by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : August 2014
37 > e Cisco Security Group recently announced a competition worth up to $300,000 for participants who create security proposals for this area. Five Steps to Heightened Security Fortunately, established best practices and the latest security technologies help IT managers address APTs. ese six steps can jump-start security activities. Step 1: Undertake a thorough assessment. Creating an appropriate security strategy and set of policies starts with an internal assessment that identifies the most valuable data and systems within an organization. "Knowing everything about your IT environment is essential," Mitchell says. is basic step will help security managers prioritize investments so the most resources go where they'll achieve the greatest good. A related move is to analyze workflow patterns related to these high-value targets. "Enterprises need to understand what normal activity looks like so they can quickly spot indicators of abnormal activity," Mitchell says. Step 2: Create multilayered defenses. APTs threaten organizations on many levels, demanding a similarly multifaceted defense system. An effective defense should include anti-virus and intrusion detection systems (IDSs) to analyze incoming traffic for known malware signatures, which helps to prevent infection. An additional protection layer should address bots by monitoring data leaving the organization and bound for the Internet. e analysis of specific traffic patterns can identify infected devices that try to connect with command-and-control systems. An IT security administrator who detects whether a bot is trying to leak data can quickly block the traffic. Various tools help monitor internal and external data flows. IT managers can run filtering tools that perform deep-packet inspections of data flowing and advanced security training for end users are now essential components of cybersecurity toolkits. • APTs are comprehensive and targeted, requiring a similarly targeted defense strategy. Scattershot, narrow or reactive approaches to security won't adequately address the onslaught of attacks enterprises face today. Since APTs represent the state of the art in cyberthreats, IT managers should understand what makes them unique. APTs are advanced because proponents are adept at using both established and unique "zero-day" exploits against their targets. But experts point out that tried-and-true tactics remain the most common threats. "Malicious groups have more paths for getting into organizations today, but fundamentally the strategy remains the same --- get people to click a link or download an infected file that sends a vulnerability into the organization to infect its systems," says Eyal Manor, product line manager for Check Point Software Technologies, a vendor of security software and services. orough research by hackers into organizations and individuals makes APTs persistent. In spear-phishing campaigns, attackers spend their days studying their targets, gathering personal information from social media sites and understanding what types of email messages and web destinations resonate with intended victims. is persistence pays off if even one target lets down his or her guard and enables an infection to compromise a network. e threats take on many forms. • Denial of service attacks occur when hackers bombard a targeted website with large volumes of unnecessary requests to make it unavailable to legitimate users. • Bot networks use malware running undetected inside an organization to connect with a hacker command- and-control network and send out valuable information. According to 2013 research by Check Point, 63 percent of approximately 1,000 organizations it studied had at least one bot running on their networks. Most of the enterprises were unintended hosts for multiple bots. • With SQL injections, cybercriminals insert malicious Structured Query Language code into database applications to tamper with sensitive information. SQL injections typically come from compromised resources on websites. Other risks continue to arise. e National Institute of Standards and Technology recently released its "Framework for Improving Critical Infrastructure Cybersecurity," which provides guidance for operators of supervisory control and data acquisition systems that run utilities, such as nuclear power plants. Some security experts also fear that the rise of the Internet of things or machine-to-machine communications may create new security vulnerabilities. CDWG.com | 800.808.4239 Source: Ponemon Institute, 2013 Cost of Data Breach Study: Global Analysis IN 2013, THE AVERAGE NUMBER OF BREACHED RECORDS IN A CYBERSECURITY INCIDENT IN THE UNITED STATES WAS 28,765, AT A COST OF $188 PER RECORD 28,765