IP Blog (RSS Feed)

2016 Growing Cyber Security Trends
Over the past 20+ years I have been passionately running companies that help customers address the ever growing security needs. As our world become more connected the stakes are higher than ever and security threats have become more complex.

This week marks the 23rd annual RSA event hosted in the Bay Area. While the attendance has grown significantly over the years the show stays true to its roots by providing an opportunity of like minded security professionals to gather and share the latest knowledge and advancements in cyber security.

Looking forward these are a few key security threats we see growing in 2016.

Image of cybersecurity trends and threats

Cyber Espionage
Next Generation Wars will be fought over the Internet. This is happening now. Every day a new headline, tweet, or cyber alert appears suddenly, and more often than not companies are forced to be reactive to new unforeseen threats. The key to staying proactive is insuring you partner with security vendors that diligently stay current with the growing threats.

Security is not about testing against a large database of known malware because most likely that database is out of date, of no use and provides a false sense of security. One should look into subscribing to a combination of known and newly-found and zero-day malware samples that are quickly made available for testing. Consumption of updated malware subscriptions is often available though cloud based services but it is also important that vendors provide flexibility of offline updates for closed off environments which is a common requirement with some enterprises and many government customers.

Industrial Control Systems Connected systems expose a higher degree of security risk to critical infrastructure."Bolted-on" legacy supervisory control and data acquisition (SCADA) networks can pose significant risks. They're prime targets, not just because they control our electricity, natural gas, gasoline, water, waste treatment, and transportation networks, but also because they are especially vulnerable and were not designed with cyber security in mind.

Many perimeter security vendors (firewall companies) that are any organization's first line of defense are failing and getting breached themselves. It's now more important than ever to subject your critical infrastructure to real world threat modeling and penetration testing. This helps identify the security gaps in your critical infrastructure and take proactive remediation action.

Insider Threats
The discovery of backdoors and time bombs will continue to haunt network infrastructure and trusted software code. Malicious users, disgruntled, and/or former employees, partners, vendors, and consultants can and will do harm if apps and networks are not properly code reviewed, scanned for known vulnerabilities and pentested to expose weaknesses.

Cyber criminals have become patient and in some cases seek out employment for the sole purpose of gaining insider access. Putting in place the proper checks and balances insures you trusted employees are able to do their job while providing an organization information to uncover a potential sheep in wolf's clothing.

IoT (internet of Things) With the expansion of IoT in to our day to day lives from home appliance to security monitoring systems. The new security challenges are becoming more pervasive. IoT refers to the ever-growing network of physical objects that feature an IP address for Internet connectivity, and the communication that occurs between these objects and other web-enabled systems and devices.

We've built the world-wide-web with it's wondrous potential in technology, education and design (TED®), medicine, industry controls, and consumer electronics. And yet, everywhere we connect becomes a potential vector on the attack surface, within the threat landscape that seems to be expanding minute-by-minute.

Devices that were not meant to be Internet-enabled are now online, and potentially open to attack. Without proactive testing, networks can be more vulnerable than ever before. Hackers have new entry-points via which they can not only gain unauthorized access into our home or business networks but can also intrude into our privacy.

Providers of IoT devices need to insure they are taking appropriate security testing measures prior to devices going out to the mass market. Consumers also need to insure they are following recommended set up of IoT devices and taking simple steps such as changing default passwords when they purchase these devices.

RansomWare
Malware has grown up from being a silent thief to now holding your data hostage and demanding a ransom. Methods of propagation, encryption, and targeting have evolved. Dealing with malicious ransomware is both frustrating and costly once a network is infected. Currently, two main types exist: "file encryptor" and "'WinLocker".

(Russian ransomware rampant at 90,000 infections a day - Forbes)

When virtual currency such as Bitcoin becomes "legal" tender, virtual and terrestrial worlds collide. On February 16, 2016 Hollywood Presbyterian Medical Center revealed that they paid out the sum roughly equal to $17,000 in bitcoin. Initially, the attackers demanded 9000 bitcoins, equal to around $3.6M! After a two-week stand-off, a ransom was agreed to and paid.

In Summary
With these growing trends challenging our customers we are poised to help address these concerns and help customers take proactive steps to lower their risk profile. If you are one of the 300,000 attendees at RSA this week, stop by our booth South Expo #S2115 to learn how our security solutions assist customers withtoday's security challenges.

For more information, please do any of the following: Learn more about Spirent SecurityLabs, our dedicated team of experienced security professionals offer comprehensive scanning, penetration testing and monitoring services for networks, wireless, websites, mobile applications, embedded devices, as well as source code analysis at: www.spirent.com/Global-Services/SecurityLabs

Read our White paper: Pentesting—The Required Human Ingenuity to Uncover Security Gaps

Or, to request a quote for our Services and Solutions please contact us at: www.spirentfederal.com/IP/Request_Quote/

Bitcoin, Forbes, InformationWeek's DarkReading.com, McAfee, TestCloud, and TED are trademarks of their respective owners
By: John Weinschenk - 3/29/2016 6:54:46 PM
Tags: Cyber Security

 


Add a comment

Need help finding the product that's right for your business?

Contact us