Large Corporations in the United States Targeted by Cyberattacks
The New York Times is reporting an increase in the number of cyberattacks targeting large corporations in the United States, with many attacks focused on energy companies. The conventional wisdom is that these attacks are focused on gaining access to confidential information, such as trade secrets, source code, and other kinds of intellectual property.
Things like firewalls, anti-virus software, intrusion detection, and encryption are important, but are not sufficient in a world where attackers are increasingly targeting the person behind the keyboard. A good security awareness program is complimentary to having standard security policies and procedures in place.
One should also keep in mind that while cyberattacks like Stuxnet and zero day exploits have captured a lot of the media’s attention, it’s still the boring things that organizations need to watch out for in day-to-day operations. These include things like phishing and other social engineering attacks, weak or reused or even default passwords, fake friend requests, fake anti-virus, and keeping laptops and smartphones from being lost or stolen.