The Meltdown and Spectre vulnerabilities in Intel and other CPU’s are most disturbing because these exist beneath the reach of software-based cyber controls to explicitly intervene. To mitigate risks from the Meltdown and Spectre vulnerabilities in Intel and other CPU’s, AppGuard customers need not do anything other than implement operating system patches, as should be done regardless. No unusual actions are necessary to implement these patches with AppGuard.
This week, researchers presented at Black Hat Europe in London information regarding an extremely dangerous new “fileless” attack vector that affects all Windows operating systems. The researchers observed that the attack bypasses many widely used endpoint security tools. AppGuard customers need NOT make any policy adjustments to mitigate risks from such attacks. AppGuard already blocks them.
It is clear that companies and individuals are playing games of catch up from a growing array of cyber adversaries. The following links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2017 and plan to defend our PCs, smartphones, and networks, it is worth taking note to prepare for the potential cybersecurity implications in our changing digital landscape.
These Categories will Help Simplify Endpoint Security Product Evaluation
The terms, names, and jargon cumulatively found reading cybersecurity articles even confuses and befuddles the people that write them. For years, anti-malware vendors and researchers have gained 15 minutes of fame after naming a malware family or variant they discovered and analyzed. Now, there are zillions of them. The omnipresent keyword chaos literally complicates endpoint security.
Long said in movies and TV, it's the bullet that you don’t see that kills you. This was true for Target in 2011 where they missed the alerts their tools generated. This has remained so for many others ever since.
Pick an organization with 1000’s of employees. Look at the IT/Sec-Ops people as they really are. You’ll see cyber alerts fatigue that is driving up employee attrition in a landscape where skills gaps are large and recruiting costs are increasing. Worse, the enemies are still storming the enterprise.
Ransomware is the Clear and Present Danger Now
Probabilities, preparedness, and potential impact mean that Ransomware reigns supreme amongst healthcare provider threats. If you can’t treat patients because you don’t have access to medical equipment, records, billing processes, scheduling, or vital 3rd party services, the impact is immediate, pervasive, urgent, and even life threatening, far worse than HIPAA fines and other typical data breach consequences.
While most people worry that the Equifax data breach will cause a spike in identity theft and other cyber fraud, maybe we should be more concerned if this does NOT happen.
Articles about Equifax and the breach headlined periodicals not just in the trade rags but also in the mainstream. Such coverage surprises no one given the vast number of records that were compromised. But what of the countless breaches not headlined, not fully disclosed, and not discovered at all?
The Equifax breaches and subsequent firing of the CEO, CIO, and CISO are a giant canary in the enterprise world. Their failures are far from unique. Most organizations struggle with the same issues too. But after a breach has occurred, challenges get reported as failures in the periodicals. Caricatures of what did or didn’t happen follow. Bigger issues are overlooked.