BreachExchange mailing list archives
The top security trends you need to know right now
From: audrey () riskbasedsecurity com (Audrey McNeil)
Date: Mon, 11 Apr 2016 17:05:02 -0600
http://www.itproportal.com/2016/04/08/the-top-security-trends-you-need-to-know-right-now/ At the moment, there is more focus on cybersecurity than at any time before, so itâs important to look at the current trends and how they will play out over the coming months. We are at the start of a wave of changes which are unpredictable, but business leaders need to pay attention. If we start to understand the trends of today, it will give us a good indication of where security issues are going to arise tomorrow. Outlined below are the top security trends that we need to be aware of: DDoS extortion will become more common In 2014 we saw a new threat, DD4BC, arise. In 2015 it went away, but was immediately replaced by the Armada Collective. Both groups sent threatening emails requiring the payment of a small number of bitcoins, otherwise the companyâs site would be taken offline. The success of these groups has led to the Armada Collective becoming more aggressive and a number of copycats have arisen. Thereâs no doubt in my mind this will continue this year and get much worse as more criminals see the potential profits of DDoS extortion. The Internet of Things will be compromised The Internet of Things (IoT) isnât a single technology or product, but rather a whole class of technologies and products, most of which were designed and developed with nothing more than a passing thought to security. At the end of last year, the best examples of dangers of IoT were Hello Barbie and the compromise of toy manufacturer VTech. IoT devices are collecting more information about their owners than most people realise, and even if the devices are perfectly secure, the services behind these devices often leave a lot to be desired in terms of security. This data is valuable and weâll see more compromises of the tools and toys of IoT, as well as the companies that are collecting our personal data. Security wonât improve markedly This is one trend I hope Iâm misreading, but nearly two decades in the security field tell me Iâm not. Despite the many claims of security vendors that they have the one technology that can solve all of your security woes, no such product exists. Instead, we have to realise that weâre looking at a long, slow haul of minor improvements to security, measured in decades, not years. Companies will find new, better ways to secure their systems, attackers will find new, better ways to compromise them. Slowly, over time, weâll figure out how to do a better job of building software and systems that are secure from the ground up. Itâs actually more likely that security will seem to get worse but that will be a symptom of organisations getting better at recognising the indicators of a compromise. Government will have a major impact on security China has always required access to all traffic on their Internet, while Russia passed a law in 2014 mandating that its citizensâ traffic stay in the country and be available to officials. Both the USA and the UK have been lobbying Silicon Valley companies to give them access to encrypted communications and in the wake of the Paris attacks, France is considering outlawing Tor and public WiFi access. Politics aside, itâs clear that governments around the world are seeing the need to be heavily involved in legislating the Internet and this will have a huge impact on the security of individual businesses as well as the Internet as a whole. If youâre not paying attention to this changing landscape, then new legislation is going to blindside you, not a position any security professional should be in. The unknowable unknowns While many of our concerns are about the things we can predict, thereâs never been a lack of unforeseen incidents. Every organisation will have at least one incident in 2016 that couldnât have been predicted by extrapolating current trends towards the future. The secret that we need to understand as security professionals is identifying as many of the knowable threats as possible and then build a program that addresses the known threats while being flexible enough to deal with the unknown as well. Do you have a plan for rebuilding your web servers if theyâre compromised? Take it a step further: what if your AD servers are affected? Take it to the worst-case scenario and have a plan to deal with your whole network being wholly owned. It might sound like going overboard, but itâs happened to Sony and the OPM in the US and itâs probably happened to other organisations who havenât made the news yet. Review your processes and procedures with an eye towards making sure they support your goal of keeping your organisation secure, even if something completely unforeseeable happens. Whatâs your plan for the zombie apocalypse? It should probably look a lot like your plan for an infectious disease outbreak. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160411/6f928ef5/attachment-0001.html>
Current thread:
- The top security trends you need to know right now Audrey McNeil (Apr 11)