Cybersecurity News CYBR650 Week 8

We’re not in the last few weeks of this class in Current Trends in Cybersecurity. I learned how to perform a threat analysis using my process model and the threats vulnerabilities I identified in the Harry and Mae's case study. After completing this assignment, I can see how critical thinking is a fundamental requirement for security professionals. I also see the need for IT security professionals to be able to present all vulnerabilities, threats, and risks in the language that will be easily understood by non-technical management. Threat modeling is a great approach to analyze the security of a company’s IT infrastructure, and serves to identify and help to mitigate all associated security risks, prioritizing the top threats that would have the greatest potential impact. This is why threat modeling should be an iterative process for any corporation. The Microsoft STRIDE threat model is a wonderful tool that group threats into categories, allowing security professionals to consider how the different threats in the model can affect application components.

I access Security Week often to get all the latest cyber security news. There’s a great article “Don't Fall Victim to IP Theft and Corporate Espionage” that discusses cyber espionage related to the business world, where corporate espionage targets proprietary information from private entities for commercial advantage, where a variety of techniques are used to gain illegal access to networks. Read more at https://www.securityweek.com/dont-fall-victim-ip-theft-and-corporate-espionage. This is why software companies have to move quickly to identify vulnerabilities and provide patches so espionage threat actors cannot exploit them. Users also have to demonstrate responsibility by not downloading unauthorized (and often malicious) software. Companies like ours regularly review security and access permissions granted to these programs to ensure we are in compliance. We are also very careful that our contractors and vendors are only given access to company networks that are absolutely necessary.

It is a fact that the number of attacks is rapidly increasing, as is the sophistication of these attacks. Last week’s hacking attack on three Mexican banks was centered on real-time payment transfers, which allows banks to transfer money between private accounts across an encrypted network. The hackers are stepping up their game, and should the good guys, when it comes to security. Read more at https://www.databreachtoday.com/hackers-target-3-mexican-banks-real-time-transfers-a-10927. Cyber attacks are more Sophisticated, and with today’s payload of data, the impact is more damaging, disruptive, and mostly than ever before. The data breach last year at Equifax was a wake up call to us that no one is really safe, and that today’s attacks are becoming more dangerous. Foreign nation-state hackers and criminals are using all the latest tools to steal data or set up conditions for conducting destructive attacks against networks in the future. This year, sophisticated cyber attacks continue to be one of the biggest technology concerns, as attackers continue to use tactics like social engineering, malware, and ransomware. Organizations must continue to invest in good, sensible security measures to protect against cyber attacks. The attacks are also becoming more public and more visible, as the impact of successful attacks are more far-reaching and with more potential victims. The problem is that hackers don’t give up; they simply change their method of operation and try other tools and techniques. However, one must bear in mind that the old social engineering technique is still a tried and true method that attackers use as they prey on people's tendencies to manipulate them. Sometimes they’re able to best of us, including IT security professionals. Just a few weeks ago a friend of mine was so afraid that the police was going to knock on his door that he quickly sent $2000.00 to pay a supposed IRS tax fee!