網絡保安﹝二之二﹞:AI 應用篇

(文章亦同時被 Unwire Pro引用)

ai

隨網絡生態改變,黑客攻擊對企業帶來的金額及商譽損失日益嚴重。網絡保安統計機構 Cybersecurity Ventures 評估,索取贖金型的黑客攻擊對用戶帶來的經濟損失由 2015 年的 3.25 億美元,升至 2017 年的 50 億美元以上,兩年增幅逾 15 倍。

在網絡保安攻防戰中,企業若要做到「魔高一尺,道高一丈」,除了做好基礎防禦和員工培訓,也要讓保安技術和工具與時並進,維持防禦優勢。近年認知運算技術在網絡保安應用上出現重大發展,本文以 IBM QRadar Advisor 一類方案為例,介紹企業如何在網絡保安上善用認知運算技術。

Continue reading

Advertisements

網絡保安﹝二之一﹞:修築三道防線

(文章亦同時被 Unwire Pro引用)

wall

如果能預知六個月後,你的企業將會遭受網絡攻擊,管理層應如何部署?企業可修築的防線有三道:100% 基礎防禦、用人工智能加強網絡保安,及制訂遇襲期的應變流程。

Continue reading

人性攻心的 APT 威脅

(文章亦同時被 Unwire Pro引用)

電腦黑客入侵引發金融震蕩或核輻射洩漏的災難級事故,以往只是科幻小說題材,但現在有成為事實的風險。

《紐約時報》取得美國國土安全部與聯邦調查局的報告顯示,多國核電廠保安系統自今年五月起,遭到黑客持續攻擊,報告將事件列入「進階持續性威脅」(Advanced Persistent Threat,簡稱 APT),屬黃色警報級別。

上一代的黑客攻擊往往是執行中毒檔案後,伺服器被奪權,或硬碟遭到清洗;現在的APT 卻來自技術精良、精心策劃的攻擊團隊,攻擊手法更低調緩慢,潛伏期較長,步驟也更迂迴。即使銀行內部系統或核電廠工業控制系統,刻意與互聯網分隔,以往被認為黑客不能觸及,但在社交媒體日漸普及的今天,APT 已有可能滲透到這些關鍵系統。

power-plant

Continue reading

企業遭黑客入侵 3方面善後

(文章於2017年11月29日在香港經濟日報刊登)

how-to-increase-transparency-and-rebuild-trust-after-a-data-breach-630x330

最近某知名共享型租車服務商傳出,去年十月曾發生嚴重資訊保安問題:有黑客盜取該公司環球五千萬名顧客、七百萬名司機的個人資料,該公司當時暗中向黑客支付十萬美元贖金,並將事件保密。

其新任行政總裁得悉事件後,主動在網誌向公眾披露,事件是由兩名黑客入侵第三方雲系統引致,而該公司兩名主要保安主管已因隱瞞此事離職。行政總裁又公佈一系列補救措施,其坦誠負責的態度值得欣賞。

若企業的 IT 系統遭到入侵,該如何重建客戶的信任?

Continue reading

IBM Security: Perspective on the Recent “Petya” Cyberattacks

454532-630x330

What is the Petya Ransomware campaign? A calculated ransomware campaign with a heavy footprint in Ukraine was detected on June 27, 2017. The source of the attack is currently unknown. To date, the attack has affected global organizations in the banking, pharmaceutical and transportation industries.

Most reports, and the ransom demand itself, refer to the activity as Petya, a well- known malware that has existed for quite some time, but at least one security company believes it is not a true Petya variant. IBM can confirm the ransomware tool is spreading via the National Security Agency (NSA) exploit ETERNALBLUE, similar to the WannaCry events last month.

Continue reading

Billions of Threats, Milliseconds to Respond: Automating Resiliency

Image of businesswoman in anger breaking metal chain

Time is not on our side. To succeed against threats, organizations need automation and cognitive technologies combined with strategy, process and testing. Effective resiliency requires investment, leadership and a culture where people imprint an always-on attitude onto their professional DNA.

For decades, business continuity was viewed as a way to prevent disasters when hardware and software failed. This process focused primarily on preparing for human error, poor change management and natural disasters like hurricanes, floods and fires. But now, more than any other time in history, cyberattacks are flooding the front lines in the resiliency battle. Cyberattacks aren’t just another threat — they’re the mother of all threats.

Continue reading

IBM Security: Perspective on the Global “WannaCry2” Cyberattacks Hitting Critical Infrastructure

wannacry-2

Image source: Internet

What is WannaCry2? A rapidly spreading cyberattack that was first detected in March and has impacted businesses in nearly 100 countries. Currently, the source of the attack is unknown. The WannaCry2 attacks have crippled critical infrastructure, including hospitals, telecommunications and distribution/supply chain services.

The scale of this attack was possible because of a vulnerability in the Microsoft Windows Operating System. Although it began like any routine phishing scheme – in which a user clicks on a bad link and malware takes over – WannaCry2’s exploitation of the Windows vulnerability enabled it to spread with great speed from one workstation to a network of users. As a result, it was an attack of one-to-many versus standard phishing attacks, which typically infect one user at a time. While the attack appears disabled now, we expect hackers to reanimate it rapidly, and organizations need to prepare fast.

Continue reading