The threat landscape is changing with the advent of new technologies and devices that are interconnected. Here we discuss the five latest security threats and steps to combat them
– Jagdish Mahapatra, Managing Director, India and SAARC - Intel Security
In past few years, we have witnessed various attacks, from industries to consumers. Attackers can target anyone and even a small loophole can become a drastic fall for you. The 2016 threat predictions from Intel Security covered a gamut of trends, from the likely threats around ransomware, attacks on automobile systems, infrastructure attacks, and the warehousing and sale of stolen data. A detailed insight is as follows:
Hardware: Attacks on all types of hardware and firmware are likely to continue, and the market for tools that make them possible is expected to expand and grow. Virtual machines could be targeted with system firmware rootkits.
Ransomware: Anonymizing networks and payment methods could continue to fuel the major and rapidly growing threat of ransomware. In 2016, greater numbers of inexperienced cybercriminals leveraged ransomware-as-a-service offerings which could further accelerate the growth of ransomware. This is likely to become one of the most frequent modes of cyber-attacks that both organizations and customers will face this year.
Wearables: Although each wearable device stores a relatively small amount of personal information, wearable platforms could be targeted by cybercriminals working to compromise the smartphones used to manage them. The industry will need to work together to protect potential attack surfaces such as operating system kernels, networking and Wi-Fi software, user interfaces, memory, local files and storage systems, virtual machines, web apps, and access control and security software.
Attacks through employee systems: Organizations will continue to improve their security postures, implement the latest security technologies, work to hire talented and experienced people, create effective policies, and remain vigilant. Thus, attackers are likely to shift their focus and increasingly attack enterprises through their employees, by targeting, among other things, employees’ relatively insecure home systems to gain access to corporate networks. After all, it is often said that humans are the weakest link in security.
Cloud services: Cybercriminals could seek to exploit weak or ignored corporate security policies established to protect cloud services. Home to an increasing amount of business confidential information, such services, if exploited, could compromise organizational business strategy, company portfolio strategies, next-generation innovations, financials, acquisition and divestiture plans, employee data, and other data.
Open Source Software at the risk: With its inherent characteristics to significantly reduce costs, free ‘open source’ software (OSS) is growing in popularity with SMEs and start-ups. Whilst OSS is inherently flexible for developers to modify the code, it is also publicly available to cybercriminals and malicious users. This, then, raises concerns when SMEs choose to implement free security OSS into their businesses over closed proprietary applications. Cybercriminals are very much aware that SMEs often lack adequate security practices and infrastructure given that many don’t have the time, budget and expertise to coordinate an effective security solution. Security shouldn’t be an area anyone should skimp on. After all, intellectual property is what makes companies profitable. It needs to be secure.
Best Practices To Enhance Security
Here are five things to be kept in mind by security pros to stay ahead of the curve.
- Ensure to deploy a holistic solutions approach to security – An integrated approach, yields a robust, secure architecture that is more easily managed than frameworks operated with security controls in disparate silos of operation. With this approach, the underlying focus is on reliable and uninterrupted service delivery through a combination of endpoint, network, and data-centric controls for discovery, prevention, detection, response, and audit.
- Be part of the boardroom conversation – IT & Security has evolved from a support conversation to a boardroom agenda. Expect to build a bigger role for IT within the business to demonstrate you can actually deliver what the business wants. Do more than support and understanding the technology, by actively leading the strategy.
- Promote a security conscious environment – Think before you click- goes a long way in the security world. From the moment they are hired, every employee with a username and password needs to understand the individual role they play in keeping sensitive corporate data secure. Share best practices for safety and ensure to conduct regular checks for safety.
For consumer security: Security goes hand in hand with informed and conscious internet habits. Being wise before clicking goes a long way. It is important to know that humans are often the weakest link in protecting data. This challenge gets compounded by the fact that while most people will readily adopt solutions like BYOD and social media, the level of awareness and inclination towards ensuring a safe digital and social footprint kicks in only after they come under attack from various cyber criminals on multiple platforms. There is a clear need for cross-device security solutions, which can ensure security across multiple devices with a single subscription.
For enterprise security: Every ‘best of breed’ security solution in silos at an enterprise will not work as today’s infrastructure needs integrated play. The level of cyber-attacks in the country has increased tremendously with more aimed at lucrative targets like financial services and IT organizations. So while these segments are early adopters of technology, they continue to remain prime targets for cyber criminals and that signals the need for organizations to look at security more holistically and move from protection to detection and correction stance.