Three Cybersecurity Trends Business Should Address

The cybersecurity landscape grows seemingly more complex, and dangerous, by the day: Hackers and other bad actors unleash increasingly intricate and formidable attacks, on more mission critical systems.

Yet, organisations attempt to counter their threats with the same limited resources. In fact, many industry veterans need to return to the ranks as practitioners and researchers to supplement gaps within security teams. We’re also seeing cyber-security personnel shortfalls at the executive and board levels.

The upshot: IT departments are struggling to keep up with it all. So they must arm themselves with the best, and most current, information about developing threat patterns as they take hold. The following trends have emerged as immediate and urgent:

Weaponisation of the Internet of Things

After the Dyn DDoS attack last year that brought widespread outages to Twitter, Airbnb and other ubiquitous websites, apps and services, hackers continue to target, and weaponise, IoT-linked devices.

More than ever, adversaries are gaining access as a result of employees logging into their work networks from home or other environments outside the office. Many users, both consumer and enterprise, are unaware of the risks associated with unsecured devices, particularly as the universe of connected home and office devices multiplies exponentially on a regular basis.

Cyber-criminals consider these devices as prime entry points and targets for infection, bringing home and business networks to a crippling halt.

Cloud attracts a new breed of bad guy

Hackers are also taking advantage of vulnerabilities associated with cloud and virtual networks. Hypervisors, for example, enable IT to run multiple operating systems on a single system and manage how cloud and virtual resources are allocated.

They would normally reduce an attack surface. But if a singular hypervisor vulnerability is exploited, the impact of the attack can spread to all tenants, operating systems, etc. running in a shared environment. This poses a major challenge for cloud service providers, especially as more advanced hypervisor exploits target the growing landscape of virtual environments.

In addition, remote access Trojans (RATs) are wreaking havoc on cloud networks. State-sponsored adversaries use these malware programs, designed to spy directly on users, to gain entry to government and large enterprise networks for corporate and political espionage.

This type of activity is achieved by infecting web sites that hackers modify to include malicious i-frames or links that will load RATS onto innocent visitors to the website. An ongoing influx of investment into infrastructure and business, along with sustained economic growth, will only fuel more of this activity.

The not-so-emerging threat

Organizations and even individual security experts get caught up with the latest and greatest exploits, vulnerabilities and bugs that are making the biggest headlines. The newest and most startling cyber-attacks, the shockingly duplicitous ones with exotic, ominous-sounding names, rightly command our attention.

However, they aren’t necessarily causing the most damage for the largest number of people. Often times, the age-old, tried and true vulnerabilities are the culprits, such as the failure to patch old Windows exploits or a suspect WordPress plug-in or yet another phishing scam. In today’s world, non-patched systems constitute a compromised enterprise.

Taken as a whole, these three trends reveal that, despite continued technological innovation, malicious hackers will always find gaps to exploit. Organisations cannot afford to lull themselves into a state of false comfort by strictly investing in firewalls, patches and other traditional defense tools. They must arm themselves with the most relevant and timely intelligence, and then allocate solution and “people” resources accordingly.

HelpNetSecurity:

You Might Also Read: 

What Every CISO Needs To Know:

The New Face of Cybersecurity:

Directors Report: Cyber Security Checklist For Management (£):

 

« UK Robotics, AI & 3D Printing
What Healthcare CISOs Should Know »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

Rausch Advisory Services

Rausch Advisory Services

Rausch delivers solutions that address compliance, enterprise risk, information technology and human resource capital.

Babble

Babble

Babble is a Unified Comms, Contact Centre and Cyber Solutions provider. We believe in making next-generation technology simple to use, deploy and manage.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

Interlynk

Interlynk

Interlynk's #SBOM and # VEX-powered platform automates and continuously monitors first-party and vendor software supply chains and helps meet #FDA, #CRA, #GSA, and #DoD compliance obligations.