6 Emerging Cybersecurity Risks You Should Be Aware OfRich
Last Friday I had the privilege of moderating a panel of experts discussing emerging security risks.
Besides me, the panel at the New York Cyber Security Summit included Logan Brown (president of Exodus Intelligence), Joseph Fiorella (senior infosec engineer at Intel Security), Roy Katmor (CEO of Ensilo), Tom Kellerman (chief cybersecurity officer at Trend Micro), Hanan Levin (VP of products at Illusive Networks), and Dr. Bernard Parsons (CEO of Becrypt).
Here are six takeaways from the panel; they should provide valuable input for both individuals and businesses seeking to stay ahead of cyber threats.
- Assume that hackers will ultimately penetrate your infrastructure.
While preventative information-security measures are obviously a necessity, businesses and people must still assume that hackers will ultimately penetrate their infrastructure despite all of the security technologies in place. Remember, the odds are dramatically in an attacker’s favor-he or she needs to get just one attack through, a defender needs to stop all attacks. As such, segmenting data–i.e., not putting all of your eggs in one basket–is critically important. It is also wise to understand who might be interested in attacking your organization, what their motives may be, and what resources they are likely to have. Without such knowledge you may misallocate your valuable resources.
- Deception can be a useful component of a security strategy.
If you include fake servers and fake, traceable data within your network, hackers may not be able to identify what data is valuable and what is not, and you may improve your chances of catching anyone who targets you (e.g., if a criminal attempts to use stolen, traceable, phony data). Deceptive practices can also help by forcing attackers to expend time analyzing data, which may encourage them to turn their attention elsewhere.
- Cyberterrorism has begun.
Almost half of the energy-sector organizations polled for a recent cybersecurity study reported that attackers had attempted to delete or destroy information on their systems. From a practical standpoint, if a utility goes offline it does not matter much to those without power, gas, or water whether the attackers were nation states, terrorist groups, hacktivists, or others. Of course, from a national security standpoint, the nature of the enemy is important, and the common belief is that cyberterrorism, and attempts at cyberterrorism, is likely to grow dramatically worse with time. As I mentioned in a prior article, both Eugene Kaspersky (CEO of Kaspersky Labs) and a senior member of the AT&T security team have told me that they believe that a major cyberterrorism-type incident is likely to happen in the not so distant future.
- Nearly every person and business today relies on the information-security of third parties for many mission critical tasks.
Several major recent breaches have been achieved, at least in part, by hackers attacking vendors or suppliers of the firms ultimately being targeted. Make sure businesses with which you are dealing don’t become your Achilles’ heel. Businesses should proactively collaborative with their suppliers–sharing expertise and, if appropriate, technology. It can sometimes be more cost effective to provide such resources to third parties than to conduct complex audits of their systems, make demands, and possibly be forced to find alternative providers with better security.
- Humans are often the weakest point in the security chain.
Many high-profile breaches have begun with criminals gathering information inappropriately posted on social media, crafting targeted phishing emails based on that data, and penetrating organizations by exploiting human mistakes. Security technology can be rendered entirely ineffective by people’s errors; make sure to address human risks as part of your security strategy.
- Emerging technologies are obviously great targets.
The attacks that we have seen on mobile and internet-of-things technologies, as well as against cars, are the tip of the iceberg of what is to come. Likewise, the success of zero-day attacks–that is, attacks that exploit previously unknown vulnerabilities, which therefore lack solid defenses against them–almost guarantees that sophisticated hackers will seek to identify and exploit such weaknesses in the future. Technologies that identify and report anomalous activity within your infrastructure may help secure against some of these risks.
Please feel free to discuss this article with me. I’m on Twitter at @JosephSteinberg.
The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.
Start your IT career with the CompTIA A+, Network+, Security+ at CED Solutions today!
CED Solutions is a Cisco Learning Partner, Microsoft Gold Learning Partner and the #1 location for Microsoft Certifications in North America for the last 6 years combined. CED Solutions is a CompTIA Partner, EC Council Partner, and many others and is one of the largest providers of training in North America. The Atlanta facility provides IT training for up to 300 students per day, with separate buildings dedicated to training. CED Solutions provides training for up to 10,000 students per year and students take up to 800 certification exams every two weeks.
CED Solutions provides training and certification for MCSD: SharePoint 2013 Applications Developer; MCSE: SharePoint 2013; Cisco CCNA; Cisco CCNP; Cisco CCNA Security; Cisco CCNP Security; Cisco CCNA Voice; Cisco CCNP Voice; Microsoft MCSA: Windows 2012 Server; MCSA: Windows 2008 Server; MCSA: SQL 2012 Server; MCSE: Business Intelligence SQL 2012 Server; MCSE: Data Platform SQL 2012 Server; MCSE: Desktop Infrastructure Windows 2012 Server; MCSE: Server Infrastructure Windows 2012 Server; MCPD: 6 Cert Visual Studio Developer; MCSD: Windows Store Apps C#; MCSD: Windows Store Apps HTML5; IT Healthcare Technician and many more.
CED Solutions, LLC, www.cedsolutions.com, firstname.lastname@example.org, (800) 611-1840