Arguably, the most sinister attack is the Advanced Per- Key Takeaways (Cont.) sistent Threat (APT) in which the cybercriminal zeroes-in on a specific target and invests whatever time and • Companies across the broad market are resources may be necessary to penetrate their infra- moving to third-party managed security structure. In such cases, there is a particular objective service providers at an annual rate of 5 and a particular payoff involved. It’s very different from percent RDI. the type of attack in which a reasonable number of ob- stacles will redirect the bad guy towards some less-pre- • Compliance is not security, and security is pared souls. not compliance. The attack may target your access management, your • Although user education is paramount, administration platform, your applications, your end- phishers are getting so sophisticated that points, your network, or anything else on your attack even a well-educated user can fall victim to surface. It doesn’t matter. You and your team are on the hook for defending all of it by using a variety of technol- a well-crafted spearphishing campaign. ogies, my monitoring, by auditing, and, most of all by being ready, willing and able to properly respond when bad things happen. This translates to the existence of policies, procedures, tactical teams, effective budgets, and overall controls. Ransomware is another insidious attack in which crim- inals, often gaining access through phishing attacks, encrypt your data and then offer to sell you the key. There is open debate on whether those ransoms should be paid, as opposed to restoring the data from backup. We will explore that issue in greater depth below. Copyright © 2020 AVANT Communications, Inc. 4