laws that are applicable to the Information technology industry. NIST also has an Information Technology Lab with monthly newsletters on its projects and activities I particularly enjoy reading their News and Updates section. Their latest article “NIST Releases Report on Fog Computing for Internet of Things Devices” https://csrc.nist.gov/News/2018/Fog-Computing-for-Internet-of-Things-Devices discusses fog computing as an alternative to cloud computing. This is a new concept for me, and it describes fog computing as providing a significant reduction in the amount of time it takes to access data locally.
Stay
tuned for more blogs next week!
No comments:
Post a Comment