Among the many insights featured in Cisco’s 2015 Midyear Security Report is one curiosity that immediately caught my eye:
“Some exploit kit authors are looking to early 19th-century literature to help conceal their 21st century threats. Specifically, some adversaries are incorporating text from Jane Austen’s Sense and Sensibility into web landing pages that host their exploit kits.”
The reason they’ve taken to doing this? Antivirus software is more likely to categorise the webpages as legitimate after analysing the text and site visitors are likely to linger longer, giving the criminals a prolonged opportunity to launch an attack.
As the report concludes, “As fast as the security industry can develop technologies to block and detect threats, miscreants pivot or change their tactics altogether” – including quoting Jane Austen. Organisations “need to be proactive about identifying and addressing cybersecurity risks that can affect their business and aligning the right people, processes, and technology to help them meet those challenges.”
The international standard for information security management, ISO 27001, offers such a risk-based approach to cyber security that addresses people, processes and technology. Implementing an ISO 27001-compliant information security management system (ISMS) enables organisations of all sizes, sectors and locations to mitigate the risks they face with appropriate controls, limiting the threats posed by untrained staff, inadequate security procedures and out-of-date software solutions.
Accredited certification to the Standard reassures customers, stakeholders and staff that cyber security best practice is being followed.
ISO 27001 Packaged Solutions
Priced from only £380, IT Governance’s ISO 27001 Packaged Solutions provide unique ISO 27001 implementation resources for all organisations, whatever their size, budget or preferred project approach. Combining standards, tools, books, training, and online consultancy and support, they allow all organisations to implement an ISO 27001-compliant ISMS with the minimum of disruption and difficulty.