“This is when the cyberwar started”.
We are seeing an explosion of internet attacks. Organisations of all sectors – be it tech, non-tech, commercial, non-profit or whatever.
If you are on the internet, you are being attacked. If you can’t prove that they are not successful, chances are they might be. Checking your logs and IDS will show you that probes are hitting your perimeter all the time. This is not news, and has been going on a while. The difference now is a) the frequency of the attacks and b) the persistence and quality of the attacker. To coin a phrase, this ain’t your Mom’s Nmap scan.
It appears that the MoD are waking up to this as well, and are busily recruiting.
“The law of armed conflict, we believe, does apply to cyber-space,”
Foreign and Commonwealth Office cyber-policy director Tim Dowse told
the EastWest Institute Cyber Security Summit in London on
You need to rethink. Quickly. There are a lot of consultants out there that will promise you that a good information security management system (ISMS) is all you need. Ask them the following polite questions:
- If an ISMS guarantees security, why is it that companies who have implemented one are getting breached?
- Just supposing that my central mail server is breached right now, how will the ISMS detect it? How will it help in
Governance is important, and ISO27000 if implemented properly across the enterprise will assist you in finding the things you need to fix. But its not the whole picture.
And in other news, I can make a shrewd guess (from looking at our SIEM dashboard) what the next big company to get publically pwned will be.