It takes time and money to adjust IT security measures in response to evolving attack tactics. As defenders gradually update their security measures, attackers respond accordingly. Such arms-race dynamics lead to threats of increasing sophistication and efficiency.
My recent article Understanding Modern Computer Attack and Defense Techniques presents the current snapshot of the state of the threat landscape and offers tips for keeping up with the race.
Defending IT infrastructure involves understanding attack tactics that are particularly effective today. As you assess and improve your information security program, consider the following characteristics of modern computer security threats and the recommendations for dealing with them:
- Social engineering to bypass technical defenses
- Targeting workstations through the web browser
- Compromising web applications
- Attackers with long-term interests
Read the article for my perspective on how attackers use these approaches to bypass security defenses and what you may be able to do about it. (The PDF of the article was originally published by TechTarget.)