Information theft is the most expensive and fastest growing segment of cybercrime, largely driven by the increasing exposure of identity information to the web via cloud services. But it is not the only target. Industrial controls that manage power grids and other infrastructure can be disrupted or destroyed. Cyber security’s importance is on the rise. Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Sensitive information like social security numbers, credit card information and bank account details are now stored in cloud storage services like Dropbox or Google Drive.
Cyber-attacks are an increasingly sophisticated and evolving danger to sensitive data, as attackers employ new methods powered by social engineering and artificial intelligence to circumvent traditional security controls. Cyber security risk is increasing, driven by global connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information. Widespread poor configuration of cloud services paired with increasingly sophisticated cyber criminals means the risk that organization suffers from a successful cyber-attack or data breach is on the rise. A multi-layer cyber security approach is the best way to thwart any serious cyber-attack. A combination of firewalls, software and a variety of tools will help combat malware that can affect everything from mobile phones to Wi-Fi. Here are some of the ways cyber security experts fight the onslaught of digital attacks.
In cases of Malware, Security is certainly one of the most important issues today. An anti-virus software package is needed to combat any suspicious activity. These packages usually include tools that do everything from warning against suspicious websites to flagging potentially harmful emails. Device loss is the top concern among cyber security experts. Leaving our phones at a restaurant can prove dangerous. Luckily, there are tools that lock all use of mobile phones (or enact multi-factor passwords) if this incident occurs. Application security is also becoming another major issue. To combat mobile apps that request too many privileges, introduce Trojan viruses or leak personal information, experts turn to cyber security tools that will alert or altogether block suspicious activity.
The Blend of Technology, Artificial Intelligence and IoT will necessarily gear up the Process of Securing
With the advent of 5G network. It would thus create a greatly expanded, multidimensional cyber-attack vulnerability. It is this redefined nature of networks—a new network “ecosystem of ecosystems” that requires a similarly redefined cyber strategy”. The advent of modern technologies such as IoT is exponentially increasing the number of connected devices to the extent that there will be around 200 billion connected devices by the end of 2020. Cyber warriors are increasing their knowledge while hackers can now utilize artificial intelligence and machine learning to trigger automated cyber-attack that can easily compromise secure systems without any human intervention. These automated cyber-attack pose a global scare and can be done on a mass volume.
Cyber security solutions for public cloud accelerated in the first quarter of 2019. Those deployment models collectively grew 46 percent year-on-year. Federal agencies are increasingly using cloud computing services and the Office of Management and Budget (OMB) requires them to use the Federal Risk and Authorization Management Program (FedRAMP) to authorize use. Security teams were just about coming to terms with a much larger attack surface with containers, distributed environments, multi cloud, IoT, and more. What no one was expecting, however, was an attack surface that would span the entire globe, which is pretty much what we see now. The VPN/firewall combo that we have relied on for so long has finally reached its limits, creating a void that startups are stumbling over themselves to try to fill with a slew of cyber security innovations.
Let us also have a look at most prominent innovations in the world of cyber security:
Quantum computers leverage a new mode of computing instead of bits. These units are more “flexible” than bits in that they can be on, off or “superposed” between the two. They’re also entangled to the extent that particles are physically linked together even though they’re physically separate.
Quantum computing will make current day encryption practices obsolete. The traditional Public Key Infrastructure (PKI) system used can easily come crashing down when public keys become vulnerable to attack by quantum machines. These properties allow quantum computers to move information around and to perform tasks quicker and more efficiently than ordinary computers. The possibilities for quantum computing are therefore endless. Indeed, scientists could use quantum computing to take artificial intelligence to new heights. They could also develop new materials, find cures to diseases and fundamentally change life in other ways.
5G Mobile Technology
The main benefit of 5G is its ability to deliver “high-band,” short-range airwaves. When combined with its other benefits including increased availability and network capacity, 5G promises to deliver higher speeds and lower latency than any wireless service before it. Such outcomes could help to revolutionize the ways in which machines, objects and devices connect to one another.
The nature of how signals and data are routed in 5G/IoT networks can lead to Mobile Network mapping (MNmap), where attackers can create maps of devices connected to a network, identify each device and link it to a specific person. Then there are Man-in-the-middle (MiTM) attacks that enable attackers to hijack the device information before security is applied. No Organization can address those security risks alone. Given the potential impact that 5G could have national economies, governments need to take the lead in developing 5G mobile security standards.
The convergence of information technology (IT) and operational technology (OT) is challenging organizations’ digital security. This has not always been the case. As explained by Digitalist, the former consists of software, hardware, computers and other telecommunications devices that serve a business function, whereas the latter is comprised of vendor-specific, proprietary technologies that perform actual operations.
Unfortunately, this trend is creating security challenges for organizations. IT-OT collaboration engenders a lack of visibility, as IT security teams don’t know what’s spread across their employer’s entire infrastructure (in their IT and OT environments as well as in the cloud). It also feeds a lack of control over security policies. As IT teams have such a difficult time securing new industrial business requirements, security policies introduce risk because they suffer from security and compliance gaps that normalize poor security hygiene.
Expert systems are developed and managed by people, and the principle of their work is based on the recognition of threat signatures to prevent attacks. For example, malicious code or techniques that are used to identify and prevent cyber-attacks just like a fingerprint database is used to capture criminals. Such an approach works well, but there is one drawback. Threat signatures can be recognized and entered into the “base” only after the attack has been completed. It is hard to prevent the same attacks in the future. Thus, such systems are not able to protect against previously unknown attacks called zero-day attacks.
Combining the strength of artificial intelligence (AI) with cyber security, security professionals have additional resources to defend vulnerable networks and data from cyber attackers. After applying this technology, it brought instant insights, resulting in reduced response times. A decision mechanism that is similar to a real human decision mechanism is tried to be modelled with some algorithms. Machine learning is a subdomain of artificial intelligence. Machine learning uses mathematical and statistical ways to extract information from data. Emerging technologies put cyber security at risk. Even the new advancements in defensive strategies of security professionals fail at some point. Besides, as offensive-defensive strategies and innovations are running in a never-ending cycle, the complexity and volume of cyber-attacks have increased.
The IT function is under tremendous pressure, too. In some firms, IT professionals must extend remote working capacity to employees who hadn’t worked from home in the past. In some cases, this includes their service partners. Many IT departments are in the middle of deploying new types of collaboration software. While that can be crucial to keeping employees synchronized (especially those working in agile teams), such software increases the risk of hacking sensitive data that now resides in less secure remote workplaces.
Fraudsters are well aware that many companies and their employees have opened the door wide to hacking. Cybercriminals are using the heightened digital footprint and traffic to find vulnerabilities, or to siphon off money. They are launching Covid-19-themed attacks in the form of phishing emails with malicious attachments that drop malware to disrupt systems or steal data and credentials. Attackers are creating temporary websites or taking over vulnerable ones to host malicious code. They lure people to these sites and then drop malicious code on their digital devices. Fake websites have also been soliciting donations for daily wage earners through email links. Considering the increasing fraudsters and all the theft possibilities, cyber security is indeed emerging to be the need of the hour and should be considered seriously with an optimistic approach.
By: Mannu Mathew | Sub Editor | ELE Times