 "Five Things Every Organisation Should Know About Cyber Attacks: ISACA")
The advanced persistent threat (APT) is waging an all-out attack on enterprises’ intellectual property. Yet most companies continue to try to protect themselves using approaches that are years out of date. That is one of the conclusions in Responding to Targeted Cyberattacks, the new how-to book published by global IT association ISACA and written by professionals at Ernst & Young LLP.
The threat landscape has progressed from unsophisticated “script kiddies” to hackers to insiders to today’s state-sponsored attacks, where enterprises are attacked because of who they are, what they do and the value of their intellectual property (IP).
“There are no universal solutions to prevent being infiltrated,” said James Holley, leader for Ernst & Young LLP’s Information Security Incident Response services and co-author of the book. “If sophisticated and well-funded attackers target a specific environment, they will get in. In this rapidly evolving threat landscape, information security professionals need to adopt the mindset that their network is already compromised or soon will be.”
In a detailed look at an escalating global problem, the authors highlight five things every organisation should know:
1. Advanced threats now target people—people have become your first line of defense.
2. Cyberattacks are a business problem and a people problem, not just a technology problem.
3. User education and awareness are critical to your success.
4. “Prevention” strategies of the past are not enough now – today’s strategy needs to be: “Complicate – Detect – Respond – Educate – Govern.”
5. Four emerging capabilities are needed to implement the new strategy for dealing with cyber attacks:
a. Centralised log aggregation and correlation
b. Ability to conduct forensic analysis across the enterprise
c. Ability to sweep the enterprise for “indicators of compromise
d. Ability to inspect memory to detect malicious code
“This book is in response to a need identified by security, risk and assurance professionals—the people on the front lines of keeping attackers in check and protecting an organisation’s key assets,” said Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, president, FORFA AG and member of ISACA’s Professional Influence and Advocacy Committee. “There are plenty of books on incident management, but very few that offer an actionable roadmap for preparing, containing and mitigating cyber attacks.”
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
