Game-streaming platform Twitch is just reported for over 100g data breach, the market will expect for similar data breach accelerated. For those world top hackers will shift their target toward those less defence victims. As it becomes harder to hack giant companies who are implementing the range of the cyber defence, so shift the target over to those rising platforms, as expected be a logical move for hackers, no at everyone’s surprise.
If you can recall, previous hacked into Sony, leak of yet to release film and other internal server documents and data, make the reputation loss. Obviously the hacker is aiming for something, whether for ransomware by encrypting all data, or threat to disclose data breach data into public in exchange for something.
As world banking and financial institutions continue to heavily invest in cyber defense, and make it harder to hack targets. But the COVID-19 and next normal, we saw a lot of industry and sector moving to cloud, it became one of the new targets that are more likely to exploit, as most likely a lot of cyber defense infrastructure, system, process and people is not ready for the cyber offensive and cyber defensive operations.
Lot of typical industry and sector information security department or unit officers, remain in the very surface for the information security technologies and the most is based on the vendor product automated feature and assume they are fully protected. In particular for those is underrated the important for perform external hacking mindset to look over their existing infrastructure and asset, the possibility for the attack path, try to self exploit with the tool hacker is used, to gain the baseline for the impact and what need to be do to mitigate any vulnerability, exploit and attack threat.
Those are the area, none of the products can be helped, you need to know how everything contributes to your cyber asset and infrastructure protection. It is surprising to find out by everyone, a typical information security officer, their working knowledge is to stop at operating automated vulnerability scanners, and generate the default report. But if you want them to demonstrate how the attack path was taken and what needed to be done, they do not possess the skills and know how. This gap can only be closed by getting your people to attend the manual vulnerability exploit testing and ethical hacking, from developer, security assurance to operations officers, to make sure they are knowing whatever technology product deployed and their limitations. And know how to complement it with the right tools and right skills, and perform manual exploitable vulnerability testing, validation and confirmation to developer, business unit officer, to prioritize the risk and mobilizing resources to close them.
E-SPIN Group in the enterprise ICT solution supply, consultancy, project management, training and maintenance for corporation and government agencies did business across the region and via the channel. Feel free to contact E-SPIN for your project requirement and inquiry.