Our Job: Keep our Employer out of the Headlines like Product Security Group which consider Vendor [ABC] issues an emergency patch for its flagship product and urges customers to apply it without delay to address an actively exploited vulnerability. IT Security Organization Company [ABC] admits to losing sensitive information following a security breach in its corporate network. Characteristics of advanced threats are Single minded, determined and innovative, Target individuals over systems, Through reconnaissance will understand your processes, people & systems better than us, Will exploit ANY weakness, Countermeasures increase sophistication, Custom malware, NOT detectable by signatures, Are not in a hurry will take as long as it takes, Goal is long term & persistent access, The perimeter has shifted, all systems now exist in a hostile environment. 94% of companies learn they have been compromised from a third party such as law enforcement. The median length of time an organization has been compromised before they find out is 416 days. Consider that no organization is impenetrable. Assume that your organization might already be compromised and go from there. Secure product development as grown as an software engineering discipline. The changing threat landscape and the
emergence of cloud are products attack surface. Technology providers and software developmentorganization need to adapt their secure software development process.
|