By Gilad Maayan
As technologies and security tools change, cybercriminals are adapting their strategies, creating new threats and revamping known ones. Outdated systems and lack of awareness of current vulnerabilities create significant risk for companies and individuals. Staying up-to-date on current trends makes a big difference when it comes to security and is required for effective security teams.
There are many threats out there but these are five your security team should be particularly aware of this year.
Artificial Intelligence (AI)
The advancement of AI technologies can be used by both security teams and cybercriminals. For example, attackers can create generative adversarial networks, a system in which two networks compete to learn a data set, to uncover AI algorithms used for security. Once an algorithm is known, a model can be developed to bypass it and the data used to train that model can be stolen or modified to identify threats as benign.
A subset of AI, machine learning, is increasingly being used to create more convincing and personalized messages in phishing schemes, allowing credentials to be more easily stolen or malware to be planted.
A vast number of businesses are using cloud-based technologies to host their data and applications and the number is growing. Although cloud platforms often have their own security features, the amount and type of access points present in addition to third-party integrations increase the opportunities for attackers to breach a system. If a platform is poorly segmented, a successful attack can quickly spread across applications and organizations, potentially reaching millions of users.
Cloud-based systems are also uniquely vulnerable to Distributed Denial of Service (DDoS) attacks, in which servers are overloaded with illegitimate traffic, as an attack on one organization can affect non-target organizations that share resources. If an organization uses cloud-hosted security systems with no redundancy they can be left completely vulnerable in addition to suffering from lack of accessibility.
Cryptocurrency is becoming increasingly common and valuable, making it an appealing target for cybercriminals. Illicit mining, known as cryptojacking, is a fast and easy way for attackers to profit as it can often be done under the radar of security systems. Any number of processors are used to mine a currency after being hijacked through existing software vulnerabilities or the use of malware.
This sort of mining can be accomplished on almost any sort of device, takes advantage of both organizational and personal devices, and leaves little to no processing resources for the device owner.
Advanced Persistent Threat (APT)
Information is increasingly valuable and the use of APTs, methods of spying such as keyloggers, is an effective and primarily silent way of collecting data for financial or non-material gain. The strength of these attacks is their low detectability due to limited resource use, variety of insertion, and the ability to move laterally across networks.
APTs can exist for years without being noticed, can collect everything from identifying information to calendar events, and are frequently initiated by attackers working for government organizations.
Internet of Things (IoT)
Almost everyone uses at least one IoT device on a daily basis and it’s common for personal devices to share networks with organizational ones. These devices include mobile phones, webcams, pacemakers, and even vehicles.
Although security teams have the ability to manage the devices of their organization, they are often unable to appropriately monitor personal ones due to legitimate privacy concerns. What this means is that many devices on a network are operating with outdated software, unpatched hardware, or default credentials that can be obtained from Internet databases. The vulnerability of these devices and their constant connectivity create doorways to otherwise secure networks, often without the user’s awareness.
How Your Organization Can Defend Itself
With constantly evolving cyberthreats it can be hard to know where to start building robust defenses but these five techniques are a good place to start.
In the past, security teams tried a technique called zero trust, in which every user was verified before granting access to systems or data. This was secure but had negative effects on both worker productivity and customer engagement due to the time it takes to run verification processes.
A new method, known as digital trust, uses machine learning to monitor activity according to profiles based on behavioral data compiled from users. With digital trust, as long as they request access within the parameters expected according to past use, users are only subjected to basic verification checks. If user behavior doesn’t match, the system will notify your security team so they can stop or prevent breaches by restricting access and requiring in-depth authentication.
Cloud-Based Security Platforms
Despite its unique vulnerabilities, cloud-based security is often an effective solution due to its flexibility and scalability. Open APIs allow your team to manage security technologies on an individual level to make the most efficient use of a system, and because the bulk of system development is done by the cloud host, your team is free to focus on analyzing and responding to findings.
The use of a runbook, a guide to operations and procedures carried out by an administrator, makes use of cloud-based systems even simpler as they can verify that resources are being used correctly.
Organizations can be protected from laterally moving threats through the use of micro-segmentation, the partitioning of clusters of applications, data, or process levels. Micro-segmentation limits the damage an attacker can cause by forcing attacks to breach clusters individually, thus slowing them down and allowing more time for them to be detected and eliminated. It also allows different security protocols to be used according to the priority of data.
Creating a micro-segmented system requires mapping your IT environment to determine application dependency and communication flow, both of which are already required knowledge for a robust system.
Users are often the weakest link in a security system and can be the most difficult to manage. They are vulnerable to phishing scams, often download unapproved software, and may not be aware of security protocols. For this reason, training users on basic security measures both on personal and work devices is essential. This should go beyond an initial briefing and include periodic training, digestible bulletins, and if possible use of simulations. Security protocols need to be clear to the most tech-averse users and issue reporting should be as user-friendly as possible to ensure your team is made aware of threats quickly.
Security By Design
In the past it was common for organizations to attach security features after a product was completed, resulting in extra time and effort as security teams worked within the limitations of an existing framework. This method often resulted in gaps due to incompatible systems or piecemeal integration of security systems. A better option is to use a DevSecOps team, a combination of development, security, and operations, that will allow your technologies to be built securely from the start.
Cyberthreats are constantly changing and security techniques must change with them to stay effective. While it is impossible to create a perfectly secure system, many threats can be negated if your security team is aware of current threat trends and the technologies being used to protect against them.
By using advancements in machine learning or implementing more secure systems from the start, your team will be able to focus their efforts on responding proactively to prevent information loss, and efficiently to minimize damage when threats are detected.