The FBI presented an overview of good cyber security practices at the 3rd Annual Privacy & Cybersecurity Summit in New York City. The topic of the convention was “: Beyond The Basics for In-House Counsel” and it featured an appearance from The New York State Attorney General’s Office and New York Citizen’s Crime Commission as well.
The FBI Speaks up on Good Security Practices
The Federal Bureau presented an overview of good cybersecurity measures that companies can use in defense against various threats. The agency not only deals with major cyber security issues, but it also partners with foreign institutions to combat criminal activity worldwide. The FBI illustrated some of the major issues that they are facing:
- Hacktivist activity for political statements. They are usually demonstrations of disapproval for businesses or policies by countries of institutions. A notable example is the Anonymous group that has attempted numerous distributed denial of service (DDoS) attacks against web sites. The group is also famous for defacing sites and hacking social media accounts.
- The United States government and major businesses are frequently attacked by hacker groups that are sponsored by foreign powers.
- Criminal security intrusions utilize schemes such as extortion and blackmail. The incurred damage is no longer solely financial. Reputation threats are becoming a major concern.
- Cyber attacks against financial institutions and individual bank accounts are a major threat. Often hackers also analyze stolen data from the victim computers and use the sensitive information to craft spam campaigns and social engineering attacks.
The FBI representative shared seven tips that can aid against cyber attack campaigns:
- Create network topology maps that include a full list of all connected devices and users.
- Regularly create secure back ups of all sensitive data and store it offsite.
- Secure the sensitive data storage servers. Utilize only secure protocols and control all file transfers and network activity.
- Develop sophisticated policies for cyber security protection. Carry out training sessions. Define log file systems and list all applications running on the network.
- Always update all software and hardware components that are part of the internal network. Stay updated on the latest threats and vulnerabilities.
- Develop a response plan when an attack occurs. Use forensic experts and external security experts to report the damage and investigate the point of intrusion.
- Establish a relationship with the government authorities