Enterprise Security

Information Security Landscape

Over the years, different attack vectors with ominous intent targeted at individuals and organisations have shaped current situation of the defense team also called the Blue Team (Information Security officials meant tho defend the organisation against attackers). With help from top technology companies, and countless research hours invested, we now know where we stand in the war against the attackers. and most importantly what we need to do to to gain a foothold.

As at the time of this writing, the Cybersecurity landscape includes the following:

  • Technology Lag
  • Application Development Security
  • Skill Gap
  • Transition to cloud
  • Increasing Regulation
  • Defense and Attack Asymmetry
  • Internet of Things
  • Automation of detection
  • Malware monetisation
  • Attack tools availability

Technology Lag

Majority of attackers are unsophisticated and use automated tools that can be prevented by keeping up to date with vendor patches, hardware, operating systems and software applications. Most organisations don’t keep up to date due to several reasons which points to one single factor “cost“. Organisations that produce software/hardware have several versions out and release most updates and patches to the latest versions, meanwhile, most organisations still use the old versions which leaves their systems vulnerable to attacks. A good example is the “Wannacry” attack that affected systems running the Windows Server 2003 where the SMB (Server Message Block) port is exposed to the internet.

Application Development Security

This is a very important point in the landscape as awareness has been drawn to application development subject to SQL ejection attacks and Cross Site Scripting (XSS). Developing an application in a local environment probably don’t require as much security as when the app has been deployed and this is a point most developers miss. Developers need to make there apps immune to these attacks as they make the transition from local environment to web applications. In addition, secure application development practices needs to be followed to ensure application security.

Skill Gap

Currently, cybercriminals outnumber the cyberdefense team and this is a major issue. The centre for cyber safety and Education projected a 1.8 million shortfall and I mentioned this in my introductory posts. Information security is a continuous process with continuous security audit in place, and the manpower to man the impenetrable isn’t available.

Attack Tools Availability

The availability of attack tools that require moderate knowledge to operate is staggering. These tools are automated and requires no expertise to attack an organization. These tools are also very powerful as attackers reverse-engineer same tools used by the Nation States elite hackers and make them available to script-kiddies. Video tutorials are also made available for quick training on using these tools. Meanwhile, the defence team has to manually configure and write complex codes to defend organizations from attacks.

Asymmetry of Attack & Defense

To adequately secure an organization against a breach , the resources needed for this is way greater than what an attacker needs to compromise the organisation’s security. With time, effort, resources & skill, an organization can protect itself from an unskilled or non-persistent attacker but this isn’t the case in reality. Most InformationSecurity teams even with highly skilled individuals aren’t given enough resources and time needed to ensure maximum security.

Malware Monetization

In the past, most attackers commited cybercrimes out of curiosity and others to show off to friends. The development in the landscape now shows the ability to monetise malware attacks in a source of motivation for this attackers. Several organisations have had to pay thousands of dollars in a ransomware attack – encryption of organization’s sensitive files and requesting for a ransom in exchange for a decryption key.

Another method attackers is Coin Mining Software – A software that mines cryptocurrency such as Monero, Bitcoin, Ethereum. These software require heavy graphics, RAM usage and power and organisation’s infrastructure are targeted to mine these currencies. This is becoming more prevalent and is overtaking ransomware. A good coin mining software turns itself off when the system is been used to avoid detection.

Automation of Detection

On the bright side for defenders, automation of detection through heuristic approach have made headway especially with Microsoft Security platform such as Microsoft Defender Advanced Threat Protection with even better detection through Telemetry Analysis – Security graph which is a central point for security information that Microsoft collects across its large community of users and also from its research team. New attacks can be detected easily with this approach through machine learning analysis of the large amount of data collected and can easily get blacklisted across all platforms.

Internet of Things (IoT)

This a BIG one – A major change in the Cybersecurity landscape. The explosive growth in embedded systems called IoT – a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. At the time of this writing, the Operating System of these devices rarely receive long-term support from vendors which makes the systems vulnerable to zero-day attacks and other forms of attack vectors.

Consistent release of application updates with an auto-update feature would greatly reduce the attack surface of these devices. Otherwise, these IoT devices can be used as botnets to launch a DDoS attack or even a coin mining attack.

Transition to Cloud

Most organisations today have adopted the cloud technology. All local data and apps have been moved to the cloud. An important point to note is that the onus to protect the company’s asset in the cloud still rests with the organization except in special cases where an arrangement is made with the cloud provider should an organization choose to go with a provider.

Security settings on cloud platforms must be configured correctly and properly with the same amount of diligence one would configure a local machine.

Increasing Regulation

Several attacks over the years and the inability of the IT industry to contain them on its own led to intervention from the government to create policies, regulations, and possible jail terms in order to deter and reduce cybercrime. This also led to implementation of policies to determine the amount and type of data an organization can collect from individuals or users.

IT teams need to be as conversant this regulations same way they are conversant with the technical controls so an up-to-date regulation can be upheld in the event of a breach.

Conclusion

This is the current standpoint of Security as of today. These changes need to be taken into consideration when training and recruiting the Information Security team, and also while investigating breaches.

Please rate this article below

[jetpack_subscription_form show_only_email_and_button=”true” custom_background_button_color=”undefined” custom_text_button_color=”#f0f0f0″ submit_button_text=”Subscribe” submit_button_classes=”wp-block-button__link has-text-color has-background-color has-background” show_subscribers_total=”true” ]

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

Image Widget

Text Widget

There are many variations of passages of Lorem Ipsum available, but the majority have suffered alteration in some form, by injected humour, or randomised words which don’t look even slightly believable.

Categories

Calendar

September 2019
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
30