How Companies Can Defend Against Database Cyberattacks
High-profile cyberattacks that have rocked companies and government over the last several months were carried out using the most basic tricks hackers have at their disposal, adding insult to injury.
The majority of attacks carried out by the hacker collective Anonymous Operations and the hacker group LulzSec are often launched using a combination of software and pre-written scripts, which has won them the “Script Kiddie” label by the more experienced hackers.
The fact that some of the most basic attacks are effective is sounding an alarm over the poor state ofcybersecurity. Yet while companies and government are scouring for solutions, they often find security tools are more trouble than they’re worth.
“What used to happen, and this happened a lot, was that the intrusion prevention programs were too strict,” said Dan Kuykendall, co-CEO and chief technology officer of cybersecurity company NT OBJECTives.
This caused a backlash in the early 2000s. Companies were starting to adopt systems to block cyberattacks, known as Intrusion Prevention Systems (IPS). Yet, since they were blocking both good and bad traffic, many companies switched the security systems off and instead starting using systems that only detected cyberattacks—known as Intrusion Detection Systems (IDS).
“They got a bit ahead of themselves,” Kuykendall said. “That’s just the reality. In the business case, the features are going to trump security.”
Read the full post here.