The importance of implementing security controls
- Feb 20, 2013
- Michelangelo Sidagni
Cyber Security was all over the news recently.
The latter are indeed big allegations. I am not going to speculate on the merit and on the veracity of the report claiming that a Chinese-government related group continuously hacked American and foreign corporations from a building in the outskirts of Shanghai.
The interesting things about this report is that it exposes the huge gravity of the problem but it does not admit if the news release was: a) cleared with the US Government b) Confirmed with US government intelligence sources.
For sure tomorrow the US government would have to deal with a huge diplomacy hot potato and taking a stance on these allegations.
But this is not the scariest part. In all these forensic reports, security incidents, hacking episodes and dramas nobody reminded the victims that it would be wise to brace up for the worse kicking up a notch their security controls. In other words, everybody is complaining and crying wolf but nobody is doing “mea culpa” for these incidents.
If you read most forensic reports nowadays most of the intrusions happen through a combination of “spear-phishing / social engineering” attacks and technical exploits. I can only remember few years ago in the penetration testing profession when performing a pen test through a phishing email was considered “cheating”.
Nobody talked about the following points, so I do.
I wonder why the media do not mention those security controls as a countermeasure to prevent catastrophic attacks.
I guess they are not so glamorous and sexy as the latest “dark-art” Chinese hacker.
To learn more about implementing security controls, please see and download our Whitepaper: SANS 20 Critical Security Controls.