The cybersecurity landscape grows seemingly more complex – and dangerous – by the day: Hackers and other bad actors unleash increasingly intricate and formidable attacks, on more mission critical systems. Yet, organizations attempt to counter their threats with the same limited resources. In fact, many industry veterans need to return to the ranks as practitioners and researchers to supplement gaps within security teams. We’re also seeing cybersecurity personnel shortfalls at the executive and board levels.
The upshot: IT departments are struggling to keep up with it all. So they must arm themselves with the best – and most current – information about developing threat patterns as they take hold. As I’ve met and collaborated with professionals in the field for the first few months of 2017, I’ve concluded that the following trends have emerged as immediate and urgent:
The weaponization of the Internet of Things
After the Dyn DDoS attack last fall that brought widespread outages to Twitter, Airbnb and other ubiquitous websites, apps and services, hackers continue to target – and weaponize – IoT-linked devices.
More than ever, adversaries are gaining access as a result of employees logging into their work networks from home or other environments outside the office. Many users, both consumer and enterprise, are unaware of the risks associated with unsecured devices, particularly as the universe of connected home and office devices multiplies exponentially on a regular basis. Cybercriminals consider these devices as prime entry points and targets for infection, bringing home and business networks to a crippling halt.
Cloud attracts a new breed of bad guy
Hackers are also taking advantage of vulnerabilities associated with cloud and virtual networks. Hypervisors, for example, enable IT to run multiple operating systems on a single system and manage how cloud and virtual resources are allocated. They would normally reduce an attack surface. But if a singular hypervisor vulnerability is exploited, the impact of the attack can spread to all tenants, operating systems, etc. running in a shared environment. This poses a major challenge for cloud service providers, especially as more advanced hypervisor exploits target the growing landscape of virtual environments.
In addition, remote access Trojans (RATs) are wreaking havoc on cloud networks. State-sponsored adversaries use these malware programs, designed to spy directly on users, to gain entry to government and large enterprise networks for corporate and political espionage. This type of activity is achieved by infecting web sites that hackers modify to include malicious i-frames or links that will load RATS onto innocent visitors to the website. An ongoing influx of investment into infrastructure and business – along with sustained economic growth – will only fuel more of this activity.
The not-so-emerging threat
Organizations and even individual security experts get caught up with the latest and greatest exploits, vulnerabilities and bugs that are making the biggest headlines. The newest and most startling cyber attacks – the shockingly duplicitous ones with exotic, ominous-sounding names – rightly command our attention. However, they aren’t necessarily causing the most damage for the largest number of people. Often times, the age-old, tried and true vulnerabilities are the culprits, such as the failure to patch old Windows exploits or a suspect WordPress plug-in or yet another phishing scam. In today’s world, non-patched systems constitute a compromised enterprise.
Taken as a whole, these three trends reveal that – despite continued technological innovation, malicious hackers will always find gaps to exploit. Organizations cannot afford to lull themselves into a state of false comfort by strictly investing in firewalls, patches and other traditional defense tools. They must arm themselves with the most relevant and timely intelligence, and then allocate solution and “people” resources accordingly.