I started this post before the revelation about KRACK and the world wide vulnerability of the WPA2 protocol described in KRACK in Wi-Fi security: Everything you need to know and in articles elsewhere around the 'net. When there is this much attention paid to a tech problem then hopefully a easy fix is right around the corner.
But what about all those companies that get hacked? It seems that hardly a week goes by during which we DON'T hear about some big corporation losing all its customers' personal information to hackers. See, for example, Russian hackers reportedly found using Kaspersky software, Equifax website borked again, this time to redirect to fake Flash update, and get this, Secret files on jets and navy ships stolen in 'extensive and extreme' hack.
Yegads! Not our military secrets too! Apparently so.
Take a gander at this warning from this June 2017 blackhat.com survey: Portrait of an imminent cyberthreat. Intro: Cyber attacks on US enterprises and critical infrastructure are coming soon, according to some of the industry’s most experienced and highly informed security professionals. And in most cases, defenders are not prepared.
The survey reveals a wide range of insights, including:
1. 60% of respondents believe that a successful cyber attack on US critical infrastructure will occur in the next two years. Only 26% are confident that U.S. government and defense forces are equipped and trained to respond appropriately.
2. 69% of IT security professionals believe that state-sponsored hacking from countries such as Russia and China has made US enterprise data less secure.
3. Only 26% of information security pros believe that the new White House administration will have a positive impact on cybersecurity policy, regulation, and law enforcement over the next four years.
4. About two-thirds of respondents think it’s likely that their own organizations will have to respond to a major security breach in the next 12 months. Sixty-nine percent say they don’t have enough staff to meet the threat; 58% believe they don’t have adequate budgets.
5. IT security professionals’ greatest concerns are around phishing and social engineering (50%) and sophisticated attacks targeted directly at their own organizations (45%).
6. The increased use of ransomware remains the most serious new threat faced by cybersecurity professionals, cited by 36% of respondents.
Take a look at number 5 again. "Security professionals’ greatest concerns are around phishing and social engineering (50%)..." Boy! If there's one thing Hillary Clinton, et al, taught us it's that we shouldn't fall for phishing schemes.
10:46 AM 10/17/2017