Dont Forget Basic Security Measures, Experts Say

Some security leaders argue there is little point in worrying about emerging threats when businesses cant defend against todays attacks.

INTEROP ITX - Las Vegas - New technologies like machine learning, artificial intelligence, and IoT will drive the scale and complexity of cyberattacks. Businesses have every reason to be concerned as the threat landscape continues to grow.
But does it make sense to stress over advanced threats when organizations cant defend against the attacks they currently face?
A lot of the security threats we face day to day are not fancy, sexy, technologically new stuff, says Anthony Aragues, vice president of product management for Anomali. If these issues were written down, they would be perceived as obvious, but they remain problems.
Were reminding people -- hey, taking the right steps is important, says Diana Kelley, global executive security advisor for IBM Security. Threat actors are a lot more motivated than they were 15- to 20 years ago.
Todays users are so dependent on software and connectivity that security disruptions will become increasingly palpable going forward, Kelley says. If an operating system is vulnerable, any business in any industry can be at risk. Hackers dont need to discriminate.
Many organizations, especially small- to midsized businesses, dont really plan their security architecture. In her Interop ITX Cybersecurity Crash Course presentation Securing Your Enterprise Infrastructure, Dawn-Marie Hutchinson, executive director for the Office of the CISO at Optiv, posed a question to a room packed with IT pros: Who here has a security strategy?
Silence. Maybe one hand.
Every organization right now needs help, she said, noting how attacks are getting easier and cheaper to launch, and more complex to face. We have more information than weve ever had before, about whats coming after us and how, yet most organizations have immature security strategies.
Attitude is at the root of many security issues organizations face today, Anomalis Aragues explains. Its common for businesses to push security issues to one part of the organization and forget about them. The business often sees security costs as overhead that dont bring value.
The overall trend that bugs me about security is companies expect it to be handled by the security department, he continues. Were going to have a problem as long as thats the case.
Last weeks WannaCry ransomware attack is a prime example of how businesses arent putting basic security measures in place. They need to be running only updated operating systems - not older, no longer supported ones like Windows XP - and shut off unnecessary system processes.
We can blame the Shadow Brokers for leaking NSA vulnerabilities, but theres still the issue of people running old operating systems and leaving open services they dont need to have turned on, he continues.
Individuals and businesses are more connected than ever, but they dont have the security awareness to protect themselves. Organizations cant predict the aftershock of a cyberattack when it hits, explains FireEye CEO Kevin Mandia.
The vast majority of companies really dont know what happens when you pop off the grid, he says. In his Interop
keynote
, he emphasized how security hygiene is lacking if a server message block (SMB) exploit can infect more than 200,000 machines, as it did in WannaCry.
Will the latest massive, global cyberattack be a wake-up call? It depends.
The companies who will take action following WannaCry will be those who already have a plan, says Aragues. If they had a strategy in mind and only needed a budget, for example, they can now make some real progress. Those who werent thinking about security before WannaCry will be playing catch-up and fall behind in all they want to accomplish.
Hutchinson urged tech leaders to build stronger relationships with their business teams. You cant create a business-aligned security strategy with lack of expertise and immature programs, she said.
The way we used to do things doesnt work anymore, Hutchinson explained. Think outside the box. The most effective moves arent always the most natural or comfortable.
Organizations should create three lines of defense in their fight against current cyberattacks and new threats on the horizon. She suggested the following:
Build a highly trained team:
Fight for budgets to attend security-focused events, where your team can learn news and information about threat intelligence.
Information risk office and steering team:
This division defines and enforces security policies, manages information risk, and oversees industry and regulatory requirements.
Internal and external audit team:
To ensure all policies and procedures are effective from inside and outside the organization.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Dont Forget Basic Security Measures, Experts Say