TRP: What kind of evolving tactics should IT professionals be wary of?
WA: Phishing, for example, has not only flourished, but evolved in recent years for businesses of all sizes, and we all know the consequences can lead to a tarnished reputation and loss of business.
A common form of attack now includes using email addresses stolen from specific databases using 'SQL injection' to launch targeted spear-phishing attacks against email users. To mitigate against this, protecting your databases using properly configured web application firewalls (WAFs) is a no-brainer.
General phishing attacks target a wide variety of people, typically flooding thousands of inboxes. However, spear phishing targets specific people or organisations.
Usually, the attacker will research personal information about the individuals in order to make their messages sound more convincing. The availability of personal information via social media has made this process a lot easier for cyber criminals, this stresses the importance that businesses must educate their users to be vigilant at all times, especially in their personal online activities.
TRP: So what's your advice for anyone looking at the current Barclays situation hoping that it never becomes their own professional reality?
WA: There are two basic rules, of equal importance, to adhere to when developing, implementing and managing data strategy:
Rule #1 for protecting your customers: Never lose their identity.
· Ensure clear accountability for protecting individuals' privacy at all times.
Rule #1 for employees: Educate them to not put business related information at risk.
· Continually consider and address privacy concerns.
A comprehensive approach built on these two rules is the only way to stop malware, spyware, viruses, malicious content, and other threats in order to prevent hacking attacks.
The NTP is one of several protocols used within the infrastructure of the internet to keep things running smoothly. Unfortunately though, despite being vital components, most of these protocols were designed and implemented at a time when the prospect of malicious activity was not considered.
Anticipated or not, there will always be new and bigger threats to data to deal with. The best that organisations' can do to protect their data, their customers and their reputations is ensure all best efforts are always being made to protect against them with thorough policy and process. Faith, honour and commitment should be shown to 'The Rules' at all times.
