Published: 07 May 2015
By Catherine Jamieson
In any relatively new or emerging area of technology, there's always a certain awareness gap on the ground. What we see at the cutting edge of the threat landscape isn't necessarily what your average information security professional might see on a day-to-day basis. As such, the role of a cyber security firm like Osirium is two-fold: on the one hand, protecting our customers from the latest threats via privileged user management tools; but also educating and raising awareness about those threats among IT end users and practitioners.
That's why we're holding four exciting events over the next 30 days including the latest much anticipated instalments of the Risk and Network Threat Forum (RANT). The first of these in Manchester on 20 May will see Osirium technical director, Kev Pearce, lead a lively presentation on “cyber snipers” - and why they may be the biggest threat to your organisation that you don't know about.
Kev's talk - titled Cyber Snipers: Don't Give Them a Clear Shot - will focus on a worrying development in the threat landscape. Where once cyber criminals would spray malware out far and wide hoping that it would infect at least a certain percentage of victims, they are increasingly targeting their attacks on specially chosen organisations. The logic is clear - by putting more effort into reconnaissance and intelligence gathering up front, they'll stand a better chance of success without getting caught. The emphasis is on a covert, precise and laser-focused attack - more like a sniper shot than a volley of machine-gun fire.
Part of this new strategy involves a focus on compromising the accounts of IT administrators - those employees who should be your strongest link but in fact are just as susceptible to a well-crafted and researched spear phishing email as the next person. By getting a member of staff with privileged account access to open a malicious attachment or click on a malicious link, attackers can gain access to even your most restricted databases. What's more, IT accounts will have more attack paths into an organisation as they typically have less restrictive policies applied. Plus, any suspicious behaviour done in their name will arouse less attention. It's a win-win for the black hats.
Organisations are operating under a potentially catastrophic false sense of security if they think that their IT staff are somehow immune from such attacks. Osirium has found at least 60 ways to access administrator passwords and counting. Fail to act now to improve your resilience to these targeted attacks and your firm could be the next to hit the headlines after an embarrassing data breach of customer data or sensitive IP.
Kev will talk around the key areas of risk to organisations and suggest ways to neutralise those cyber snipers, building on his well-received article in a recent edition of SC Magazine. He'll explain why Osirium's portfolio of privileged user management, privileged session management and other tools can help.
For those who are interested, the presentation will take place at the end of the first day of IPExpo in the Cyber Security Theatre - details below.
RANT is a is a unique community of information security professionals who work in end user organisations, so the discussions are always lively and well attended. In fact, we're following our Manchester event up with two RANT sessions at Infosecurity Europe in London on 2nd and 3rd June. And before all of that, there's an RANT BrightTALK webinar to look out for on 12 May on the topic Taking a Data-Centric Approach to Cloud Data Protection.
The format for the evening will be a short talk followed by questions and arguments by our audience. As with all of our events the focus will be on making our members' voices heard so please do get RANTy!
Date & Time: Wednesday 20th May 2015 from 16:30, discussion to start at 17:00.
Venue: Cyber Security Theatre (T5 on the IPEXPO Guide),Manchester Central Convention Complex, Windmill Street, Manchester, M2 3GX
RSVP and more details: Register on Eventbrite
Please keep in mind that as this is a co-located event you MUST be registered with IPEXPO to get access to the venue, registration and attendance is totally FREE if you pre-book.