| |October 201719CIOReviewBy Iftekhar Hussain, Sr. Cybersecurity and Threat Protection Specialist at Microsoftn an era where Digital transformation is the key to increasing efficiency and being more competitive at the marketplace, there has been a substantial increase in the number of Cyber attacks. E.g. the #WannaCry attack brought down business operations of many corporations around the world. What is even more worrying is the Sophistication of these attacks. While these attacks have evolved w.r.t tools, exploits and vulnerabilities leveraged; the overall techniques don't change that often. The techniques do evolve, but adversaries tend to invest in developing new techniques as it makes business sense to spend their time/money/resources. The opportunity to disrupt attackers will come by understanding their ROI model and driving up their cost of developing and carrying out these attacks significantly.The two concepts that need to be understood in this context are "Threat Prevention" and "Threat Detection" Threat PreventionThreat Prevention offers the best return on investment over time as prevention techniques force the attackers to innovate and come up with something new and sophisticated, which in-turn are a cost implication for the attackers. 99% of security attacks used vulnerabilities which were more than a year old and a security patch was already available, but not implemented. Many attackers reverse engineer software updates, to identify the vulnerability that was fixed so that they can exploit it quickly, before organizations have had a chance to deploy the updates. Updating vs UpgradingEvery new version of the Operating system enables additional security layers to mitigate complex attacks. Therefore, while updating the existing software with patches and security fixes, protects from existing vulnerabilities on that platform, the new classes of attacks requires Upgrades to the latest version of the OS. E.g. Windows 7 was developed almost 10 years ago and therefore cannot help protect against modern cyber threats, most of which didn't even exist at that time. Having said that, Windows has become much more resilient to attacks ­ as an example -the recent WannaCrypt attack failed on windows 10 because of the mitigations built in the platform against such exploitation techniques. ICXO INSIGHTSStay Updated, Stay Protected
< Page 9 | Page 11 >