The week in security: Avoid making the same mistakes in 2020

A shoe about to step on a banana peel, stopped by a small superhero.
RetroRocket / Getty Images

Just because you were on holidays, doesn’t mean cybercriminals were as well. With the highly profitable holiday shopping season slowly coming to a rest this month, it’s important that every ecommerce practitioner have a range of security basics well covered.

Experts were making a raft of predictions for the upcoming year, including speculation that we might finally get on top of the spam problem and, more broadly, improve our security posture using several key strategies.

One critical step forward – as you’ll hear over and over again at key security industry conferences this year – is to get your users to stop making the same mistakes over and over again.

And, with the launch of a new compliance scoring tool, Microsoft has actually provided a way of letting you know when user behaviour is pushing you out of compliance – and then engage usefully with those users.

Nation-state hacking will surely continue to be a major issue this year, with the added challenge of many state-based actors covering their tracks using ‘false flag’ techniques.

Some pundits were pointing out the dangers of emerging 5G mobile technology, which is said to facilitate data theft thanks to its faster speeds and inevitable ubiquity.

Staffing, of course, is certain to continue being a problem – as we repeatedly hear in discussions built around assumptions about a range of gender and human traits – which is why security planners need to develop staffing plans that recognise and work around the issue.

Protecting unused but parked domain names from exploitation can help controlling their use for spam, and leaning on the DMARC domain authentication standard is a great way to prevent this happening.

A robust identity and access management (IAM) solution is also a big help, and security practitioners should focus on 6 main features to ensure they’re as locked-down as possible.

Insecure LDAP binds can also create problems when locking down your environments – but here’s how to find and fix them.

Many security specialists may not yet fully appreciate the value of a protocol analyser, so here’s a rundown of why you might need one and what to look for.

Also potentially useful in the toolbox is a cloud asset-protection platform like Fugue, which our reviewer found fills a critical need in providing cloud-based infrastructure and security compliance.

In the eternal quest to improve user education and response planning, security practitioners may want to consider trying the old-fashioned way – a card game called Backdoors and Breaches, which allows users to construct their own random, realistic security incident for tabletop planning.


Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies