Many organizations’ security functions determine what threats they care about based on what threats are known to be affecting their sector, or comparably simple criteria. In reality, this approach is poorly suited to dealing with the significant security issues of today. Malicious actors scope their victims based on multiple factors, and understanding these factors is essential to managing risk.
(Source: RSA Conference USA 2017)
28. #RSAC
Hacktivism Target Selection: Associations
Dyn DDoS: Targeting
• Dyn DDoS was directly attacked, but other high‐profile
organizations suffered downtime and associated
potential losses
• Critical service providers an attractive target
in many cases
Risk influenced by: What external providers victims
depended on