Three Cybersecurity Trends Business Should Address

The cybersecurity landscape grows seemingly more complex, and dangerous, by the day: Hackers and other bad actors unleash increasingly intricate and formidable attacks, on more mission critical systems.

Yet, organisations attempt to counter their threats with the same limited resources. In fact, many industry veterans need to return to the ranks as practitioners and researchers to supplement gaps within security teams. We’re also seeing cyber-security personnel shortfalls at the executive and board levels.

The upshot: IT departments are struggling to keep up with it all. So they must arm themselves with the best, and most current, information about developing threat patterns as they take hold. The following trends have emerged as immediate and urgent:

Weaponisation of the Internet of Things

After the Dyn DDoS attack last year that brought widespread outages to Twitter, Airbnb and other ubiquitous websites, apps and services, hackers continue to target, and weaponise, IoT-linked devices.

More than ever, adversaries are gaining access as a result of employees logging into their work networks from home or other environments outside the office. Many users, both consumer and enterprise, are unaware of the risks associated with unsecured devices, particularly as the universe of connected home and office devices multiplies exponentially on a regular basis.

Cyber-criminals consider these devices as prime entry points and targets for infection, bringing home and business networks to a crippling halt.

Cloud attracts a new breed of bad guy

Hackers are also taking advantage of vulnerabilities associated with cloud and virtual networks. Hypervisors, for example, enable IT to run multiple operating systems on a single system and manage how cloud and virtual resources are allocated.

They would normally reduce an attack surface. But if a singular hypervisor vulnerability is exploited, the impact of the attack can spread to all tenants, operating systems, etc. running in a shared environment. This poses a major challenge for cloud service providers, especially as more advanced hypervisor exploits target the growing landscape of virtual environments.

In addition, remote access Trojans (RATs) are wreaking havoc on cloud networks. State-sponsored adversaries use these malware programs, designed to spy directly on users, to gain entry to government and large enterprise networks for corporate and political espionage.

This type of activity is achieved by infecting web sites that hackers modify to include malicious i-frames or links that will load RATS onto innocent visitors to the website. An ongoing influx of investment into infrastructure and business, along with sustained economic growth, will only fuel more of this activity.

The not-so-emerging threat

Organizations and even individual security experts get caught up with the latest and greatest exploits, vulnerabilities and bugs that are making the biggest headlines. The newest and most startling cyber-attacks, the shockingly duplicitous ones with exotic, ominous-sounding names, rightly command our attention.

However, they aren’t necessarily causing the most damage for the largest number of people. Often times, the age-old, tried and true vulnerabilities are the culprits, such as the failure to patch old Windows exploits or a suspect WordPress plug-in or yet another phishing scam. In today’s world, non-patched systems constitute a compromised enterprise.

Taken as a whole, these three trends reveal that, despite continued technological innovation, malicious hackers will always find gaps to exploit. Organisations cannot afford to lull themselves into a state of false comfort by strictly investing in firewalls, patches and other traditional defense tools. They must arm themselves with the most relevant and timely intelligence, and then allocate solution and “people” resources accordingly.

HelpNetSecurity:

You Might Also Read: 

What Every CISO Needs To Know:

The New Face of Cybersecurity:

Directors Report: Cyber Security Checklist For Management (£):

 

« UK Robotics, AI & 3D Printing
What Healthcare CISOs Should Know »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

National Security Agency (NSA)

National Security Agency (NSA)

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

Charterhouse Müller UK

Charterhouse Müller UK

Charterhouse Müller UK are a leading service provider for end of life IT services including data erasure and secure IT asset disposal.

Option3

Option3

Option3 (formerly Option3Ventures - O3V) primarily seek control investments in the growing cybersecurity mid-market, seeking to build champions with the scale to bring cutting-edge products to market.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Cigent Technology

Cigent Technology

Cigent keeps the most valuable asset in your organization safe—your data. Our advanced endpoint and managed network security solutions prevent ransomware and data theft.

The Citadel Department of Defense Cyber Institute (CDCI)

The Citadel Department of Defense Cyber Institute (CDCI)

CDCI is established to address the critical national security needed for a skilled cybersecurity workforce.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.

Versent

Versent

Versent is an Australian-born technology company, focused on architecting, building & operating cloud native applications, data streams, platforms, and services.

Worksent Technologies

Worksent Technologies

Worksent is a Trusted white-label offshore support partner for MSPs and MSSPs.

C/side (cside)

C/side (cside)

At c/side, we're creating the ultimate delivery, performance and detection mechanism for browser-side fetched 3rd party Javascript.